Debian Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2024-11-10	CVE-2024-46951	Access of Uninitialized Pointer vulnerability in multiple products An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. local low complexity artifex debian suse CWE-824	7.8
2024-10-15	CVE-2024-41311	Out-of-bounds Write vulnerability in multiple products In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write. network low complexity struktur debian CWE-787	8.1
2024-10-09	CVE-2024-9680	Use After Free vulnerability in multiple products An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. network low complexity mozilla debian CWE-416 critical	9.8
2024-10-03	CVE-2024-8508	Improper Validation of Specified Quantity in Input vulnerability in multiple products NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. network low complexity nlnetlabs debian CWE-1284	5.3
2024-07-01	CVE-2024-6387	Race Condition vulnerability in multiple products A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). network high complexity openbsd redhat suse debian canonical amazon netapp freebsd netbsd CWE-362	8.1
2024-06-28	CVE-2024-37371	In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. network low complexity mit debian critical	9.1
2024-06-11	CVE-2024-5690	Information Exposure Through Discrepancy vulnerability in multiple products By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. network low complexity mozilla debian CWE-203	4.3
2024-06-07	CVE-2024-37383	Cross-site Scripting vulnerability in multiple products Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. network low complexity roundcube debian CWE-79	6.1
2024-06-05	CVE-2024-5629	Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory. network low complexity mongodb debian CWE-125	8.1
2024-06-03	CVE-2024-36960	In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drm_event to the size of the structure that's actually used. The length of the drm_event was set to the parent structure instead of to the drm_vmw_event_fence which is supposed to be read. local low complexity linux debian	7.1