Debian Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-10	CVE-2023-42795	Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. network low complexity apache debian	5.3
2023-10-10	CVE-2023-36478	Eclipse Jetty provides a web server and servlet container. network low complexity eclipse jenkins debian	7.5
2023-10-10	CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco	7.5
2023-10-09	CVE-2023-43641	libcue provides an API for parsing and extracting data from CUE sheets. network low complexity lipnitsk fedoraproject debian	8.8
2023-10-09	CVE-2023-45363	Infinite Loop vulnerability in multiple products An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. network low complexity mediawiki debian CWE-835	7.5
2023-10-09	CVE-2023-45364	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. network low complexity mediawiki debian CWE-732	5.3
2023-10-06	CVE-2023-39928	Use After Free vulnerability in multiple products A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. network low complexity webkitgtk debian fedoraproject CWE-416	8.8
2023-10-05	CVE-2023-42755	Out-of-bounds Read vulnerability in multiple products A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. local low complexity linux redhat debian CWE-125	5.5
2023-10-04	CVE-2023-43804	urllib3 is a user-friendly HTTP client library for Python. network low complexity python debian fedoraproject	8.1
2023-10-03	CVE-2023-4911	Out-of-bounds Write vulnerability in multiple products A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. local low complexity gnu fedoraproject redhat debian canonical netapp CWE-787	7.8