Debian Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-22	CVE-2023-34319	Out-of-bounds Write vulnerability in multiple products The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. local low complexity xen debian linux CWE-787	7.8
2023-09-22	CVE-2023-43770	Cross-site Scripting vulnerability in multiple products Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. network low complexity roundcube debian CWE-79	6.1
2023-09-21	CVE-2023-4504	Out-of-bounds Write vulnerability in multiple products Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. local high complexity openprinting fedoraproject debian CWE-787	7.0
2023-09-21	CVE-2023-41993	Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products The issue was addressed with improved checks. network low complexity apple fedoraproject debian oracle netapp webkitgtk CWE-754	8.8
2023-09-20	CVE-2023-42464	Type Confusion vulnerability in multiple products A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. network low complexity netatalk debian CWE-843 critical	9.8
2023-09-20	CVE-2019-19450	XML Injection (aka Blind XPath Injection) vulnerability in multiple products paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626. network low complexity reportlab debian CWE-91 critical	9.8
2023-09-15	CVE-2023-41900	Improper Authentication vulnerability in multiple products Jetty is a Java based web server and servlet engine. network low complexity eclipse debian CWE-287	4.3
2023-09-15	CVE-2023-40167	Jetty is a Java based web server and servlet engine. network low complexity eclipse debian	5.3
2023-09-15	CVE-2023-36479	Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. network low complexity eclipse debian	4.3
2023-09-12	CVE-2023-4900	Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. network low complexity google fedoraproject debian	4.3