Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-24 | CVE-2023-3863 | Use After Free vulnerability in multiple products A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. | 4.1 |
| 2023-07-24 | CVE-2023-3417 | Thunderbird allowed the Text Direction Override Unicode Character in filenames. | 7.5 |
| 2023-07-22 | CVE-2023-38633 | Path Traversal vulnerability in multiple products A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. | 5.5 |
| 2023-07-21 | CVE-2023-3609 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). | 7.8 |
| 2023-07-21 | CVE-2023-3610 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. | 7.8 |
| 2023-07-21 | CVE-2023-3611 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64. | 7.8 |
| 2023-07-21 | CVE-2023-3776 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). | 7.8 |
| 2023-07-20 | CVE-2022-2127 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. | 5.9 |
| 2023-07-20 | CVE-2023-34966 | Infinite Loop vulnerability in multiple products An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. | 7.5 |
| 2023-07-20 | CVE-2023-34967 | Type Confusion vulnerability in multiple products A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. | 5.3 |