Vulnerabilities > Debian > Debian Linux

DATE CVE VULNERABILITY TITLE RISK
2023-07-13 CVE-2023-21255 Use After Free vulnerability in multiple products
In multiple functions of binder.c, there is a possible memory corruption due to a use after free.
local
low complexity
google debian CWE-416
7.8
7.8
2023-07-13 CVE-2023-21400 Improper Locking vulnerability in multiple products
In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking.
local
low complexity
google debian CWE-667
6.7
6.7
2023-07-12 CVE-2023-3618 Classic Buffer Overflow vulnerability in multiple products
A flaw was found in libtiff.
network
low complexity
libtiff debian redhat CWE-120
6.5
6.5
2023-07-06 CVE-2023-36823 Sanitize is an allowlist-based HTML and CSS sanitizer.
network
low complexity
sanitize-project debian
6.1
6.1
2023-07-05 CVE-2023-35936 Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library.
local
high complexity
pandoc debian
5.0
5.0
2023-07-05 CVE-2023-31248 Use After Free vulnerability in multiple products
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
local
low complexity
linux fedoraproject debian canonical CWE-416
7.8
7.8
2023-07-05 CVE-2023-35001 Out-of-bounds Write vulnerability in multiple products
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
local
low complexity
linux debian fedoraproject netapp CWE-787
7.8
7.8
2023-07-05 CVE-2023-37211 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12.
network
low complexity
mozilla debian CWE-787
8.8
8.8
2023-07-05 CVE-2023-37201 Use After Free vulnerability in multiple products
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.
network
low complexity
mozilla debian CWE-416
8.8
8.8
2023-07-05 CVE-2023-37202 Use After Free vulnerability in multiple products
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.
network
low complexity
mozilla debian CWE-416
8.8
8.8