Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-03-10 CVE-2025-24813 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.
network
low complexity
apache debian CWE-706
critical
9.8
2024-12-12 CVE-2024-47606 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
GStreamer is a library for constructing graphs of media-handling components.
network
low complexity
gstreamer-project debian CWE-191
critical
9.8
2024-10-09 CVE-2024-9680 Use After Free vulnerability in multiple products
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines.
network
low complexity
mozilla debian CWE-416
critical
9.8
2024-06-28 CVE-2024-37371 In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
network
low complexity
mit debian
critical
9.1
2024-02-11 CVE-2024-25714 Information Exposure Through Discrepancy vulnerability in multiple products
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures.
network
low complexity
rhonabwy-project debian CWE-203
critical
9.8
2024-01-24 CVE-2024-0808 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file.
network
low complexity
debian google fedoraproject CWE-191
critical
9.8
2024-01-18 CVE-2023-6816 Out-of-bounds Write vulnerability in multiple products
A flaw was found in X.Org server.
network
low complexity
x-org fedoraproject redhat debian CWE-787
critical
9.8
2023-12-24 CVE-2023-51714 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2.
network
low complexity
debian qt CWE-190
critical
9.8
2023-11-29 CVE-2023-6345 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file.
network
low complexity
google debian fedoraproject microsoft CWE-190
critical
9.6
2023-11-11 CVE-2023-46850 Use After Free vulnerability in multiple products
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
network
low complexity
openvpn debian fedoraproject CWE-416
critical
9.8