Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2023-07-29 CVE-2022-4907 Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google fedoraproject debian
8.8
2023-07-24 CVE-2023-3417 Thunderbird allowed the Text Direction Override Unicode Character in filenames.
network
low complexity
mozilla debian
7.5
2023-07-21 CVE-2023-3609 Use After Free vulnerability in multiple products
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter().
local
low complexity
linux debian CWE-416
7.8
2023-07-21 CVE-2023-3610 Use After Free vulnerability in multiple products
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE.
local
low complexity
linux debian CWE-416
7.8
2023-07-21 CVE-2023-3611 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.
local
low complexity
linux debian CWE-787
7.8
2023-07-21 CVE-2023-3776 Use After Free vulnerability in multiple products
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter().
local
low complexity
linux debian CWE-416
7.8
2023-07-20 CVE-2023-34966 Infinite Loop vulnerability in multiple products
An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight.
network
low complexity
samba fedoraproject redhat debian CWE-835
7.5
2023-07-17 CVE-2023-38403 Integer Overflow or Wraparound vulnerability in multiple products
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.
network
low complexity
es debian fedoraproject netapp apple CWE-190
7.5
2023-07-13 CVE-2023-21255 Use After Free vulnerability in multiple products
In multiple functions of binder.c, there is a possible memory corruption due to a use after free.
local
low complexity
google debian CWE-416
7.8
2023-07-05 CVE-2023-31248 Use After Free vulnerability in multiple products
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
local
low complexity
linux fedoraproject debian canonical CWE-416
7.8