Vulnerabilities > Debian > Debian Linux > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-19 | CVE-2023-50762 | When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. | 4.3 |
2023-12-19 | CVE-2023-6857 | Race Condition vulnerability in multiple products When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. | 5.3 |
2023-12-19 | CVE-2023-6860 | The `VideoBridge` allowed any content process to use textures produced by remote decoders. | 6.5 |
2023-12-19 | CVE-2023-6865 | `EncryptingOutputStream` was susceptible to exposing uninitialized data. | 6.5 |
2023-12-19 | CVE-2023-6867 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. | 6.1 |
2023-12-18 | CVE-2023-51385 | OS Command Injection vulnerability in multiple products In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. | 6.5 |
2023-12-18 | CVE-2023-5115 | Path Traversal vulnerability in multiple products An absolute path traversal attack exists in the Ansible automation platform. | 6.3 |
2023-12-12 | CVE-2023-42883 | The issue was addressed with improved memory handling. | 5.5 |
2023-12-08 | CVE-2023-45866 | Improper Authentication vulnerability in multiple products Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. | 6.3 |
2023-12-06 | CVE-2023-6511 | Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. | 4.3 |