Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-23 CVE-2024-0747 When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy.
network
low complexity
mozilla debian
6.5
2024-01-23 CVE-2024-0749 Origin Validation Error vulnerability in multiple products
A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar.
network
low complexity
mozilla debian CWE-346
4.3
2024-01-23 CVE-2024-0753 In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain.
network
low complexity
mozilla debian
6.5
2023-12-24 CVE-2023-51766 Insufficient Verification of Data Authenticity vulnerability in multiple products
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations.
network
low complexity
exim fedoraproject debian CWE-345
5.3
2023-12-19 CVE-2023-50761 The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time.
network
low complexity
mozilla debian
4.3
2023-12-19 CVE-2023-50762 When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user.
network
low complexity
mozilla debian
4.3
2023-12-19 CVE-2023-6857 Race Condition vulnerability in multiple products
When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary.
network
high complexity
mozilla debian CWE-362
5.3
2023-12-19 CVE-2023-6860 The `VideoBridge` allowed any content process to use textures produced by remote decoders.
network
low complexity
mozilla debian
6.5
2023-12-19 CVE-2023-6865 `EncryptingOutputStream` was susceptible to exposing uninitialized data.
network
low complexity
mozilla debian
6.5
2023-12-19 CVE-2023-6867 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts.
network
low complexity
mozilla debian CWE-1021
6.1