Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-45648 Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers.
network
low complexity
apache debian
5.3
2023-10-10 CVE-2023-42795 Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
network
low complexity
apache debian
5.3
2023-10-09 CVE-2023-45364 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1.
network
low complexity
mediawiki debian CWE-732
5.3
2023-10-05 CVE-2023-42755 Out-of-bounds Read vulnerability in multiple products
A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel.
local
low complexity
linux redhat debian CWE-125
5.5
2023-09-28 CVE-2023-42756 Race Condition vulnerability in multiple products
A flaw was found in the Netfilter subsystem of the Linux kernel.
local
high complexity
linux redhat debian fedoraproject CWE-362
4.7
2023-09-27 CVE-2023-5169 Out-of-bounds Write vulnerability in multiple products
A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process.
network
low complexity
mozilla debian fedoraproject CWE-787
6.5
2023-09-27 CVE-2023-5171 Use After Free vulnerability in multiple products
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash.
network
low complexity
mozilla debian fedoraproject CWE-416
6.5
2023-09-22 CVE-2023-43770 Cross-site Scripting vulnerability in multiple products
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.
network
low complexity
roundcube debian CWE-79
6.1
2023-09-15 CVE-2023-41900 Improper Authentication vulnerability in multiple products
Jetty is a Java based web server and servlet engine.
network
low complexity
eclipse debian CWE-287
4.3
2023-09-15 CVE-2023-40167 Jetty is a Java based web server and servlet engine.
network
low complexity
eclipse debian
5.3