Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-23583 Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.
local
low complexity
intel debian netapp
7.8
2023-11-11 CVE-2023-46849 Divide By Zero vulnerability in multiple products
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
network
low complexity
openvpn debian fedoraproject CWE-369
7.5
2023-11-11 CVE-2023-46850 Use After Free vulnerability in multiple products
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
network
low complexity
openvpn debian fedoraproject CWE-416
critical
9.8
2023-11-08 CVE-2023-5996 Use After Free vulnerability in multiple products
Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8
2023-11-06 CVE-2023-47272 Cross-site Scripting vulnerability in multiple products
Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).
network
low complexity
roundcube fedoraproject debian CWE-79
6.1
2023-11-01 CVE-2023-5480 Cross-site Scripting vulnerability in multiple products
Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file.
network
low complexity
google debian fedoraproject CWE-79
6.1
2023-11-01 CVE-2023-5482 Insufficient Verification of Data Authenticity vulnerability in multiple products
Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-345
8.8
2023-11-01 CVE-2023-5849 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-190
8.8
2023-11-01 CVE-2023-5850 Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name.
network
low complexity
google debian fedoraproject
4.3
2023-11-01 CVE-2023-5851 Origin Validation Error vulnerability in multiple products
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-346
4.3