Vulnerabilities > Debian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-22 | CVE-2023-34319 | Out-of-bounds Write vulnerability in multiple products The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. | 7.8 |
| 2023-09-22 | CVE-2023-43770 | Cross-site Scripting vulnerability in multiple products Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. | 6.1 |
| 2023-09-21 | CVE-2023-4504 | Out-of-bounds Write vulnerability in multiple products Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. | 7.0 |
| 2023-09-21 | CVE-2023-41993 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products The issue was addressed with improved checks. | 9.8 |
| 2023-09-20 | CVE-2023-42464 | Type Confusion vulnerability in multiple products A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. | 9.8 |
| 2023-09-20 | CVE-2019-19450 | XML Injection (aka Blind XPath Injection) vulnerability in multiple products paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626. | 9.8 |
| 2023-09-20 | CVE-2023-3341 | Out-of-bounds Write vulnerability in multiple products The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. | 7.5 |
| 2023-09-20 | CVE-2023-4236 | Reachable Assertion vulnerability in multiple products A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. | 7.5 |
| 2023-09-15 | CVE-2023-41900 | Improper Authentication vulnerability in multiple products Jetty is a Java based web server and servlet engine. | 4.3 |
| 2023-09-15 | CVE-2023-40167 | Improper Handling of Length Parameter Inconsistency vulnerability in multiple products Jetty is a Java based web server and servlet engine. | 5.3 |