Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2023-10-11 CVE-2023-5486 Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page.
network
low complexity
google debian
4.3
2023-10-11 CVE-2023-44981 Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper.
network
low complexity
apache debian
critical
9.1
2023-10-10 CVE-2023-45648 Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers.
network
low complexity
apache debian
5.3
2023-10-10 CVE-2023-42795 Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
network
low complexity
apache debian
5.3
2023-10-10 CVE-2023-36478 Eclipse Jetty provides a web server and servlet container.
network
low complexity
eclipse jenkins debian
7.5
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2023-10-09 CVE-2023-43641 libcue provides an API for parsing and extracting data from CUE sheets.
network
low complexity
lipnitsk fedoraproject debian
8.8
2023-10-09 CVE-2023-45363 Infinite Loop vulnerability in multiple products
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1.
network
low complexity
mediawiki debian CWE-835
7.5
2023-10-09 CVE-2023-45364 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1.
network
low complexity
mediawiki debian CWE-732
5.3
2023-10-06 CVE-2023-39928 Use After Free vulnerability in multiple products
A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5.
network
low complexity
webkitgtk debian fedoraproject CWE-416
8.8