Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2023-09-27 CVE-2023-5171 Use After Free vulnerability in multiple products
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash.
network
low complexity
mozilla debian fedoraproject CWE-416
6.5
2023-09-27 CVE-2023-5176 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2.
network
low complexity
mozilla debian CWE-787
critical
9.8
2023-09-25 CVE-2023-42753 Out-of-bounds Write vulnerability in multiple products
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel.
local
low complexity
linux redhat debian CWE-787
7.8
2023-09-22 CVE-2023-34319 Out-of-bounds Write vulnerability in multiple products
The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece.
local
low complexity
xen debian linux CWE-787
7.8
2023-09-22 CVE-2023-43770 Cross-site Scripting vulnerability in multiple products
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.
network
low complexity
roundcube debian CWE-79
6.1
2023-09-21 CVE-2023-4504 Out-of-bounds Write vulnerability in multiple products
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution.
local
high complexity
openprinting fedoraproject debian CWE-787
7.0
2023-09-21 CVE-2023-41993 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
The issue was addressed with improved checks.
8.8
2023-09-20 CVE-2023-42464 Type Confusion vulnerability in multiple products
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17.
network
low complexity
netatalk debian CWE-843
critical
9.8
2023-09-20 CVE-2019-19450 XML Injection (aka Blind XPath Injection) vulnerability in multiple products
paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.
network
low complexity
reportlab debian CWE-91
critical
9.8
2023-09-15 CVE-2023-41900 Improper Authentication vulnerability in multiple products
Jetty is a Java based web server and servlet engine.
network
low complexity
eclipse debian CWE-287
4.3