Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2024-10-03 CVE-2024-8508 Improper Validation of Specified Quantity in Input vulnerability in multiple products
NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for.
network
low complexity
nlnetlabs debian CWE-1284
5.3
2024-07-01 CVE-2024-6387 Race Condition vulnerability in multiple products
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd).
8.1
2024-06-28 CVE-2024-37371 In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
network
low complexity
mit debian
critical
9.1
2024-06-11 CVE-2024-5690 Information Exposure Through Discrepancy vulnerability in multiple products
By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system.
network
low complexity
mozilla debian CWE-203
4.3
2024-06-07 CVE-2024-37383 Cross-site Scripting vulnerability in multiple products
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
network
low complexity
roundcube debian CWE-79
6.1
2024-06-05 CVE-2024-5629 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.
network
low complexity
mongodb debian CWE-125
8.1
2024-06-03 CVE-2024-36960 In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drm_event to the size of the structure that's actually used. The length of the drm_event was set to the parent structure instead of to the drm_vmw_event_fence which is supposed to be read.
local
low complexity
linux debian
7.1
2024-05-30 CVE-2024-36940 Double Free vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freeing it in pinctrl_enable() will lead to a double free. The devm_pinctrl_dev_release() function frees the pindescs and destroys the mutex as well.
local
low complexity
linux debian CWE-415
7.8
2024-05-30 CVE-2024-36941 NULL Pointer Dereference vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: don't free NULL coalescing rule If the parsing fails, we can dereference a NULL pointer here.
local
low complexity
linux debian CWE-476
5.5
2024-05-30 CVE-2024-36954 Memory Leak vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in tipc_buf_append __skb_linearize() doesn't free the skb when it fails, so move '*buf = NULL' after __skb_linearize(), so that the skb can be freed on the err path.
local
low complexity
linux debian CWE-401
5.5