Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2024-06-28 CVE-2024-37371 In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
network
low complexity
mit debian
critical
9.1
2024-06-11 CVE-2024-5690 Information Exposure Through Discrepancy vulnerability in multiple products
By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system.
network
low complexity
mozilla debian CWE-203
4.3
2024-06-07 CVE-2024-37383 Cross-site Scripting vulnerability in multiple products
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
network
low complexity
roundcube debian CWE-79
6.1
2024-06-05 CVE-2024-5629 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.
network
low complexity
mongodb debian CWE-125
8.1
2024-05-30 CVE-2024-36940 Double Free vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freeing it in pinctrl_enable() will lead to a double free. The devm_pinctrl_dev_release() function frees the pindescs and destroys the mutex as well.
local
low complexity
linux debian CWE-415
7.8
2024-05-30 CVE-2024-36941 NULL Pointer Dereference vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: don't free NULL coalescing rule If the parsing fails, we can dereference a NULL pointer here.
local
low complexity
linux debian CWE-476
5.5
2024-05-30 CVE-2024-36954 Memory Leak vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in tipc_buf_append __skb_linearize() doesn't free the skb when it fails, so move '*buf = NULL' after __skb_linearize(), so that the skb can be freed on the err path.
local
low complexity
linux debian CWE-401
5.5
2024-05-22 CVE-2024-4453 Integer Overflow or Wraparound vulnerability in multiple products
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability.
local
low complexity
gstreamer-project debian CWE-190
7.8
2024-05-19 CVE-2024-35922 Divide By Zero vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: fbmon: prevent division by zero in fb_videomode_from_videomode() The expression htotal * vtotal can have a zero value on overflow.
local
low complexity
linux debian CWE-369
5.5
2024-05-19 CVE-2024-35925 Divide By Zero vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: block: prevent division by zero in blk_rq_stat_sum() The expression dst->nr_samples + src->nr_samples may have zero value on overflow.
local
low complexity
linux debian CWE-369
5.5