Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2023-07-21 CVE-2023-3611 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.
local
low complexity
linux debian CWE-787
7.8
7.8
2023-07-21 CVE-2023-3776 Use After Free vulnerability in multiple products
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter().
local
low complexity
linux debian CWE-416
7.8
7.8
2023-07-20 CVE-2022-2127 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c.
network
high complexity
samba redhat fedoraproject debian CWE-125
5.9
5.9
2023-07-20 CVE-2023-34966 Infinite Loop vulnerability in multiple products
An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight.
network
low complexity
samba fedoraproject redhat debian CWE-835
7.5
7.5
2023-07-20 CVE-2023-34967 Type Confusion vulnerability in multiple products
A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight.
network
low complexity
samba fedoraproject redhat debian CWE-843
5.3
5.3
2023-07-20 CVE-2023-34968 Information Exposure Through Sent Data vulnerability in multiple products
A path disclosure vulnerability was found in Samba.
network
low complexity
samba fedoraproject redhat debian CWE-201
5.3
5.3
2023-07-17 CVE-2023-38403 Integer Overflow or Wraparound vulnerability in multiple products
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.
network
low complexity
es debian fedoraproject netapp apple CWE-190
7.5
7.5
2023-07-13 CVE-2023-21255 Use After Free vulnerability in multiple products
In multiple functions of binder.c, there is a possible memory corruption due to a use after free.
local
low complexity
google debian CWE-416
7.8
7.8
2023-07-13 CVE-2023-21400 Improper Locking vulnerability in multiple products
In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking.
local
low complexity
google debian CWE-667
6.7
6.7
2023-07-12 CVE-2023-3618 Classic Buffer Overflow vulnerability in multiple products
A flaw was found in libtiff.
network
low complexity
libtiff debian redhat CWE-120
6.5
6.5