Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2023-04-25 CVE-2023-0045 Externally Controlled Reference to a Resource in Another Sphere vulnerability in multiple products
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall.
network
low complexity
linux debian netapp CWE-610
7.5
7.5
2023-04-25 CVE-2023-2269 Improper Locking vulnerability in multiple products
A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.
local
low complexity
linux fedoraproject debian netapp CWE-667
4.4
4.4
2023-04-24 CVE-2023-2007 Improper Locking vulnerability in multiple products
The specific flaw exists within the DPT I2O Controller driver.
local
low complexity
linux debian netapp CWE-667
7.8
7.8
2023-04-24 CVE-2023-28484 NULL Pointer Dereference vulnerability in multiple products
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault.
network
low complexity
xmlsoft debian CWE-476
6.5
6.5
2023-04-24 CVE-2023-29469 Double Free vulnerability in multiple products
An issue was discovered in libxml2 before 2.10.4.
network
low complexity
xmlsoft debian CWE-415
6.5
6.5
2023-04-24 CVE-2023-31084 An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2.
local
low complexity
linux fedoraproject debian netapp
5.5
5.5
2023-04-21 CVE-2023-1998 Information Exposure Through Discrepancy vulnerability in multiple products
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp.
local
high complexity
linux debian CWE-203
5.6
5.6
2023-04-19 CVE-2023-2133 Out-of-bounds Write vulnerability in multiple products
Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-787
8.8
8.8
2023-04-19 CVE-2023-2134 Out-of-bounds Write vulnerability in multiple products
Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-787
8.8
8.8
2023-04-19 CVE-2023-2135 Use After Free vulnerability in multiple products
Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page.
network
high complexity
google debian fedoraproject CWE-416
7.5
7.5