Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2023-12-19 CVE-2023-6863 The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor.
network
low complexity
mozilla debian
8.8
2023-12-19 CVE-2023-6864 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5.
network
low complexity
mozilla debian CWE-787
8.8
2023-12-19 CVE-2023-6865 `EncryptingOutputStream` was susceptible to exposing uninitialized data.
network
low complexity
mozilla debian
6.5
2023-12-19 CVE-2023-6867 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts.
network
low complexity
mozilla debian CWE-1021
6.1
2023-12-19 CVE-2023-6873 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 120.
network
low complexity
mozilla debian CWE-787
8.8
2023-12-19 CVE-2023-6931 Out-of-bounds Write vulnerability in multiple products
A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.
local
high complexity
linux debian CWE-787
7.0
2023-12-18 CVE-2023-51384 In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied.
local
low complexity
openbsd debian
5.5
2023-12-18 CVE-2023-51385 OS Command Injection vulnerability in multiple products
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations.
network
low complexity
openbsd debian CWE-78
6.5
2023-12-18 CVE-2023-48795 Improper Validation of Integrity Check Value vulnerability in multiple products
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack.
5.9
2023-12-18 CVE-2023-5115 Path Traversal vulnerability in multiple products
An absolute path traversal attack exists in the Ansible automation platform.
network
low complexity
redhat debian CWE-22
6.3