Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2023-11-21 CVE-2023-6204 Out-of-bounds Read vulnerability in multiple products
On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element.
network
low complexity
mozilla debian CWE-125
6.5
2023-11-21 CVE-2023-6205 Use After Free vulnerability in multiple products
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash.
network
low complexity
mozilla debian CWE-416
6.5
2023-11-21 CVE-2023-6206 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts.
network
low complexity
mozilla debian CWE-1021
5.4
2023-11-21 CVE-2023-6207 Use After Free vulnerability in multiple products
Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
network
low complexity
mozilla debian CWE-416
8.8
2023-11-21 CVE-2023-6208 When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11.
network
low complexity
mozilla debian
8.8
2023-11-21 CVE-2023-6209 Path Traversal vulnerability in multiple products
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host.
network
low complexity
mozilla debian CWE-22
6.5
2023-11-21 CVE-2023-6212 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.
network
low complexity
mozilla debian CWE-787
8.8
2023-11-16 CVE-2023-6174 Injection vulnerability in multiple products
SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark debian CWE-74
6.5
2023-11-15 CVE-2023-5997 Use After Free vulnerability in multiple products
Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
2023-11-15 CVE-2023-6112 Use After Free vulnerability in multiple products
Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8