Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-28 CVE-2024-37371 In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
network
low complexity
mit debian
critical
9.1
2024-02-11 CVE-2024-25714 Information Exposure Through Discrepancy vulnerability in multiple products
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures.
network
low complexity
rhonabwy-project debian CWE-203
critical
9.8
2024-01-18 CVE-2023-6816 Out-of-bounds Write vulnerability in multiple products
A flaw was found in X.Org server.
network
low complexity
x-org fedoraproject redhat debian CWE-787
critical
9.8
2023-11-29 CVE-2023-6345 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file.
network
low complexity
google debian fedoraproject microsoft CWE-190
critical
9.6
2023-11-11 CVE-2023-46850 Use After Free vulnerability in multiple products
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
network
low complexity
openvpn debian fedoraproject CWE-416
critical
9.8
2023-10-27 CVE-2023-46604 Deserialization of Untrusted Data vulnerability in multiple products
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution.
network
low complexity
apache debian netapp CWE-502
critical
9.8
2023-10-25 CVE-2023-5730 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3.
network
low complexity
mozilla debian CWE-787
critical
9.8
2023-10-11 CVE-2023-44981 Authorization Bypass Through User-Controlled Key vulnerability in multiple products
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper.
network
low complexity
apache debian CWE-639
critical
9.1
2023-09-27 CVE-2023-5176 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2.
network
low complexity
mozilla debian CWE-787
critical
9.8
2023-09-20 CVE-2023-42464 Type Confusion vulnerability in multiple products
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17.
network
low complexity
netatalk debian CWE-843
critical
9.8