Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-12-12 CVE-2024-47606 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
GStreamer is a library for constructing graphs of media-handling components.
network
low complexity
gstreamer-project debian CWE-191
critical
 9.8
9.8
2024-10-09 CVE-2024-9680 Use After Free vulnerability in multiple products
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines.
network
low complexity
mozilla debian CWE-416
critical
 9.8
9.8
2024-06-28 CVE-2024-37371 In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
network
low complexity
mit debian
critical
 9.1
9.1
2024-02-11 CVE-2024-25714 Information Exposure Through Discrepancy vulnerability in multiple products
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures.
network
low complexity
rhonabwy-project debian CWE-203
critical
 9.8
9.8
2024-01-24 CVE-2024-0808 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file.
network
low complexity
debian google fedoraproject CWE-191
critical
 9.8
9.8
2024-01-18 CVE-2023-6816 Out-of-bounds Write vulnerability in multiple products
A flaw was found in X.Org server.
network
low complexity
x-org fedoraproject redhat debian CWE-787
critical
 9.8
9.8
2023-12-24 CVE-2023-51714 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2.
network
low complexity
debian qt CWE-190
critical
 9.8
9.8
2023-11-29 CVE-2023-6345 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file.
network
low complexity
google debian fedoraproject microsoft CWE-190
critical
 9.6
9.6
2023-11-11 CVE-2023-46850 Use After Free vulnerability in multiple products
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
network
low complexity
openvpn debian fedoraproject CWE-416
critical
 9.8
9.8
2023-10-27 CVE-2023-46604 The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution.
network
low complexity
apache debian netapp
critical
 9.8
9.8