Vulnerabilities > Debian > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-28 | CVE-2024-37371 | In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. | 9.1 |
2024-01-18 | CVE-2023-6816 | Out-of-bounds Write vulnerability in multiple products A flaw was found in X.Org server. | 9.8 |
2023-11-29 | CVE-2023-6345 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. | 9.6 |
2023-11-11 | CVE-2023-46850 | Use After Free vulnerability in multiple products Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer. | 9.8 |
2023-10-27 | CVE-2023-46604 | Deserialization of Untrusted Data vulnerability in multiple products The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. | 9.8 |
2023-10-25 | CVE-2023-5730 | Out-of-bounds Write vulnerability in multiple products Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. | 9.8 |
2023-10-11 | CVE-2023-44981 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. | 9.1 |
2023-09-27 | CVE-2023-5176 | Out-of-bounds Write vulnerability in multiple products Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. | 9.8 |
2023-09-20 | CVE-2023-42464 | Type Confusion vulnerability in multiple products A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. | 9.8 |
2023-09-20 | CVE-2019-19450 | XML Injection (aka Blind XPath Injection) vulnerability in multiple products paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626. | 9.8 |