Vulnerabilities > Debian > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-12 | CVE-2023-4863 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | 8.8 |
| 2023-09-06 | CVE-2023-3777 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8. | 7.8 |
| 2023-09-06 | CVE-2023-4015 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nft_immediate_deactivate() can lead unbinding the chain and objects be deactivated but later used. We recommend upgrading past commit 0a771f7b266b02d262900c75f1e175c7fe76fec2. | 7.8 |
| 2023-09-06 | CVE-2023-4206 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. | 7.8 |
| 2023-09-06 | CVE-2023-4207 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. | 7.8 |
| 2023-09-06 | CVE-2023-4208 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. | 7.8 |
| 2023-09-06 | CVE-2023-4622 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. | 7.0 |
| 2023-09-05 | CVE-2023-4761 | Out-of-bounds Read vulnerability in multiple products Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. | 8.1 |
| 2023-09-05 | CVE-2023-4762 | Type Confusion vulnerability in multiple products Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | 8.8 |
| 2023-09-05 | CVE-2023-4763 | Use After Free vulnerability in multiple products Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |