Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-20 CVE-2023-3341 Out-of-bounds Write vulnerability in multiple products
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing.
network
low complexity
isc fedoraproject debian CWE-787
7.5
2023-09-20 CVE-2023-4236 Reachable Assertion vulnerability in multiple products
A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure.
network
low complexity
isc fedoraproject debian netapp CWE-617
7.5
2023-09-12 CVE-2023-4921 Use After Free vulnerability in multiple products
A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.
local
low complexity
linux debian CWE-416
7.8
2023-09-12 CVE-2023-4863 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
8.8
2023-09-09 CVE-2023-41915 Race Condition vulnerability in multiple products
OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.
network
high complexity
openpmix fedoraproject debian CWE-362
8.1
2023-09-06 CVE-2023-3777 Use After Free vulnerability in multiple products
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.
local
low complexity
linux debian canonical CWE-416
7.8
2023-09-06 CVE-2023-4015 Use After Free vulnerability in multiple products
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nft_immediate_deactivate() can lead unbinding the chain and objects be deactivated but later used. We recommend upgrading past commit 0a771f7b266b02d262900c75f1e175c7fe76fec2.
local
low complexity
linux debian CWE-416
7.8
2023-09-06 CVE-2023-4206 Use After Free vulnerability in multiple products
A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter.
local
low complexity
linux debian CWE-416
7.8
2023-09-06 CVE-2023-4207 Use After Free vulnerability in multiple products
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter.
local
low complexity
linux debian CWE-416
7.8
2023-09-06 CVE-2023-4208 Use After Free vulnerability in multiple products
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter.
local
low complexity
linux debian CWE-416
7.8