Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-06 CVE-2023-4244 Use After Free vulnerability in multiple products
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability. We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8.
local
high complexity
linux debian CWE-416
7.0
2023-09-06 CVE-2023-4622 Use After Free vulnerability in multiple products
A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue.
local
high complexity
linux debian CWE-416
7.0
2023-09-06 CVE-2023-4623 Use After Free vulnerability in multiple products
A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e.
local
low complexity
linux debian CWE-416
7.8
2023-09-05 CVE-2023-4761 Out-of-bounds Read vulnerability in multiple products
Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-125
8.1
2023-09-05 CVE-2023-4762 Type Confusion vulnerability in multiple products
Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
network
low complexity
google debian fedoraproject microsoft CWE-843
8.8
2023-09-05 CVE-2023-4763 Use After Free vulnerability in multiple products
Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-416
8.8
2023-09-05 CVE-2023-4781 Heap-based Buffer Overflow vulnerability in multiple products
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.
local
low complexity
vim debian apple CWE-122
7.8
2023-09-05 CVE-2023-41909 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in FRRouting FRR through 9.0.
network
low complexity
frrouting debian fedoraproject CWE-476
7.5
2023-09-04 CVE-2023-4752 Use After Free vulnerability in multiple products
Use After Free in GitHub repository vim/vim prior to 9.0.1858.
local
low complexity
vim fedoraproject debian apple CWE-416
7.8
2023-08-31 CVE-2023-39350 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
network
low complexity
freerdp debian fedoraproject CWE-191
7.5