Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-23 CVE-2023-4429 Use After Free vulnerability in multiple products
Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
2023-08-23 CVE-2023-4430 Use After Free vulnerability in multiple products
Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
2023-08-23 CVE-2023-4431 Out-of-bounds Read vulnerability in multiple products
Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-125
8.1
2023-08-22 CVE-2020-23804 Uncontrolled Recursion vulnerability in multiple products
Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.
network
low complexity
freedesktop debian CWE-674
7.5
2023-08-22 CVE-2022-44729 Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure.
local
low complexity
apache debian
7.1
2023-08-22 CVE-2022-48560 Use After Free vulnerability in multiple products
A use-after-free exists in Python through 3.9 via heappushpop in heapq.
network
low complexity
python debian CWE-416
7.5
2023-08-20 CVE-2023-37369 In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
network
low complexity
qt debian
7.5
2023-08-15 CVE-2023-4349 Use After Free vulnerability in multiple products
Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8
2023-08-15 CVE-2023-4351 Use After Free vulnerability in multiple products
Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8
2023-08-15 CVE-2023-4352 Type Confusion vulnerability in multiple products
Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-843
8.8