Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-11 CVE-2023-3823 XXE vulnerability in multiple products
In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded.
network
low complexity
php fedoraproject debian CWE-611
7.5
2023-08-11 CVE-2022-38076 Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel fedoraproject debian
7.8
2023-08-07 CVE-2023-4147 Use After Free vulnerability in multiple products
A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID.
local
low complexity
linux fedoraproject redhat debian CWE-416
7.8
2023-08-03 CVE-2023-4073 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-119
8.8
2023-08-01 CVE-2023-4055 When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state.
network
low complexity
mozilla debian
7.5
2023-08-01 CVE-2023-4047 A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions.
network
low complexity
mozilla debian
8.8
2023-08-01 CVE-2023-4048 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations.
network
low complexity
mozilla debian CWE-125
7.5
2023-08-01 CVE-2023-4050 Out-of-bounds Write vulnerability in multiple products
In some cases, an untrusted input stream was copied to a stack buffer without checking its size.
network
low complexity
mozilla debian CWE-787
7.5
2023-07-31 CVE-2023-4004 Use After Free vulnerability in multiple products
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END.
7.8
2023-07-29 CVE-2022-4907 Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google fedoraproject debian
8.8