Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2023-07-05 CVE-2023-35001 Out-of-bounds Write vulnerability in multiple products
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
local
low complexity
linux debian fedoraproject netapp CWE-787
7.8
2023-07-05 CVE-2023-37211 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12.
network
low complexity
mozilla debian CWE-787
8.8
2023-07-05 CVE-2023-37201 Use After Free vulnerability in multiple products
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.
network
low complexity
mozilla debian CWE-416
8.8
2023-07-05 CVE-2023-37202 Use After Free vulnerability in multiple products
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.
network
low complexity
mozilla debian CWE-416
8.8
2023-07-05 CVE-2023-37208 When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.
local
low complexity
mozilla debian
7.8
2023-07-03 CVE-2023-36053 In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
network
low complexity
djangoproject debian fedoraproject
7.5
2023-06-28 CVE-2023-3090 Out-of-bounds Write vulnerability in multiple products
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver.
local
low complexity
linux debian CWE-787
7.8
2023-06-28 CVE-2023-3389 Use After Free vulnerability in multiple products
A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).
local
low complexity
linux canonical debian CWE-416
7.8
2023-06-26 CVE-2023-3420 Type Confusion vulnerability in multiple products
Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-843
8.8
2023-06-26 CVE-2023-3421 Use After Free vulnerability in multiple products
Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-416
8.8