Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2023-04-04 CVE-2023-1811 Use After Free vulnerability in multiple products
Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
2023-04-04 CVE-2023-1812 Out-of-bounds Write vulnerability in multiple products
Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-787
8.8
2023-04-04 CVE-2023-1815 Use After Free vulnerability in multiple products
Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
2023-04-04 CVE-2023-1818 Use After Free vulnerability in multiple products
Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
2023-04-04 CVE-2023-1820 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-787
8.8
2023-04-03 CVE-2022-36440 Reachable Assertion vulnerability in multiple products
A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function.
network
low complexity
frrouting fedoraproject debian CWE-617
7.5
2023-03-27 CVE-2023-1077 Type Confusion vulnerability in multiple products
In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.
local
high complexity
linux debian netapp CWE-843
7.0
2023-03-27 CVE-2023-1380 Out-of-bounds Read vulnerability in multiple products
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel.
local
low complexity
redhat linux netapp debian canonical CWE-125
7.1
2023-03-24 CVE-2023-28686 Authorization Bypass Through User-Controlled Key vulnerability in multiple products
Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message.
network
low complexity
dino fedoraproject debian CWE-639
7.1
2023-03-21 CVE-2022-42332 Use After Free vulnerability in multiple products
x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode.
local
low complexity
xen debian fedoraproject CWE-416
7.8