Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-13 CVE-2023-6377 Out-of-bounds Read vulnerability in multiple products
A flaw was found in xorg-server.
local
low complexity
redhat debian x-org tigervnc CWE-125
7.8
7.8
2023-12-13 CVE-2023-6478 Integer Overflow or Wraparound vulnerability in multiple products
A flaw was found in xorg-server.
network
low complexity
x-org redhat debian tigervnc CWE-190
7.5
7.5
2023-12-11 CVE-2023-6185 Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
network
low complexity
libreoffice fedoraproject debian
8.8
8.8
2023-12-11 CVE-2023-6186 Improper Preservation of Permissions vulnerability in multiple products
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.
network
low complexity
libreoffice fedoraproject debian CWE-281
8.8
8.8
2023-12-06 CVE-2023-6508 Use After Free vulnerability in multiple products
Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8
8.8
2023-12-06 CVE-2023-6509 Use After Free vulnerability in multiple products
Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction.
network
low complexity
debian fedoraproject google CWE-416
8.8
8.8
2023-12-06 CVE-2023-6510 Use After Free vulnerability in multiple products
Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction.
network
low complexity
debian fedoraproject google CWE-416
8.8
8.8
2023-12-04 CVE-2023-40462 Reachable Assertion vulnerability in multiple products
The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions.
network
low complexity
sierrawireless debian CWE-617
7.5
7.5
2023-11-30 CVE-2023-42917 Out-of-bounds Write vulnerability in multiple products
A memory corruption vulnerability was addressed with improved locking.
network
low complexity
apple debian fedoraproject webkitgtk CWE-787
8.8
8.8
2023-11-29 CVE-2023-6346 Use After Free vulnerability in multiple products
Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8
8.8