Vulnerabilities > Debian > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-13 | CVE-2023-6377 | Out-of-bounds Read vulnerability in multiple products A flaw was found in xorg-server. | 7.8 |
2023-12-13 | CVE-2023-6478 | Integer Overflow or Wraparound vulnerability in multiple products A flaw was found in xorg-server. | 7.5 |
2023-12-11 | CVE-2023-6185 | Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system. | 8.8 |
2023-12-11 | CVE-2023-6186 | Improper Preservation of Permissions vulnerability in multiple products Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user. | 8.8 |
2023-12-06 | CVE-2023-6508 | Use After Free vulnerability in multiple products Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2023-12-06 | CVE-2023-6509 | Use After Free vulnerability in multiple products Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. | 8.8 |
2023-12-06 | CVE-2023-6510 | Use After Free vulnerability in multiple products Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. | 8.8 |
2023-12-04 | CVE-2023-40462 | Reachable Assertion vulnerability in multiple products The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. | 7.5 |
2023-11-30 | CVE-2023-42917 | Out-of-bounds Write vulnerability in multiple products A memory corruption vulnerability was addressed with improved locking. | 8.8 |
2023-11-29 | CVE-2023-6346 | Use After Free vulnerability in multiple products Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |