Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-19 CVE-2023-6863 The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor.
network
low complexity
mozilla debian
8.8
2023-12-19 CVE-2023-6864 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5.
network
low complexity
mozilla debian CWE-787
8.8
2023-12-19 CVE-2023-6873 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 120.
network
low complexity
mozilla debian CWE-787
8.8
2023-12-19 CVE-2023-6931 Out-of-bounds Write vulnerability in multiple products
A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.
local
high complexity
linux debian CWE-787
7.0
2023-12-13 CVE-2023-6377 Out-of-bounds Read vulnerability in multiple products
A flaw was found in xorg-server.
local
low complexity
redhat debian x-org tigervnc CWE-125
7.8
2023-12-13 CVE-2023-6478 Integer Overflow or Wraparound vulnerability in multiple products
A flaw was found in xorg-server.
network
low complexity
x-org redhat debian tigervnc CWE-190
7.5
2023-12-11 CVE-2023-6185 Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
network
low complexity
libreoffice fedoraproject debian
8.8
2023-12-11 CVE-2023-6186 Improper Preservation of Permissions vulnerability in multiple products
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.
network
low complexity
libreoffice fedoraproject debian CWE-281
8.8
2023-12-06 CVE-2023-6508 Use After Free vulnerability in multiple products
Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8
2023-12-06 CVE-2023-6509 Use After Free vulnerability in multiple products
Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction.
network
low complexity
debian fedoraproject google CWE-416
8.8