Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-22 CVE-2023-43770 Cross-site Scripting vulnerability in multiple products
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.
network
low complexity
roundcube debian CWE-79
6.1
2023-09-09 CVE-2023-4874 NULL Pointer Dereference vulnerability in multiple products
Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12
network
low complexity
mutt debian CWE-476
6.5
2023-09-09 CVE-2023-4875 NULL Pointer Dereference vulnerability in multiple products
Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12
network
low complexity
mutt debian CWE-476
5.7
2023-09-05 CVE-2023-4764 Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
low complexity
google debian
6.5
2023-08-15 CVE-2023-4350 Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
low complexity
google debian fedoraproject
6.5
2023-08-15 CVE-2023-4359 Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page.
network
low complexity
google debian fedoraproject
5.3
2023-08-15 CVE-2023-4360 Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page.
network
low complexity
google debian fedoraproject
4.3
2023-08-15 CVE-2023-4361 Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page.
network
low complexity
google debian fedoraproject
5.3
2023-08-15 CVE-2023-4363 Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page.
network
low complexity
google debian fedoraproject
4.3
2023-08-15 CVE-2023-4364 Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page.
network
low complexity
google debian fedoraproject
4.3