Vulnerabilities > Debian > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-04 | CVE-2023-1822 | Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 6.5 |
2023-04-04 | CVE-2023-1823 | Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 6.5 |
2023-03-31 | CVE-2023-28755 | A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. | 5.3 |
2023-03-31 | CVE-2023-28756 | A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. | 5.3 |
2023-03-30 | CVE-2023-27535 | Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. | 5.9 |
2023-03-30 | CVE-2023-27536 | Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. | 5.9 |
2023-03-30 | CVE-2023-27538 | Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. | 5.5 |
2023-03-21 | CVE-2022-42334 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. | 6.5 |
2023-03-06 | CVE-2023-0330 | Out-of-bounds Write vulnerability in multiple products A vulnerability in the lsi53c895a device affects the latest version of qemu. | 6.0 |
2023-03-01 | CVE-2023-24751 | NULL Pointer Dereference vulnerability in multiple products libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. | 6.5 |