Vulnerabilities > Debian > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-18 | CVE-2023-51385 | OS Command Injection vulnerability in multiple products In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. | 6.5 |
2023-12-18 | CVE-2023-48795 | Improper Validation of Integrity Check Value vulnerability in multiple products The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. network high complexity openbsd putty filezilla-project microsoft panic roumenpetrov winscp bitvise lancom-systems vandyke libssh net-ssh ssh2-project proftpd freebsd crates tera-term-project oryx-embedded crushftp netsarang paramiko redhat golang russh-project sftpgo-project erlang matez libssh2 asyncssh-project dropbear-ssh-project jadaptive ssh thorntech netgate connectbot apache tinyssh trilead 9bis gentoo fedoraproject debian apple CWE-354 | 5.9 |
2023-12-18 | CVE-2023-5115 | Path Traversal vulnerability in multiple products An absolute path traversal attack exists in the Ansible automation platform. | 6.3 |
2023-12-12 | CVE-2023-42883 | The issue was addressed with improved memory handling. | 5.5 |
2023-12-08 | CVE-2023-45866 | Improper Authentication vulnerability in multiple products Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. | 6.3 |
2023-12-06 | CVE-2023-6511 | Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. | 4.3 |
2023-12-06 | CVE-2023-6512 | Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. | 6.5 |
2023-11-30 | CVE-2023-42916 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read was addressed with improved input validation. | 6.5 |
2023-11-21 | CVE-2023-6204 | Out-of-bounds Read vulnerability in multiple products On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. | 6.5 |
2023-11-21 | CVE-2023-6205 | Use After Free vulnerability in multiple products It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. | 6.5 |