Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-01 CVE-2023-5858 Origin Validation Error vulnerability in multiple products
Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-346
4.3
2023-11-01 CVE-2023-5859 Origin Validation Error vulnerability in multiple products
Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page.
network
low complexity
google debian fedoraproject CWE-346
4.3
2023-10-25 CVE-2023-5380 Use After Free vulnerability in multiple products
A use-after-free flaw was found in the xorg-x11-server.
local
high complexity
x-org redhat fedoraproject debian CWE-416
4.7
2023-10-25 CVE-2023-41983 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The issue was addressed with improved memory handling.
network
low complexity
apple fedoraproject debian CWE-119
6.5
2023-10-25 CVE-2023-46316 In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.
local
low complexity
buc debian
5.5
2023-10-25 CVE-2023-5721 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay.
network
low complexity
mozilla debian CWE-1021
4.3
2023-10-25 CVE-2023-5725 A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data.
network
low complexity
mozilla debian
4.3
2023-10-25 CVE-2023-5732 An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited.
network
low complexity
mozilla debian
6.5
2023-10-23 CVE-2023-45802 Improper Resource Shutdown or Release vulnerability in multiple products
When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately.
network
high complexity
apache fedoraproject debian CWE-404
5.9
2023-10-18 CVE-2023-5631 Cross-site Scripting vulnerability in multiple products
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior.
network
low complexity
roundcube debian fedoraproject CWE-79
5.4