Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-05 | CVE-2023-4764 | Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 6.5 |
| 2023-08-28 | CVE-2023-4569 | Memory Leak vulnerability in multiple products A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. | 5.5 |
| 2023-08-25 | CVE-2023-41080 | Open Redirect vulnerability in multiple products URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. | 6.1 |
| 2023-08-25 | CVE-2023-40577 | Cross-site Scripting vulnerability in multiple products Alertmanager handles alerts sent by client applications such as the Prometheus server. | 5.4 |
| 2023-08-22 | CVE-2020-19189 | Out-of-bounds Write vulnerability in multiple products Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | 6.5 |
| 2023-08-22 | CVE-2020-22217 | Out-of-bounds Read vulnerability in multiple products Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c. | 5.9 |
| 2023-08-22 | CVE-2020-35357 | Classic Buffer Overflow vulnerability in multiple products A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. | 6.5 |
| 2023-08-22 | CVE-2022-37050 | In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. | 6.5 |
| 2023-08-22 | CVE-2022-37051 | Reachable Assertion vulnerability in multiple products An issue was discovered in Poppler 22.07.0. | 6.5 |
| 2023-08-22 | CVE-2022-44730 | Server-Side Request Forgery (SSRF) vulnerability in multiple products Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. | 4.4 |