Lucene search

K
DebianDebian Linux12.0

281 matches found

CVE
CVE
added 2023/08/08 6:15 p.m.359 views

CVE-2023-20569

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

4.7CVSS6.6AI score0.0065EPSS
CVE
CVE
added 2023/07/25 4:15 p.m.359 views

CVE-2023-3772

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.

5.5CVSS6.1AI score0.0001EPSS
CVE
CVE
added 2023/10/10 6:15 p.m.346 views

CVE-2023-42795

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error couldcause Tomcat to skip some parts of the recycling pr...

5.3CVSS6.6AI score0.0051EPSS
CVE
CVE
added 2023/08/01 3:15 p.m.345 views

CVE-2023-4048

An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

7.5CVSS8AI score0.00386EPSS
CVE
CVE
added 2023/09/05 10:15 p.m.339 views

CVE-2023-4762

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.7AI score0.11497EPSS
CVE
CVE
added 2023/10/11 11:15 p.m.331 views

CVE-2023-5485

Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS4.9AI score0.00036EPSS
CVE
CVE
added 2023/08/08 6:15 p.m.328 views

CVE-2023-20588

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

5.5CVSS6.9AI score0.03997EPSS
CVE
CVE
added 2023/07/18 9:15 p.m.327 views

CVE-2023-22006

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle Graa...

3.1CVSS4.2AI score0.00123EPSS
CVE
CVE
added 2023/10/10 7:15 p.m.323 views

CVE-2023-45648

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A speciallycrafted, invalid trailer header could cause Tomcat t...

5.3CVSS6.6AI score0.00732EPSS
CVE
CVE
added 2023/11/30 11:15 p.m.322 views

CVE-2023-42916

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions...

6.5CVSS6.7AI score0.00047EPSS
CVE
CVE
added 2023/08/11 3:15 a.m.318 views

CVE-2023-23908

Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.

6CVSS4.8AI score0.00012EPSS
CVE
CVE
added 2023/07/24 3:15 p.m.315 views

CVE-2023-3863

A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.

6.4CVSS5.8AI score0.00007EPSS
CVE
CVE
added 2023/07/18 9:15 p.m.313 views

CVE-2023-22041

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Or...

5.1CVSS5.8AI score0.00058EPSS
CVE
CVE
added 2023/08/01 3:15 p.m.307 views

CVE-2023-4047

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

8.8CVSS8.6AI score0.00437EPSS
CVE
CVE
added 2023/08/11 3:15 a.m.302 views

CVE-2022-41804

Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

7.2CVSS6.5AI score0.00015EPSS
CVE
CVE
added 2023/07/18 9:15 p.m.302 views

CVE-2023-22036

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM...

3.7CVSS4.6AI score0.00059EPSS
CVE
CVE
added 2023/08/01 3:15 p.m.300 views

CVE-2023-4046

In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

5.3CVSS6.9AI score0.00229EPSS
CVE
CVE
added 2023/07/24 8:15 p.m.297 views

CVE-2023-20593

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

5.5CVSS7.2AI score0.0632EPSS
CVE
CVE
added 2023/08/23 12:15 a.m.297 views

CVE-2023-4430

Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.11354EPSS
CVE
CVE
added 2023/10/25 7:15 p.m.296 views

CVE-2023-42852

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.

8.8CVSS8.3AI score0.01987EPSS
CVE
CVE
added 2023/08/11 1:15 p.m.293 views

CVE-2023-39417

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with dat...

8.8CVSS8.8AI score0.00509EPSS
CVE
CVE
added 2023/08/01 3:15 p.m.291 views

CVE-2023-4045

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

5.3CVSS6.8AI score0.00273EPSS
CVE
CVE
added 2023/10/25 7:15 p.m.289 views

CVE-2023-41983

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.

6.5CVSS6.2AI score0.01016EPSS
CVE
CVE
added 2023/08/23 12:15 a.m.289 views

CVE-2023-4429

Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00392EPSS
CVE
CVE
added 2023/10/11 11:15 p.m.289 views

CVE-2023-5483

Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS6.3AI score0.00073EPSS
CVE
CVE
added 2023/08/01 4:15 p.m.288 views

CVE-2023-4055

When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < ...

7.5CVSS7.9AI score0.00298EPSS
CVE
CVE
added 2023/08/03 1:15 a.m.286 views

CVE-2023-4073

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.5AI score0.00591EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.286 views

CVE-2023-41074

The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.

8.8CVSS8.6AI score0.0123EPSS
CVE
CVE
added 2023/08/01 4:15 p.m.283 views

CVE-2023-4056

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerabili...

9.8CVSS10AI score0.00561EPSS
CVE
CVE
added 2023/10/11 11:15 p.m.282 views

CVE-2023-5481

Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS6.3AI score0.00103EPSS
CVE
CVE
added 2023/08/03 3:15 p.m.278 views

CVE-2023-4132

A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.

5.5CVSS6.3AI score0.00011EPSS
CVE
CVE
added 2023/10/11 11:15 p.m.277 views

CVE-2023-5477

Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low)

4.3CVSS5AI score0.00023EPSS
CVE
CVE
added 2023/07/20 3:15 p.m.276 views

CVE-2023-34966

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like st...

7.5CVSS7.4AI score0.13804EPSS
CVE
CVE
added 2023/08/01 3:15 p.m.275 views

CVE-2023-4049

Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

5.9CVSS7.5AI score0.00338EPSS
CVE
CVE
added 2023/08/11 1:15 p.m.274 views

CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

4.3CVSS6AI score0.00439EPSS
CVE
CVE
added 2023/08/01 3:15 p.m.274 views

CVE-2023-4050

In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

7.5CVSS8.2AI score0.08684EPSS
CVE
CVE
added 2023/09/06 2:15 p.m.265 views

CVE-2023-4207

A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when upd...

7.8CVSS7.7AI score0.00024EPSS
CVE
CVE
added 2023/08/09 3:15 p.m.264 views

CVE-2023-4273

A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name...

6.7CVSS6.6AI score0.00043EPSS
CVE
CVE
added 2023/10/11 11:15 p.m.256 views

CVE-2023-5479

Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS6.4AI score0.00033EPSS
CVE
CVE
added 2025/06/30 9:15 p.m.254 views

CVE-2025-32463

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

9.3CVSS6.6AI score0.00254EPSS
CVE
CVE
added 2023/11/08 8:15 p.m.247 views

CVE-2023-5996

Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00343EPSS
CVE
CVE
added 2023/10/11 11:15 p.m.244 views

CVE-2023-5478

Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS4.8AI score0.00104EPSS
CVE
CVE
added 2023/09/06 2:15 p.m.243 views

CVE-2023-4208

A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when u...

7.8CVSS7.7AI score0.00022EPSS
CVE
CVE
added 2023/10/11 11:15 p.m.242 views

CVE-2023-5475

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium)

6.5CVSS6.5AI score0.00029EPSS
CVE
CVE
added 2023/11/21 3:15 p.m.229 views

CVE-2023-6209

Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbi...

6.5CVSS6.9AI score0.00431EPSS
CVE
CVE
added 2023/08/29 8:15 p.m.224 views

CVE-2023-4572

Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00388EPSS
CVE
CVE
added 2023/06/16 9:15 p.m.221 views

CVE-2023-35788

An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.

7.8CVSS7.7AI score0.00009EPSS
CVE
CVE
added 2023/07/20 3:15 p.m.218 views

CVE-2023-34968

A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the inform...

5.3CVSS5.7AI score0.02016EPSS
CVE
CVE
added 2023/08/29 4:15 a.m.218 views

CVE-2023-41358

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.

7.5CVSS8.1AI score0.00294EPSS
CVE
CVE
added 2023/03/06 9:15 p.m.216 views

CVE-2023-1161

ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file

7.1CVSS6.8AI score0.00107EPSS
Total number of security vulnerabilities281