Lucene search

K
DebianDebian Linux12.0

281 matches found

CVE
CVE
added 2023/10/11 11:15 p.m.214 views

CVE-2023-5484

Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS6.3AI score0.00207EPSS
CVE
CVE
added 2023/07/20 3:15 p.m.213 views

CVE-2023-34967

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. ...

5.3CVSS6.5AI score0.18572EPSS
CVE
CVE
added 2023/09/12 9:15 p.m.213 views

CVE-2023-4901

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS4.9AI score0.00228EPSS
CVE
CVE
added 2023/10/11 11:15 p.m.213 views

CVE-2023-5218

Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

8.8CVSS8.8AI score0.00258EPSS
CVE
CVE
added 2023/10/11 11:15 p.m.213 views

CVE-2023-5486

Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS4.9AI score0.00176EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.211 views

CVE-2023-5176

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR...

9.8CVSS9.8AI score0.00561EPSS
CVE
CVE
added 2023/11/01 6:15 p.m.211 views

CVE-2023-5480

Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)

6.1CVSS6.1AI score0.0015EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.208 views

CVE-2023-2124

An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.

7.8CVSS7.6AI score0.00019EPSS
CVE
CVE
added 2023/10/27 5:15 a.m.208 views

CVE-2023-34058

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate thei...

7.5CVSS7.3AI score0.00045EPSS
CVE
CVE
added 2023/08/14 3:15 a.m.208 views

CVE-2023-40283

An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.

7.8CVSS7.5AI score0.0001EPSS
CVE
CVE
added 2023/04/24 6:15 a.m.207 views

CVE-2023-31084

An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event...

5.5CVSS6.6AI score0.00008EPSS
CVE
CVE
added 2023/08/07 2:15 p.m.203 views

CVE-2023-4147

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.

7.8CVSS7.7AI score0.00161EPSS
CVE
CVE
added 2023/08/15 6:15 p.m.202 views

CVE-2023-4361

Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)

5.3CVSS5.4AI score0.0004EPSS
CVE
CVE
added 2023/07/03 1:15 p.m.200 views

CVE-2023-36053

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

7.5CVSS7.1AI score0.02296EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.198 views

CVE-2023-5171

During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

6.5CVSS7.3AI score0.00267EPSS
CVE
CVE
added 2023/10/25 8:15 p.m.197 views

CVE-2023-5367

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for...

7.8CVSS8.2AI score0.00066EPSS
CVE
CVE
added 2023/09/05 10:15 p.m.196 views

CVE-2023-4763

Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00354EPSS
CVE
CVE
added 2023/06/07 3:15 a.m.195 views

CVE-2023-0666

Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.

6.5CVSS7AI score0.00919EPSS
CVE
CVE
added 2023/04/11 9:15 p.m.194 views

CVE-2023-1989

A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.

7.1CVSS6.9AI score0.00016EPSS
CVE
CVE
added 2023/07/20 3:15 p.m.192 views

CVE-2022-2127

An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manag...

5.9CVSS6.7AI score0.01247EPSS
CVE
CVE
added 2023/06/13 6:15 p.m.192 views

CVE-2023-3217

Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.17398EPSS
CVE
CVE
added 2023/10/25 8:15 p.m.192 views

CVE-2023-5380

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the othe...

4.7CVSS6.4AI score0.00082EPSS
CVE
CVE
added 2023/08/15 6:15 p.m.191 views

CVE-2023-4357

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7.8AI score0.54674EPSS
CVE
CVE
added 2023/08/15 6:15 p.m.189 views

CVE-2023-4349

Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.01463EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.187 views

CVE-2023-5169

A compromised content process could have provided malicious data in a PathRecording resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

6.5CVSS7.2AI score0.00267EPSS
CVE
CVE
added 2023/11/01 6:15 p.m.185 views

CVE-2023-5849

Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.5AI score0.00557EPSS
CVE
CVE
added 2023/10/12 5:15 p.m.182 views

CVE-2023-45133

Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely...

9.3CVSS9.1AI score0.00067EPSS
CVE
CVE
added 2023/11/01 6:15 p.m.182 views

CVE-2023-5859

Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low)

4.3CVSS4.9AI score0.00636EPSS
CVE
CVE
added 2023/07/24 11:15 a.m.180 views

CVE-2023-3417

Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerab...

7.5CVSS7.9AI score0.00161EPSS
CVE
CVE
added 2023/04/25 9:15 p.m.179 views

CVE-2023-2269

A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.

4.4CVSS6AI score0.0002EPSS
CVE
CVE
added 2023/12/13 7:15 a.m.178 views

CVE-2023-6377

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.

7.8CVSS8.3AI score0.00423EPSS
CVE
CVE
added 2023/11/01 6:15 p.m.177 views

CVE-2023-5856

Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS8.8AI score0.00557EPSS
CVE
CVE
added 2023/11/01 6:15 p.m.175 views

CVE-2023-5855

Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

8.8CVSS8.9AI score0.00557EPSS
CVE
CVE
added 2023/06/16 7:15 p.m.174 views

CVE-2023-3268

An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.

7.1CVSS6.8AI score0.00006EPSS
CVE
CVE
added 2023/08/28 10:15 p.m.172 views

CVE-2023-4569

A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause double-deactivations of catchall elements, which can result in a memory leak.

5.5CVSS5.9AI score0.00008EPSS
CVE
CVE
added 2023/11/01 6:15 p.m.172 views

CVE-2023-5858

Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS4.9AI score0.00672EPSS
CVE
CVE
added 2023/09/12 9:15 p.m.171 views

CVE-2023-4905

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS4.2AI score0.00228EPSS
CVE
CVE
added 2023/10/25 6:17 p.m.171 views

CVE-2023-5472

Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00704EPSS
CVE
CVE
added 2023/11/01 6:15 p.m.171 views

CVE-2023-5852

Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

8.8CVSS8.9AI score0.00557EPSS
CVE
CVE
added 2023/11/01 6:15 p.m.171 views

CVE-2023-5853

Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS5AI score0.00442EPSS
CVE
CVE
added 2023/11/01 6:15 p.m.170 views

CVE-2023-5482

Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.9AI score0.08206EPSS
CVE
CVE
added 2023/11/01 6:15 p.m.170 views

CVE-2023-5857

Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium)

8.8CVSS8.4AI score0.01501EPSS
CVE
CVE
added 2023/09/28 4:15 p.m.169 views

CVE-2023-5187

Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00182EPSS
CVE
CVE
added 2023/11/01 6:15 p.m.169 views

CVE-2023-5854

Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

8.8CVSS8.9AI score0.00557EPSS
CVE
CVE
added 2023/06/28 8:15 p.m.166 views

CVE-2023-3090

A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled....

7.8CVSS7.9AI score0.00012EPSS
CVE
CVE
added 2023/11/01 6:15 p.m.166 views

CVE-2023-5851

Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS4.9AI score0.00301EPSS
CVE
CVE
added 2023/09/28 4:15 p.m.165 views

CVE-2023-5186

Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High)

8.8CVSS8.8AI score0.01006EPSS
CVE
CVE
added 2023/10/11 11:15 p.m.162 views

CVE-2023-5476

Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS8.8AI score0.00585EPSS
CVE
CVE
added 2023/09/12 9:15 p.m.161 views

CVE-2023-4900

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS4.3AI score0.00176EPSS
CVE
CVE
added 2023/10/11 11:15 p.m.161 views

CVE-2023-5474

Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

8.8CVSS8.6AI score0.00663EPSS
Total number of security vulnerabilities281