Lucene search

K
DebianDebian Linux12.0

281 matches found

CVE
CVE
added 2023/08/15 6:15 p.m.104 views

CVE-2023-4358

Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS8.8AI score0.01137EPSS
CVE
CVE
added 2023/05/26 9:15 p.m.103 views

CVE-2023-2856

VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

6.5CVSS6.2AI score0.00024EPSS
CVE
CVE
added 2023/08/15 6:15 p.m.102 views

CVE-2023-4365

Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS4.9AI score0.00254EPSS
CVE
CVE
added 2023/12/11 12:15 p.m.102 views

CVE-2023-6186

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the ...

8.8CVSS8.8AI score0.01179EPSS
CVE
CVE
added 2023/07/05 9:15 a.m.101 views

CVE-2023-37201

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

8.8CVSS8.1AI score0.00486EPSS
CVE
CVE
added 2023/07/22 5:15 p.m.101 views

CVE-2023-38633

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.

5.5CVSS5.1AI score0.33554EPSS
CVE
CVE
added 2023/07/05 9:15 a.m.100 views

CVE-2023-37202

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

8.8CVSS8AI score0.0038EPSS
CVE
CVE
added 2023/11/29 12:15 p.m.100 views

CVE-2023-6347

Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS9AI score0.00391EPSS
CVE
CVE
added 2023/11/21 3:15 p.m.99 views

CVE-2023-6204

On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

6.5CVSS6.7AI score0.00303EPSS
CVE
CVE
added 2023/04/12 9:15 p.m.97 views

CVE-2023-1993

LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

6.5CVSS6.8AI score0.0006EPSS
CVE
CVE
added 2023/08/15 6:15 p.m.97 views

CVE-2023-4364

Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS4.9AI score0.00254EPSS
CVE
CVE
added 2023/12/19 2:15 p.m.97 views

CVE-2023-6857

When resolving a symlink, a race may occur where the buffer passed to readlink may actually be smaller than necessary.This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115...

5.3CVSS6.2AI score0.00235EPSS
CVE
CVE
added 2023/05/30 11:15 p.m.96 views

CVE-2023-2952

XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file

6.5CVSS6.5AI score0.00009EPSS
CVE
CVE
added 2023/11/21 3:15 p.m.95 views

CVE-2023-6207

Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

8.8CVSS8.2AI score0.00464EPSS
CVE
CVE
added 2023/11/21 3:15 p.m.95 views

CVE-2023-6208

When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard.This bug only affects Firefox on X11. Other systems are unaffected. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0...

8.8CVSS8AI score0.00427EPSS
CVE
CVE
added 2023/10/06 4:15 p.m.94 views

CVE-2023-39928

A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.

8.8CVSS9.3AI score0.00164EPSS
CVE
CVE
added 2023/09/06 2:15 p.m.94 views

CVE-2023-4015

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nft_immediate_deactivate() can lead unbinding the chain and objects be deactiv...

7.8CVSS7.6AI score0.00017EPSS
CVE
CVE
added 2023/11/11 1:15 a.m.94 views

CVE-2023-46850

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.

9.8CVSS9.6AI score0.02162EPSS
CVE
CVE
added 2023/10/25 6:17 p.m.93 views

CVE-2023-46316

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.

5.5CVSS5.3AI score0.00042EPSS
CVE
CVE
added 2023/11/21 3:15 p.m.93 views

CVE-2023-6206

The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox <...

5.4CVSS6.2AI score0.00488EPSS
CVE
CVE
added 2023/12/19 2:15 p.m.93 views

CVE-2023-6856

The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firef...

8.8CVSS8.7AI score0.08516EPSS
CVE
CVE
added 2023/08/15 6:15 p.m.92 views

CVE-2023-4363

Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS4.7AI score0.00189EPSS
CVE
CVE
added 2023/05/26 9:15 p.m.91 views

CVE-2023-2855

Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

6.5CVSS6.2AI score0.00032EPSS
CVE
CVE
added 2023/08/15 6:15 p.m.91 views

CVE-2023-4356

Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS8.8AI score0.01137EPSS
CVE
CVE
added 2023/04/12 9:15 p.m.90 views

CVE-2023-1992

RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

7.5CVSS7.4AI score0.0018EPSS
CVE
CVE
added 2023/12/12 1:15 a.m.90 views

CVE-2023-42883

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.

5.5CVSS5.7AI score0.00022EPSS
CVE
CVE
added 2023/11/21 3:15 p.m.90 views

CVE-2023-6205

It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

6.5CVSS6.8AI score0.00473EPSS
CVE
CVE
added 2023/11/21 3:15 p.m.90 views

CVE-2023-6212

Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR...

8.8CVSS9.2AI score0.0034EPSS
CVE
CVE
added 2023/12/06 2:15 a.m.90 views

CVE-2023-6512

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)

6.5CVSS6.2AI score0.00309EPSS
CVE
CVE
added 2023/04/12 10:15 p.m.89 views

CVE-2023-1994

GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

6.5CVSS6.7AI score0.00202EPSS
CVE
CVE
added 2023/12/06 2:15 a.m.89 views

CVE-2023-6509

Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High)

8.8CVSS8.8AI score0.00764EPSS
CVE
CVE
added 2024/11/10 10:15 p.m.89 views

CVE-2024-46956

An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.

7.8CVSS7.2AI score0.00184EPSS
CVE
CVE
added 2023/07/05 10:15 a.m.88 views

CVE-2023-37211

Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox E...

8.8CVSS9.1AI score0.00332EPSS
CVE
CVE
added 2023/08/15 6:15 p.m.87 views

CVE-2023-4367

Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS6.4AI score0.00058EPSS
CVE
CVE
added 2023/12/19 2:15 p.m.86 views

CVE-2023-6860

The VideoBridge allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

6.5CVSS6.8AI score0.00411EPSS
CVE
CVE
added 2023/12/19 2:15 p.m.86 views

CVE-2023-6862

A use-after-free was identified in the nsDNSService::Init. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.

8.8CVSS8.3AI score0.00337EPSS
CVE
CVE
added 2023/12/19 2:15 p.m.85 views

CVE-2023-6858

Firefox was susceptible to a heap buffer overflow in nsTextFragment due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

8.8CVSS8.4AI score0.00381EPSS
CVE
CVE
added 2023/05/26 9:15 p.m.84 views

CVE-2023-2854

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

6.5CVSS6.3AI score0.00032EPSS
CVE
CVE
added 2023/12/06 2:15 a.m.84 views

CVE-2023-6510

Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)

8.8CVSS8.8AI score0.01042EPSS
CVE
CVE
added 2023/12/19 2:15 p.m.84 views

CVE-2023-6861

The nsWindow::PickerOpen(void) method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

8.8CVSS8.4AI score0.00435EPSS
CVE
CVE
added 2023/12/19 2:15 p.m.84 views

CVE-2023-6863

The ShutdownObserver() was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

8.8CVSS8.1AI score0.00424EPSS
CVE
CVE
added 2024/11/10 9:15 p.m.84 views

CVE-2024-46951

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.

7.8CVSS7.1AI score0.00062EPSS
CVE
CVE
added 2023/03/24 4:15 a.m.83 views

CVE-2023-28686

Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information...

7.1CVSS6.5AI score0.00104EPSS
CVE
CVE
added 2023/11/29 12:15 p.m.83 views

CVE-2023-6351

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)

8.8CVSS9AI score0.00294EPSS
CVE
CVE
added 2023/11/29 12:15 p.m.82 views

CVE-2023-6350

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)

8.8CVSS9AI score0.01271EPSS
CVE
CVE
added 2023/11/06 12:15 a.m.81 views

CVE-2023-47272

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).

6.1CVSS5.7AI score0.00425EPSS
CVE
CVE
added 2023/11/29 12:15 p.m.81 views

CVE-2023-6346

Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS9AI score0.00378EPSS
CVE
CVE
added 2023/11/29 12:15 p.m.80 views

CVE-2023-6348

Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.6AI score0.00424EPSS
CVE
CVE
added 2023/07/05 9:15 a.m.79 views

CVE-2023-37207

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird &lt...

6.5CVSS6.5AI score0.00323EPSS
CVE
CVE
added 2023/09/09 10:15 p.m.79 views

CVE-2023-41915

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.

8.1CVSS7.9AI score0.01033EPSS
Total number of security vulnerabilities281