Lucene search

K
DebianDebian Linux12.0

281 matches found

CVE
CVE
added 2023/12/06 2:15 a.m.79 views

CVE-2023-6511

Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS4.9AI score0.00133EPSS
CVE
CVE
added 2023/12/19 2:15 p.m.79 views

CVE-2023-6859

A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

8.8CVSS8.3AI score0.00343EPSS
CVE
CVE
added 2023/12/19 2:15 p.m.79 views

CVE-2023-6864

Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thund...

8.8CVSS9.2AI score0.00414EPSS
CVE
CVE
added 2023/07/05 9:15 a.m.77 views

CVE-2023-37208

When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

7.8CVSS7.5AI score0.00038EPSS
CVE
CVE
added 2024/11/10 10:15 p.m.77 views

CVE-2024-46953

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.

7.8CVSS7.2AI score0.00062EPSS
CVE
CVE
added 2023/05/26 10:15 p.m.76 views

CVE-2023-2898

There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.

4.7CVSS5.9AI score0.00021EPSS
CVE
CVE
added 2023/12/19 2:15 p.m.76 views

CVE-2023-50762

When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a diffe...

4.3CVSS5.6AI score0.00288EPSS
CVE
CVE
added 2023/12/19 2:15 p.m.76 views

CVE-2023-6865

EncryptingOutputStream was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.

6.5CVSS6.4AI score0.00348EPSS
CVE
CVE
added 2023/12/19 2:15 p.m.72 views

CVE-2023-50761

The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be us...

4.3CVSS5.6AI score0.00288EPSS
CVE
CVE
added 2023/05/09 4:15 p.m.71 views

CVE-2023-31490

An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.

7.5CVSS7.1AI score0.03813EPSS
CVE
CVE
added 2023/05/03 12:16 p.m.70 views

CVE-2022-40302

An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent...

6.5CVSS6.4AI score0.00159EPSS
CVE
CVE
added 2023/12/19 2:15 p.m.70 views

CVE-2023-6867

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability...

6.1CVSS6.3AI score0.00813EPSS
CVE
CVE
added 2023/10/09 5:15 a.m.69 views

CVE-2023-45364

An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp,...

5.3CVSS5.3AI score0.00071EPSS
CVE
CVE
added 2023/11/11 1:15 a.m.69 views

CVE-2023-46849

Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.

7.5CVSS8AI score0.00311EPSS
CVE
CVE
added 2023/12/19 2:15 p.m.69 views

CVE-2023-6873

Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121.

8.8CVSS8.9AI score0.00353EPSS
CVE
CVE
added 2023/04/03 4:15 p.m.68 views

CVE-2022-36440

A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.

7.5CVSS7.3AI score0.00201EPSS
CVE
CVE
added 2023/06/14 8:15 a.m.65 views

CVE-2023-30631

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: fr...

7.5CVSS7.3AI score0.00426EPSS
CVE
CVE
added 2024/02/11 3:15 a.m.63 views

CVE-2024-25714

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)

9.8CVSS6.5AI score0.00188EPSS
CVE
CVE
added 2024/11/10 10:15 p.m.63 views

CVE-2024-46952

An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values).

8.4CVSS6.9AI score0.00026EPSS
CVE
CVE
added 2024/11/10 10:15 p.m.63 views

CVE-2024-46955

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.

5.5CVSS6.4AI score0.00051EPSS
CVE
CVE
added 2023/05/03 12:16 p.m.59 views

CVE-2022-43681

An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT s...

6.5CVSS6.8AI score0.00159EPSS
CVE
CVE
added 2023/10/09 5:15 a.m.57 views

CVE-2023-45363

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and con...

7.5CVSS7.1AI score0.11025EPSS
CVE
CVE
added 2023/06/14 8:15 a.m.54 views

CVE-2022-47184

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0.

7.5CVSS7.3AI score0.00157EPSS
CVE
CVE
added 2023/08/11 2:15 p.m.52 views

CVE-2023-39945

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled BadParamException in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2...

8.2CVSS7.6AI score0.00067EPSS
CVE
CVE
added 2023/05/03 12:16 p.m.48 views

CVE-2022-40318

An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent...

6.5CVSS6.4AI score0.00159EPSS
CVE
CVE
added 2023/04/06 5:15 a.m.43 views

CVE-2023-29415

An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.

6.5CVSS6.9AI score0.00116EPSS
CVE
CVE
added 2023/08/11 2:15 p.m.43 views

CVE-2023-39949

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9...

7.5CVSS7.5AI score0.00067EPSS
CVE
CVE
added 2023/08/11 2:15 p.m.41 views

CVE-2023-39947

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, even after the fix at commit 3492270, malformed PID_PROPERTY_LIST parameters cause heap overflow at a different program counter. Th...

8.2CVSS7.8AI score0.00081EPSS
CVE
CVE
added 2023/08/11 2:15 p.m.40 views

CVE-2023-39534

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue...

7.5CVSS7.4AI score0.00068EPSS
CVE
CVE
added 2023/08/11 2:15 p.m.39 views

CVE-2023-39946

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PID_PROPERTY_LIST parameter that contains a CDR string with length larger than the size of ac...

8.2CVSS7.6AI score0.00066EPSS
CVE
CVE
added 2023/08/11 2:15 p.m.34 views

CVE-2023-39948

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the BadParamException thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 contain...

7.5CVSS7.4AI score0.00095EPSS
Total number of security vulnerabilities281