Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-20 | CVE-2023-42464 | A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully... | Debian_linux, Netatalk | 9.8 | ||
| 2023-09-25 | CVE-2023-42753 | An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. | Debian_linux, Linux_kernel, Enterprise_linux | 7.8 | ||
| 2023-09-27 | CVE-2023-41074 | The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. | Ipados, Iphone_os, Macos, Safari, Tvos, Watchos, Debian_linux, Fedora | 8.8 | ||
| 2023-09-27 | CVE-2023-5169 | A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | Debian_linux, Fedora, Firefox, Firefox_esr, Thunderbird | 6.5 | ||
| 2023-09-27 | CVE-2023-5171 | During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | Debian_linux, Fedora, Firefox, Firefox_esr, Thunderbird | 6.5 | ||
| 2023-09-28 | CVE-2023-42756 | A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system. | Debian_linux, Fedora, Linux_kernel, Enterprise_linux | 4.7 | ||
| 2023-09-28 | CVE-2023-5186 | Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) | Debian_linux, Fedora, Chrome | 8.8 | ||
| 2023-09-28 | CVE-2023-5187 | Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Debian_linux, Fedora, Chrome | 8.8 | ||
| 2023-09-30 | CVE-2023-44488 | VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. | Debian_linux, Fedora, Enterprise_linux, Libvpx | 7.5 | ||
| 2023-10-05 | CVE-2023-42755 | A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service. | Debian_linux, Linux_kernel, Enterprise_linux | 5.5 |