Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-10-04 | CVE-2023-43804 | urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. | Debian_linux, Fedora, Urllib3 | 8.1 | ||
| 2023-12-08 | CVE-2023-45866 | Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. | Ipados, Iphone_os, Macos, Ubuntu_linux, Debian_linux, Fedora, Android | 6.3 | ||
| 2024-02-20 | CVE-2024-1547 | Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. | Debian_linux, Firefox, Thunderbird | 6.5 | ||
| 2024-02-20 | CVE-2024-1550 | A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. | Debian_linux, Firefox, Thunderbird | 6.1 | ||
| 2024-02-20 | CVE-2024-1552 | Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. | Debian_linux, Firefox, Thunderbird | 7.5 | ||
| 2023-08-22 | CVE-2020-35357 | A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution. | Debian_linux, Gnu_scientific_library | 6.5 | ||
| 2024-04-16 | CVE-2024-21096 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized... | Debian_linux, Fedora, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql | N/A | ||
| 2023-03-03 | CVE-2023-27561 | runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. | Debian_linux, Runc, Enterprise_linux, Openshift_container_platform | 7.0 | ||
| 2024-04-16 | CVE-2024-21068 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for... | Debian_linux, Active_iq_unified_manager, Data_infrastructure_insights_acquisition_unit, Data_infrastructure_insights_storage_workload_security_agent, Oncommand_insight, Oncommand_workflow_automation, Graalvm, Graalvm_for_jdk, Jdk, Jre | N/A | ||
| 2023-07-20 | CVE-2023-34968 | A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. | Debian_linux, Fedora, Enterprise_linux, Storage, Samba | 5.3 |