Debian Security Vulnerabilities (CVEs)

This CVE describes an infinite loop vulnerability in Samba's mdssvc RPC service for Spotlight. Attackers can send specially crafted RPC packets with a...

This vulnerability in the Linux kernel's nftables subsystem allows local users with CAP_NET_ADMIN capability to trigger out-of-bounds read/write opera...

This CVE-2023-31248 is a use-after-free vulnerability in the Linux kernel's nftables subsystem that allows local attackers to escalate privileges. The...

This CVE describes memory safety bugs in Firefox, Firefox ESR, and Thunderbird that could lead to memory corruption. With sufficient effort, attackers...

Firefox and Thunderbird failed to warn users when opening Diagcab files, which could contain malicious code. This vulnerability allows attackers to ex...

This vulnerability allows an attacker to trigger a use-after-free condition when establishing a WebRTC connection over HTTPS, potentially leading to a...

This CVE describes a heap out-of-bounds write vulnerability in the Linux Kernel's ipvlan network driver that allows local attackers to escalate privil...

This is a type confusion vulnerability in Chrome's V8 JavaScript engine that could allow an attacker to trigger heap corruption by tricking the browse...

This is a use-after-free vulnerability in Google Chrome's Guest View component that allows heap corruption. Attackers can exploit it by convincing use...

CVE-2023-36664 is a security bypass vulnerability in Artifex Ghostscript that allows arbitrary command execution through improper permission validatio...

This CVE describes a use-after-free vulnerability in the Linux kernel's saa7134 media device driver. Attackers with local access can potentially explo...

This vulnerability allows attackers to perform out-of-bounds writes in the Linux kernel's flower classifier code via specially crafted GENEVE packets....

Apache Traffic Server versions 8.0.0 through 9.2.0 contain an information disclosure vulnerability that allows unauthorized actors to access sensitive...

This critical vulnerability in Google Chrome's Autofill payments feature allows remote attackers to execute arbitrary code via heap corruption. Attack...

This vulnerability is a type confusion flaw in Chrome's V8 JavaScript engine that could allow a remote attacker to trigger heap corruption by tricking...

A use-after-free vulnerability in the Linux kernel's r592 memory stick host driver allows local attackers to crash the system during device disconnect...

An integer overflow vulnerability in libcap's _libcap_strdup() function allows memory corruption when processing extremely large strings (close to 4GB...

This vulnerability is a type confusion flaw in Chrome's V8 JavaScript engine that allows a remote attacker to trigger heap corruption by tricking the ...

A use-after-free vulnerability in the Linux kernel's Btrfs filesystem allows local attackers to potentially crash the system or execute arbitrary code...

CVE-2023-32067 is a denial-of-service vulnerability in the c-ares asynchronous DNS resolver library where an attacker can send a forged UDP packet wit...

This vulnerability allows attackers to bypass request size limits in Apache Tomcat by submitting exactly maxParameterCount query parameters, potential...

CVE-2023-33204 is an integer overflow vulnerability in sysstat's check_overflow function that could allow attackers to cause denial of service or pote...

CVE-2023-24805 is a command injection vulnerability in cups-filters' Backend Error Handler (beh) that allows remote code execution. Attackers with net...

This is a critical use-after-free vulnerability in Google Chrome's navigation component that allows remote attackers to potentially exploit heap corru...

This is a use-after-free vulnerability in Chrome DevTools that allows a remote attacker who has already compromised the renderer process to potentiall...

This is a use-after-free vulnerability in Chrome's Guest View component that allows heap corruption. Attackers can exploit it by convincing users to i...

A local privilege escalation vulnerability exists in the Linux kernel's XFS filesystem when restoring from a dirty log journal after failure. This all...

This vulnerability in the Linux kernel's RPL protocol handling allows unauthenticated remote attackers to trigger an assertion failure by sending spec...

A vulnerability in FRRouting's BGP daemon (bgpd) allows remote attackers to cause denial of service by sending specially crafted BGP packets that trig...

A remotely exploitable integer underflow vulnerability in MaraDNS allows attackers to cause Denial of Service by sending specially crafted DNS packets...

This vulnerability allows a malicious Chrome extension to bypass file access checks when a user visits a crafted HTML page. Attackers could potentiall...

This vulnerability allows remote attackers to exploit heap corruption in Google Chrome via a crafted HTML page. It affects Chrome users on any operati...

This is a use-after-free vulnerability in Chrome's DevTools that could allow heap corruption. Attackers could potentially execute arbitrary code or cr...

This vulnerability in Oracle Java SE and GraalVM Enterprise Edition's JSSE component allows attackers to compromise confidentiality and integrity of d...

This vulnerability is a type confusion flaw in Chrome's V8 JavaScript engine that could allow a remote attacker to execute arbitrary code or cause hea...

A use-after-free vulnerability in the Linux kernel's Bluetooth subsystem allows local attackers to potentially execute arbitrary code or cause denial ...

This vulnerability is a heap buffer overflow in Google Chrome's Visuals component that allows a remote attacker who has already compromised the render...

This vulnerability allows a remote attacker to perform out-of-bounds memory access in Chrome's DOM Bindings by tricking a user into visiting a malicio...

This is a use-after-free vulnerability in Google Chrome's Networking APIs that allows heap corruption. Attackers can exploit it by tricking users into...

This vulnerability is a use-after-free memory corruption flaw in Chrome's Vulkan graphics implementation. It allows remote attackers to potentially ex...

A heap buffer overflow vulnerability in Google Chrome's browser history feature allows remote attackers to potentially exploit heap corruption. Attack...

This vulnerability allows attackers to cause a denial-of-service (DoS) in FRRouting's BGP daemon by sending specially crafted BGP open packets. The re...

CVE-2023-1077 is a type confusion vulnerability in the Linux kernel's real-time scheduler that can lead to memory corruption. This allows local attack...

This CVE describes an out-of-bounds read vulnerability in the Broadcom brcmfmac WiFi driver in the Linux kernel. When processing association request d...