Debian Linux vulnerabilities

CVE-2024-26581 [HIGH] CVE-2024-26581: In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not yet active.

CVE-2024-1553 [HIGH] CWE-119 CVE-2024-1553: Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these b Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

CVE-2024-1550 [MEDIUM] CWE-1021 CVE-2024-1550: A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 1

CVE-2024-1548 [MEDIUM] CVE-2024-1548: A website could have obscured the fullscreen notification by using a dropdown select input element. A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

CVE-2024-1547 [MEDIUM] CWE-290 CVE-2024-1547: Through a series of API calls and redirects, an attacker-controlled alert dialog could have been dis Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

CVE-2024-1549 [MEDIUM] CVE-2024-1549: If a website set a large custom cursor, portions of the cursor could have overlapped with the permis If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

CVE-2024-1551 [MEDIUM] CWE-565 CVE-2024-1551: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attack Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, an

CVE-2023-50868 [HIGH] CWE-400 CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iter

CVE-2023-48733 [MEDIUM] CWE-1188 CVE-2023-48733: An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.

CVE-2024-24814 [HIGH] CWE-400 CVE-2024-24814: mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable to a denial of service (DoS) attack. An internal securit

CVE-2024-25714 [CRITICAL] CWE-203 CVE-2024-25714: In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)

CVE-2024-1151 [MEDIUM] CWE-121 CVE-2024-1151: A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.

CVE-2024-25189 [CRITICAL] CWE-203 CVE-2024-25189: libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easi libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.

CVE-2023-6536 [HIGH] CWE-476 CVE-2023-6536: A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated maliciou A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

CVE-2023-6356 [HIGH] CWE-476 CVE-2023-6356: A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated maliciou A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.

CVE-2024-24858 [MEDIUM] CWE-362 CVE-2024-24858: A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set( A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.

CVE-2024-24857 [MEDIUM] CWE-362 CVE-2024-24857: A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_ A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.

CVE-2024-1086 [HIGH] CWE-416 CVE-2024-1086: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error whi

CVE-2023-46838 [HIGH] CWE-476 CVE-2023-46838: Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted re

CVE-2024-0808 [CRITICAL] CWE-191 CVE-2024-0808: Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to pote Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)