Debian Linux vulnerabilities

CVE-2023-43804 [HIGH] CWE-200 CVE-2023-43804: urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP h urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if tha

CVE-2023-4911 [HIGH] CWE-122 CVE-2023-4911: A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GL A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

CVE-2023-44488 [HIGH] CWE-755 CVE-2023-44488: VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.

CVE-2023-43655 [HIGH] CWE-74 CVE-2023-43655: Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessibl Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Versions 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Users are advised

CVE-2023-5186 [HIGH] CWE-416 CVE-2023-5186: Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who c Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High)

CVE-2023-5187 [HIGH] CWE-416 CVE-2023-5187: Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convin Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-5217 [HIGH] CWE-787 CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1 Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-42756 [MEDIUM] CWE-362 CVE-2023-42756: A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.

CVE-2023-5176 [CRITICAL] CWE-787 CVE-2023-5176: Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these b Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

CVE-2023-41074 [HIGH] CVE-2023-41074: The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.

CVE-2023-5169 [MEDIUM] CWE-787 CVE-2023-5169: A compromised content process could have provided malicious data in a `PathRecording` resulting in a A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

CVE-2023-5171 [MEDIUM] CWE-416 CVE-2023-5171: During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allo During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

CVE-2023-5197 [MEDIUM] CWE-416 CVE-2023-5197: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free. We recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325.

CVE-2023-3550 [CRITICAL] CWE-79 CVE-2023-3550: Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance admini Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator.

CVE-2023-42753 [HIGH] CWE-787 CVE-2023-42753: An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate thei

CVE-2023-34319 [HIGH] CWE-787 CVE-2023-34319: The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packe The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split into as many pieces as permitted by the protocol, yet still being smaller

CVE-2023-43770 [MEDIUM] CWE-79 CVE-2023-43770: Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.

CVE-2023-4504 [HIGH] CWE-122 CVE-2023-4504: Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUP Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.

CVE-2023-41993 [HIGH] CWE-754 CVE-2023-41993: The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2019-19450 [CRITICAL] CVE-2019-19450: paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in parapars paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.