Debian Linux vulnerabilities

CVE-2023-4874 [MEDIUM] CWE-475 CVE-2023-4874: Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12

CVE-2023-3777 [HIGH] CWE-416 CVE-2023-3777: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6

CVE-2023-4622 [HIGH] CWE-416 CVE-2023-4622: A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve l A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released b

CVE-2023-4207 [HIGH] CWE-416 CVE-2023-4207: A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter()

CVE-2023-4623 [HIGH] CWE-416 CVE-2023-4623: A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remov

CVE-2023-4015 [HIGH] CWE-416 CVE-2023-4015: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nft_immediate_deactivate() can lead unbinding the chain and objects be deactivated but later used. We recommend upgrading past commi

CVE-2023-4244 [HIGH] CWE-416 CVE-2023-4244: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability. We reco

CVE-2023-4206 [HIGH] CWE-416 CVE-2023-4206: A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_f

CVE-2023-4208 [HIGH] CWE-416 CVE-2023-4208: A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited t A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter

CVE-2023-4781 [HIGH] CWE-122 CVE-2023-4781: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.

CVE-2023-4762 [HIGH] CWE-843 CVE-2023-4762: Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute a Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVE-2023-41909 [HIGH] CWE-476 CVE-2023-41909: An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.

CVE-2023-4761 [HIGH] CWE-125 CVE-2023-4761: Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attac Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

CVE-2023-4763 [HIGH] CWE-416 CVE-2023-4763: Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to pot Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-4764 [MEDIUM] CVE-2023-4764: Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

CVE-2023-4752 [HIGH] CWE-416 CVE-2023-4752: Use After Free in GitHub repository vim/vim prior to 9.0.1858. Use After Free in GitHub repository vim/vim prior to 9.0.1858.

CVE-2023-40569 [CRITICAL] CWE-787 CVE-2023-40569: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache lic FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.

CVE-2023-40186 [CRITICAL] CWE-190 CVE-2023-40186: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache lic FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done

CVE-2023-40188 [CRITICAL] CWE-125 CVE-2023-40188: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache lic FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficie

CVE-2023-39353 [CRITICAL] CWE-125 CVE-2023-39353: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache lic FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result crafted