Debian Linux vulnerabilities

CVE-2023-39356 [CRITICAL] CWE-125 CVE-2023-39356: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache lic FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping thro

CVE-2023-40181 [CRITICAL] CWE-125 CVE-2023-40181: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache lic FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a cra

CVE-2023-40567 [CRITICAL] CWE-787 CVE-2023-40567: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache lic FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in vers

CVE-2023-39352 [CRITICAL] CWE-787 CVE-2023-39352: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache lic FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and `surface->height`. eg. `rect->left` == `s

CVE-2023-39355 [CRITICAL] CWE-416 CVE-2023-39355: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache lic FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing `RDPGFX_CMDID_RESETGRAPHICS` packets. If `context->maxPlaneSize` is 0, `context->planesBuffer` will be freed. However, without updating `c

CVE-2023-39351 [HIGH] CWE-476 CVE-2023-39351: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache lic FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numT

CVE-2023-40589 [HIGH] CWE-120 CVE-2023-40589: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache lic FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.

CVE-2023-20900 [HIGH] CWE-294 CVE-2023-20900: A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMwar A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.c

CVE-2023-39354 [HIGH] CWE-125 CVE-2023-39354: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache lic FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be

CVE-2023-39350 [HIGH] CWE-191 CVE-2023-39350: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache lic FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occ

CVE-2023-41361 [CRITICAL] CWE-120 CVE-2023-41361: An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large len An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.

CVE-2023-41360 [CRITICAL] CWE-125 CVE-2023-41360: An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.

CVE-2023-4572 [HIGH] CWE-416 CVE-2023-4572: Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-41358 [HIGH] CWE-476 CVE-2023-41358: An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attri An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.

CVE-2023-38802 [HIGH] CWE-354 CVE-2023-38802: FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).

CVE-2020-24165 [HIGH] CVE-2020-24165: An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrar An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties.

CVE-2023-4569 [MEDIUM] CWE-402 CVE-2023-4569: A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause double-deactivations of catchall elements, which can result in a memory leak.

CVE-2023-40577 [MEDIUM] CWE-79 CVE-2023-40577: Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker w Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51.

CVE-2023-41080 [MEDIUM] CWE-601 CVE-2023-41080: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apa URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, EOL versions may also be affected. The vulnerability is limited to the

CVE-2023-4428 [HIGH] CWE-125 CVE-2023-4428: Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacke Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)