Debian Linux vulnerabilities

CVE-2023-4194 [MEDIUM] CVE-2023-4194: A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket u

CVE-2023-36054 [MEDIUM] CWE-824 CVE-2023-36054: lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees a lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

CVE-2023-4073 [HIGH] CWE-119 CVE-2023-4073: Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remot Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-4132 [MEDIUM] CWE-416 CVE-2023-4132: A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occ A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.

CVE-2023-3180 [MEDIUM] CWE-122 CVE-2023-3180: A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption request A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.

CVE-2023-4056 [CRITICAL] CWE-787 CVE-2023-4056: Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and

CVE-2023-4047 [HIGH] CWE-352 CVE-2023-4047: A bug in popup notifications delay calculation could have made it possible for an attacker to trick A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

CVE-2023-4055 [HIGH] CWE-120 CVE-2023-4055: When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

CVE-2023-4050 [HIGH] CWE-787 CVE-2023-4050: In some cases, an untrusted input stream was copied to a stack buffer without checking its size. Thi In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

CVE-2023-4048 [HIGH] CWE-125 CVE-2023-4048: An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

CVE-2023-4049 [MEDIUM] CWE-362 CVE-2023-4049: Race conditions in reference counting code were found through code inspection. These could have resu Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

CVE-2023-38559 [MEDIUM] CWE-125 CVE-2023-38559: A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. Thi A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.

CVE-2023-4046 [MEDIUM] CWE-770 CVE-2023-4046: In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

CVE-2023-4045 [MEDIUM] CWE-346 CVE-2023-4045: Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

CVE-2023-4004 [HIGH] CWE-416 CVE-2023-4004: A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_p A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.

CVE-2022-4907 [HIGH] CVE-2022-4907: Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to exe Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-3773 [MEDIUM] CWE-125 CVE-2023-3773: A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.

CVE-2023-38745 [MEDIUM] CVE-2023-38745: Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of the process running Pandoc. It only affects systems that pass

CVE-2023-3772 [MEDIUM] CWE-476 CVE-2023-3772: A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.

CVE-2023-3417 [HIGH] CVE-2023-3417: Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1 and Thunderbird < 102.13.1.