Debian Linux vulnerabilities

CVE-2023-3618 [MEDIUM] CWE-120 CVE-2023-3618: A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.

CVE-2023-36823 [MEDIUM] CWE-79 CVE-2023-36823: Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker ma Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed" config or when using a custom config that allows `style` elements and one or mor

CVE-2023-37208 [HIGH] CWE-434 CVE-2023-37208: When opening Diagcab files, Firefox did not warn the user that these files may contain malicious cod When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

CVE-2023-31248 [HIGH] CWE-416 CVE-2023-31248: Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byi Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace

CVE-2023-37202 [HIGH] CWE-416 CVE-2023-37202: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartmen Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

CVE-2023-37211 [HIGH] CWE-787 CVE-2023-37211: Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

CVE-2023-37201 [HIGH] CWE-416 CVE-2023-37201: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over H An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

CVE-2023-35001 [HIGH] CWE-787 CVE-2023-35001: Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm regist Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace

CVE-2023-37207 [MEDIUM] CWE-470 CVE-2023-37207: A website could have obscured the fullscreen notification by using a URL with a scheme handled by an A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

CVE-2023-35936 [MEDIUM] CWE-20 CVE-2023-35936: Pandoc is a Haskell library for converting from one markup format to another, and a command-line too Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files usin

CVE-2023-36053 [HIGH] CWE-1333 CVE-2023-36053: In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

CVE-2023-3338 [MEDIUM] CWE-476 CVE-2023-3338: A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This iss A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.

CVE-2023-3389 [HIGH] CWE-416 CVE-2023-3389: A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve lo A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and

CVE-2023-3090 [HIGH] CWE-787 CVE-2023-3090: A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645

CVE-2023-3421 [HIGH] CWE-416 CVE-2023-3421: Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potent Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-3420 [HIGH] CWE-843 CVE-2023-3420: Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potential Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-3422 [HIGH] CWE-416 CVE-2023-3422: Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convin Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-36661 [HIGH] CWE-918 CVE-2023-36661: Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)

CVE-2023-36664 [HIGH] CWE-552 CVE-2023-36664: Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pip Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

CVE-2023-3212 [MEDIUM] CWE-476 CVE-2023-3212: A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.