Debian Linux vulnerabilities

CVE-2023-2461 [HIGH] CWE-416 CVE-2023-2461: Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote att Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)

CVE-2023-2460 [HIGH] CVE-2023-2460: Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 all Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)

CVE-2022-40302 [MEDIUM] CWE-125 CVE-2022-40302: An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 by

CVE-2023-2464 [MEDIUM] CVE-2023-2464: Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-2463 [MEDIUM] CVE-2023-2463: Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-2467 [MEDIUM] CVE-2023-2467: Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)

CVE-2023-2462 [MEDIUM] CVE-2023-2462: Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote att Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-2466 [MEDIUM] CVE-2023-2466: Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote att Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)

CVE-2022-40318 [MEDIUM] CVE-2022-40318: An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (ins

CVE-2022-43681 [MEDIUM] CWE-125 CVE-2022-43681: An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malforme An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon res

CVE-2023-2459 [MEDIUM] CVE-2023-2459: Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote att Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-2465 [MEDIUM] CVE-2023-2465: Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attack Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-2468 [MEDIUM] CVE-2023-2468: Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a r Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)

CVE-2023-0458 [MEDIUM] CWE-476 CVE-2023-0458: A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. T A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11

CVE-2023-0045 [HIGH] CWE-610 CVE-2023-0045: The current implementation of the prctl syscall does not issue an IBPB immediately during the syscal The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the

CVE-2023-2269 [MEDIUM] CWE-413 CVE-2023-2269: A denial of service problem was found, due to a possible recursive locking scenario, resulting in a A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.

CVE-2023-2007 [HIGH] CWE-367 CVE-2023-2007: The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of pr The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.

CVE-2023-29469 [MEDIUM] CWE-415 CVE-2023-29469: An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML d An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value

CVE-2023-28484 [MEDIUM] CWE-476 CVE-2023-28484: In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer derefere In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.

CVE-2023-31084 [MEDIUM] CWE-833 CVE-2023-31084: An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_