Debian Linux vulnerabilities

9,911 known vulnerabilities affecting debian/debian_linux.

Total CVEs

9,911

CISA KEV

119

actively exploited

Public exploits

429

Exploited in wild

132

Severity breakdown

CRITICAL1128HIGH4110MEDIUM4311LOW362

Vulnerabilities

Page 79 of 496

CVE-2023-1998MEDIUMCVSS 5.6PoCv10.02023-04-21

CVE-2023-1998 [MEDIUM] CWE-1303 CVE-2023-1998: The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECU The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-B

nvd

CVE-2023-2136CRITICALCVSS 9.6KEVv11.02023-04-19

CVE-2023-2136 [CRITICAL] CWE-190 CVE-2023-2136: Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-2134HIGHCVSS 8.8v11.02023-04-19

CVE-2023-2134 [HIGH] CWE-787 CVE-2023-2134: Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-2137HIGHCVSS 8.8v11.02023-04-19

CVE-2023-2137 [HIGH] CWE-787 CVE-2023-2137: Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2023-2135HIGHCVSS 7.5v11.02023-04-19

CVE-2023-2135 [HIGH] CWE-416 CVE-2023-2135: Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who co Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-2133HIGHCVSS 8.8v11.02023-04-19

CVE-2023-2133 [HIGH] CWE-787 CVE-2023-2133: Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-30608HIGHCVSS 7.5v10.02023-04-18

CVE-2023-30608 [HIGH] CWE-1333 CVE-2023-30608: sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser conta sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c

nvd

CVE-2023-21930HIGHCVSS 7.4v10.0v11.0+1 more2023-04-18

CVE-2023-21930 [HIGH] CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access

nvd

CVE-2023-21954MEDIUMCVSS 5.9v10.0v11.0+1 more2023-04-18

CVE-2023-21954 [MEDIUM] CVE-2023-21954: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network acces

nvd

CVE-2023-21939MEDIUMCVSS 5.3v10.0v11.0+1 more2023-04-18

CVE-2023-21939 [MEDIUM] CVE-2023-21939: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network acces

nvd

CVE-2023-28856MEDIUMCVSS 6.5v10.02023-04-18

CVE-2023-28856 [MEDIUM] CWE-20 CVE-2023-28856: Redis is an open source, in-memory database that persists on disk. Authenticated users can use the ` Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this i

nvd

CVE-2023-26049MEDIUMCVSS 5.3v10.0v11.0+1 more2023-04-18

CVE-2023-26049 [MEDIUM] CWE-200 CVE-2023-26049: Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow a Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string u

nvd

CVE-2023-21967MEDIUMCVSS 5.9v10.0v11.0+1 more2023-04-18

CVE-2023-21967 [MEDIUM] CVE-2023-21967: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network acce

nvd

CVE-2023-21938LOWCVSS 3.7v10.0v11.0+1 more2023-04-18

CVE-2023-21938 [LOW] CVE-2023-21938: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network ac

nvd

CVE-2023-21937LOWCVSS 3.7v10.0v11.0+1 more2023-04-18

CVE-2023-21937 [LOW] CVE-2023-21937: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network a

nvd

CVE-2023-21968LOWCVSS 3.7v10.0v11.0+1 more2023-04-18

CVE-2023-21968 [LOW] CVE-2023-21968: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network ac

nvd

CVE-2023-2033HIGHCVSS 8.8KEVv11.02023-04-14

CVE-2023-2033 [HIGH] CWE-843 CVE-2023-2033: Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potential Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-1992HIGHCVSS 7.5v10.0v12.02023-04-12

CVE-2023-1992 [HIGH] CWE-400 CVE-2023-1992: RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service vi RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

nvd

CVE-2023-1872HIGHCVSS 7.0v10.02023-04-12

CVE-2023-1872 [HIGH] CWE-416 CVE-2023-1872: A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation. The io_file_get_fixed function lacks the presence of ctx->uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered. We recommend upgrading past commit da24142b1ef9fd5d3

nvd

CVE-2023-1994MEDIUMCVSS 6.5v10.0v12.02023-04-12

CVE-2023-1994 [MEDIUM] CWE-400 CVE-2023-1994: GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via p GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

nvd

← Previous79 / 496Next →