Debian Linux vulnerabilities

CVE-2023-1993 [MEDIUM] CWE-834 CVE-2023-1993: LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service v LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

CVE-2023-1989 [HIGH] CWE-416 CVE-2023-1989: A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.

CVE-2023-1668 [HIGH] CWE-670 CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will instal A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possi

CVE-2020-11935 [MEDIUM] CWE-911 CVE-2020-11935: It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() met It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack.

CVE-2023-29415 [MEDIUM] CVE-2023-29415: An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.

CVE-2023-1855 [MEDIUM] CWE-416 CVE-2023-1855: A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.

CVE-2023-1820 [HIGH] CWE-787 CVE-2023-1820: Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote att Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-1812 [HIGH] CWE-787 CVE-2023-1812: Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-1810 [HIGH] CWE-787 CVE-2023-1810: Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker wh Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-1811 [HIGH] CWE-416 CVE-2023-1811: Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convi Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-1815 [HIGH] CWE-416 CVE-2023-1815: Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-1818 [HIGH] CWE-416 CVE-2023-1818: Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potent Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-1814 [MEDIUM] CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-1813 [MEDIUM] CVE-2023-1813: Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attack Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-1816 [MEDIUM] CVE-2023-1816: Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-1822 [MEDIUM] CVE-2023-1822: Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacke Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

CVE-2023-1819 [MEDIUM] CWE-125 CVE-2023-1819: Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacke Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-1823 [MEDIUM] CVE-2023-1823: Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attac Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

CVE-2023-1821 [MEDIUM] CVE-2023-1821: Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote at Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

CVE-2023-1817 [MEDIUM] CVE-2023-1817: Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowe Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)