Filtered by vendor Debian
Subscribe
Total
10205 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51781 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-06-17 | N/A | 7.0 HIGH |
| An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition. | |||||
| CVE-2023-51780 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-06-17 | N/A | 7.0 HIGH |
| An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition. | |||||
| CVE-2023-51766 | 3 Debian, Exim, Fedoraproject | 4 Debian Linux, Exim, Extra Packages For Enterprise Linux and 1 more | 2026-06-17 | N/A | 5.3 MEDIUM |
| Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not. | |||||
| CVE-2023-51714 | 2 Debian, Qt | 2 Debian Linux, Qt | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. | |||||
| CVE-2023-51385 | 2 Debian, Openbsd | 2 Debian Linux, Openssh | 2026-06-17 | N/A | 6.5 MEDIUM |
| In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name. | |||||
| CVE-2023-51384 | 2 Debian, Openbsd | 2 Debian Linux, Openssh | 2026-06-17 | N/A | 5.5 MEDIUM |
| In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys. | |||||
| CVE-2023-50868 | 6 Debian, Fedoraproject, Isc and 3 more | 14 Debian Linux, Fedora, Bind and 11 more | 2026-06-17 | N/A | 7.5 HIGH |
| The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations. | |||||
| CVE-2023-50762 | 2 Debian, Mozilla | 2 Debian Linux, Thunderbird | 2026-06-17 | N/A | 4.3 MEDIUM |
| When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6. | |||||
| CVE-2023-50761 | 2 Debian, Mozilla | 2 Debian Linux, Thunderbird | 2026-06-17 | N/A | 4.3 MEDIUM |
| The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird < 115.6. | |||||
| CVE-2023-50447 | 2 Debian, Python | 2 Debian Linux, Pillow | 2026-06-17 | N/A | 8.1 HIGH |
| Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). | |||||
| CVE-2023-4921 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-06-17 | N/A | 7.8 HIGH |
| A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8. | |||||
| CVE-2023-4911 | 7 Canonical, Debian, Fedoraproject and 4 more | 49 Ubuntu Linux, Debian Linux, Fedora and 46 more | 2026-06-17 | N/A | 7.8 HIGH |
| A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. | |||||
| CVE-2023-4909 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2026-06-17 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-4908 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2026-06-17 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-4907 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2026-06-17 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-4906 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2026-06-17 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-4905 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2026-06-17 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-4904 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2026-06-17 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium) | |||||
| CVE-2023-4903 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2026-06-17 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-4902 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2026-06-17 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | |||||