Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-08-11 | CVE-2023-23908 | Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. | Debian_linux, Fedora, Microcode, Xeon_d\-1513n_firmware, Xeon_d\-1518_firmware, Xeon_d\-1520_firmware, Xeon_d\-1521_firmware, Xeon_d\-1523n_firmware, Xeon_d\-1527_firmware, Xeon_d\-1528_firmware, Xeon_d\-1529_firmware, Xeon_d\-1531_firmware, Xeon_d\-1533n_firmware, Xeon_d\-1537_firmware, Xeon_d\-1539_firmware, Xeon_d\-1540_firmware, Xeon_d\-1541_firmware, Xeon_d\-1543n_firmware, Xeon_d\-1548_firmware, Xeon_d\-1553n_firmware, Xeon_d\-1557_firmware, Xeon_d\-1559_firmware, Xeon_d\-1567_firmware, Xeon_d\-1571_firmware, Xeon_d\-1577_firmware, Xeon_d\-1602_firmware, Xeon_d\-1622_firmware, Xeon_d\-1623n_firmware, Xeon_d\-1627_firmware, Xeon_d\-1633n_firmware, Xeon_d\-1637_firmware, Xeon_d\-1649n_firmware, Xeon_d\-1653n_firmware, Xeon_d\-1702_firmware, Xeon_d\-1712tr_firmware, Xeon_d\-1713nt_firmware, Xeon_d\-1713nte_firmware, Xeon_d\-1714_firmware, Xeon_d\-1715ter_firmware, Xeon_d\-1718t_firmware, Xeon_d\-1722ne_firmware, Xeon_d\-1726_firmware, Xeon_d\-1732te_firmware, Xeon_d\-1733nt_firmware, Xeon_d\-1734nt_firmware, Xeon_d\-1735tr_firmware, Xeon_d\-1736_firmware, Xeon_d\-1736nt_firmware, Xeon_d\-1739_firmware, Xeon_d\-1746ter_firmware, Xeon_d\-1747nte_firmware, Xeon_d\-1748te_firmware, Xeon_d\-1749nt_firmware, Xeon_d\-2123it_firmware, Xeon_d\-2141i_firmware, Xeon_d\-2142it_firmware, Xeon_d\-2143it_firmware, Xeon_d\-2145nt_firmware, Xeon_d\-2146nt_firmware, Xeon_d\-2161i_firmware, Xeon_d\-2163it_firmware, Xeon_d\-2166nt_firmware, Xeon_d\-2173it_firmware, Xeon_d\-2177nt_firmware, Xeon_d\-2183it_firmware, Xeon_d\-2187nt_firmware, Xeon_d\-2712t_firmware, Xeon_d\-2733nt_firmware, Xeon_d\-2738_firmware, Xeon_d\-2745nx_firmware, Xeon_d\-2752nte_firmware, Xeon_d\-2752ter_firmware, Xeon_d\-2753nt_firmware, Xeon_d\-2757nx_firmware, Xeon_d\-2766nt_firmware, Xeon_d\-2775te_firmware, Xeon_d\-2776nt_firmware, Xeon_d\-2777nx_firmware, Xeon_d\-2779_firmware, Xeon_d\-2786nte_firmware, Xeon_d\-2795nt_firmware, Xeon_d\-2796nt_firmware, Xeon_d\-2796te_firmware, Xeon_d\-2798nt_firmware, Xeon_d\-2798nx_firmware, Xeon_d\-2799_firmware, Xeon_gold_5315y_firmware, Xeon_gold_5317_firmware, Xeon_gold_5318h_firmware, Xeon_gold_5318n_firmware, Xeon_gold_5318s_firmware, Xeon_gold_5318y_firmware, Xeon_gold_5320_firmware, Xeon_gold_5320h_firmware, Xeon_gold_5320t_firmware, Xeon_gold_6312u_firmware, Xeon_gold_6314u_firmware, Xeon_gold_6326_firmware, Xeon_gold_6328h_firmware, Xeon_gold_6328hl_firmware, Xeon_gold_6330_firmware, Xeon_gold_6330h_firmware, Xeon_gold_6330n_firmware, Xeon_gold_6334_firmware, Xeon_gold_6336y_firmware, Xeon_gold_6338_firmware, Xeon_gold_6338n_firmware, Xeon_gold_6338t_firmware, Xeon_gold_6342_firmware, Xeon_gold_6346_firmware, Xeon_gold_6348_firmware, Xeon_gold_6348h_firmware, Xeon_gold_6354_firmware, Xeon_platinum_8351n_firmware, Xeon_platinum_8352m_firmware, Xeon_platinum_8352s_firmware, Xeon_platinum_8352v_firmware, Xeon_platinum_8352y_firmware, Xeon_platinum_8353h_firmware, Xeon_platinum_8354h_firmware, Xeon_platinum_8356h_firmware, Xeon_platinum_8358_firmware, Xeon_platinum_8358p_firmware, Xeon_platinum_8360h_firmware, Xeon_platinum_8360hl_firmware, Xeon_platinum_8360y_firmware, Xeon_platinum_8362_firmware, Xeon_platinum_8368_firmware, Xeon_platinum_8368q_firmware, Xeon_platinum_8376h_firmware, Xeon_platinum_8376hl_firmware, Xeon_platinum_8380_firmware, Xeon_platinum_8380h_firmware, Xeon_platinum_8380hl_firmware, Xeon_silver_4309y_firmware, Xeon_silver_4310_firmware, Xeon_silver_4310t_firmware, Xeon_silver_4314_firmware, Xeon_silver_4316_firmware | 4.4 | ||
2023-08-22 | CVE-2022-48565 | An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. | Debian_linux, Python | 9.8 | ||
2023-08-28 | CVE-2023-4569 | A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause double-deactivations of catchall elements, which can result in a memory leak. | Debian_linux, Linux_kernel, Enterprise_linux | 5.5 | ||
2023-10-10 | CVE-2023-42795 | Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94... | Tomcat, Debian_linux | 5.3 | ||
2023-10-10 | CVE-2023-45648 | Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards,... | Tomcat, Debian_linux | 5.3 | ||
2023-08-25 | CVE-2023-41080 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. | Tomcat, Debian_linux | 6.1 | ||
2023-10-25 | CVE-2023-5725 | A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | Debian_linux, Firefox, Firefox_esr, Thunderbird | 4.3 | ||
2023-10-25 | CVE-2023-5721 | It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | Debian_linux, Firefox, Firefox_esr, Thunderbird | 4.3 | ||
2023-10-25 | CVE-2023-5730 | Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | Debian_linux, Firefox, Firefox_esr, Thunderbird | 9.8 | ||
2023-10-25 | CVE-2023-5732 | An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | Debian_linux, Firefox, Firefox_esr, Thunderbird | 6.5 |