Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-10-11 | CVE-2023-5483 | Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | Debian_linux, Chrome | 6.5 | ||
| 2023-10-11 | CVE-2023-5484 | Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | Debian_linux, Fedora, Chrome | 6.5 | ||
| 2023-10-11 | CVE-2023-5485 | Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | Debian_linux, Chrome | 4.3 | ||
| 2023-10-11 | CVE-2023-5486 | Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) | Debian_linux, Chrome | 4.3 | ||
| 2023-10-12 | CVE-2023-45133 | Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns`... | Babel, Babel\-Helper\-Define\-Polyfill\-Provider, Babel\-Plugin\-Polyfill\-Corejs2, Babel\-Plugin\-Polyfill\-Corejs3, Babel\-Plugin\-Polyfill\-Es\-Shims, Babel\-Plugin\-Polyfill\-Regenerator, Babel\-Plugin\-Transform\-Runtime, Babel\-Preset\-Env, Debian_linux | 8.8 | ||
| 2023-10-15 | CVE-2023-45871 | An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. | Debian_linux, Linux_kernel | 7.5 | ||
| 2023-10-18 | CVE-2023-5631 | Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code. | Debian_linux, Fedora, Webmail | 5.4 | ||
| 2023-10-18 | CVE-2023-45145 | Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to... | Debian_linux, Fedora, Redis | 3.6 | ||
| 2023-10-23 | CVE-2023-45802 | When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing... | Http_server, Debian_linux, Fedora | 5.9 | ||
| 2023-10-25 | CVE-2023-46316 | In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. | Traceroute, Debian_linux | 5.5 |