|
91
|
8.8
-
|
HIGH
Network
|
A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
|
CWE-416
Use After Free
|
CVE-2023-6859
|
cpe:2.3:o:debian:debian_linux:12.0:* cpe:2.3:o:debian:debian_linux:11.0:* cpe:2.3:o:debian:debian_linux:10.0:*
|
|
|
|
|
2024-11-21 17:44
2023-12-19
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
92
|
8.8
-
|
HIGH
Network
|
Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
|
CWE-787
Out-of-bounds Write
|
CVE-2023-6858
|
cpe:2.3:o:debian:debian_linux:12.0:* cpe:2.3:o:debian:debian_linux:11.0:* cpe:2.3:o:debian:debian_linux:10.0:*
|
|
|
|
|
2024-11-21 17:44
2023-12-19
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
93
|
5.3
-
|
MEDIUM
Network
|
When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary.
*This bug only affects Firefox on Unix-based operating systems (Android, Linu…
|
CWE-362
Race Condition
|
CVE-2023-6857
|
cpe:2.3:o:debian:debian_linux:12.0:* cpe:2.3:o:debian:debian_linux:11.0:* cpe:2.3:o:debian:debian_linux:10.0:*
|
|
|
|
|
2024-11-21 17:44
2023-12-19
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
94
|
8.8
-
|
HIGH
Network
|
The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution a…
|
CWE-787
Out-of-bounds Write
|
CVE-2023-6856
|
cpe:2.3:o:debian:debian_linux:12.0:* cpe:2.3:o:debian:debian_linux:11.0:* cpe:2.3:o:debian:debian_linux:10.0:*
|
|
|
|
|
2024-11-21 17:44
2023-12-19
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
95
|
4.3
-
|
MEDIUM
Network
|
When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the…
|
NVD-CWE-noinfo
|
CVE-2023-50762
|
cpe:2.3:o:debian:debian_linux:12.0:* cpe:2.3:o:debian:debian_linux:11.0:*
|
|
|
|
|
2024-11-21 17:37
2023-12-19
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
96
|
4.3
-
|
MEDIUM
Network
|
The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the mess…
|
NVD-CWE-noinfo
|
CVE-2023-50761
|
cpe:2.3:o:debian:debian_linux:12.0:* cpe:2.3:o:debian:debian_linux:11.0:*
|
|
|
|
|
2024-11-21 17:37
2023-12-19
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
97
|
6.5
-
|
MEDIUM
Network
|
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For examp…
|
CWE-78
OS Command
|
CVE-2023-51385
|
cpe:2.3:o:debian:debian_linux:12.0:* cpe:2.3:o:debian:debian_linux:11.0:* cpe:2.3:o:debian:debian_linux:10.0:*
|
|
|
|
|
2024-11-21 17:37
2023-12-19
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
98
|
5.5
-
|
MEDIUM
Local
|
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these const…
|
NVD-CWE-noinfo
|
CVE-2023-51384
|
cpe:2.3:o:debian:debian_linux:12.0:* cpe:2.3:o:debian:debian_linux:11.0:*
|
|
|
|
|
2024-11-21 17:37
2023-12-19
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
99
|
5.9
-
|
MEDIUM
Network
|
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from…
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2023-48795
|
cpe:2.3:o:debian:debian_linux:10.0:*
|
|
|
|
|
2024-11-21 17:32
2023-12-19
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
100
|
6.3
-
|
MEDIUM
Network
|
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used…
|
CWE-22
Path Traversal
|
CVE-2023-5115
|
cpe:2.3:o:debian:debian_linux:10.0:*
|
|
|
|
|
2024-11-21 17:41
2023-12-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|