U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 294 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2023-7024

Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: December 21, 2023; 6:15:11 PM -0500
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-6873

Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121.

Published: December 19, 2023; 9:15:08 AM -0500
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-6867

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.

Published: December 19, 2023; 9:15:07 AM -0500
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-6865

`EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.

Published: December 19, 2023; 9:15:07 AM -0500
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-6864

Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Published: December 19, 2023; 9:15:07 AM -0500
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-6863

The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Published: December 19, 2023; 9:15:07 AM -0500
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-6862

A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.

Published: December 19, 2023; 9:15:07 AM -0500
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-6861

The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Published: December 19, 2023; 9:15:07 AM -0500
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-6860

The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Published: December 19, 2023; 9:15:07 AM -0500
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-6859

A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Published: December 19, 2023; 9:15:07 AM -0500
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-6858

Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Published: December 19, 2023; 9:15:07 AM -0500
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-6857

When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Published: December 19, 2023; 9:15:07 AM -0500
V4.0:(not available)
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-6856

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Published: December 19, 2023; 9:15:07 AM -0500
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-50762

When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6.

Published: December 19, 2023; 9:15:07 AM -0500
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-50761

The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird < 115.6.

Published: December 19, 2023; 9:15:07 AM -0500
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-51385

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.

Published: December 18, 2023; 2:15:08 PM -0500
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-51384

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.

Published: December 18, 2023; 2:15:08 PM -0500
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-6478

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.

Published: December 13, 2023; 2:15:31 AM -0500
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-6377

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.

Published: December 13, 2023; 2:15:30 AM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-42883

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.

Published: December 11, 2023; 8:15:11 PM -0500
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)