10.0

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-11	CVE-2023-44981	Authorization Bypass Through User-Controlled Key vulnerability in multiple products Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. network low complexity apache debian CWE-639 critical	9.1
2023-10-10	CVE-2023-45648	Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. network low complexity apache debian CWE-20	5.3
2023-10-10	CVE-2023-42795	Incomplete Cleanup vulnerability in multiple products Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. network low complexity apache debian CWE-459	5.3
2023-10-10	CVE-2023-36478	Resource Exhaustion vulnerability in multiple products Eclipse Jetty provides a web server and servlet container. network low complexity eclipse jenkins debian CWE-400	7.5
2023-10-10	CVE-2023-44487	Resource Exhaustion vulnerability in multiple products The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco CWE-400	7.5
2023-10-09	CVE-2023-43641	Out-of-bounds Write vulnerability in multiple products libcue provides an API for parsing and extracting data from CUE sheets. network low complexity lipnitsk fedoraproject debian CWE-787	8.8
2023-10-05	CVE-2023-42755	Out-of-bounds Read vulnerability in multiple products A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. local low complexity linux redhat debian CWE-125	5.5
2023-10-04	CVE-2023-43804	Information Exposure vulnerability in multiple products urllib3 is a user-friendly HTTP client library for Python. network low complexity python debian fedoraproject CWE-200	8.1
2023-09-30	CVE-2023-44488	Improper Handling of Exceptional Conditions vulnerability in multiple products VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. network low complexity webmproject redhat debian fedoraproject CWE-755	7.5
2023-09-28	CVE-2023-5217	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity webmproject microsoft mozilla fedoraproject debian apple CWE-787	8.8