Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-04	CVE-2023-1822	Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. network low complexity google fedoraproject debian	6.5
2023-04-04	CVE-2023-1823	Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. network low complexity google fedoraproject debian	6.5
2023-03-31	CVE-2023-28755	A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. network low complexity ruby-lang debian fedoraproject	5.3
2023-03-31	CVE-2023-28756	A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. network low complexity ruby-lang debian fedoraproject	5.3
2023-03-30	CVE-2023-27535	Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. network high complexity haxx fedoraproject debian netapp splunk CWE-287	5.9
2023-03-30	CVE-2023-27536	Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. network high complexity haxx fedoraproject debian netapp splunk CWE-287	5.9
2023-03-30	CVE-2023-27538	Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. local low complexity haxx fedoraproject debian netapp broadcom splunk CWE-287	5.5
2023-03-21	CVE-2022-42334	Allocation of Resources Without Limits or Throttling vulnerability in multiple products x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. local low complexity xen debian fedoraproject CWE-770	6.5
2023-03-06	CVE-2023-0330	Out-of-bounds Write vulnerability in multiple products A vulnerability in the lsi53c895a device affects the latest version of qemu. local low complexity qemu debian CWE-787	6.0
2023-03-01	CVE-2023-24751	NULL Pointer Dereference vulnerability in multiple products libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. network low complexity struktur debian CWE-476	6.5