Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-25	CVE-2023-41983	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The issue was addressed with improved memory handling. network low complexity apple fedoraproject debian CWE-119	6.5
2023-10-25	CVE-2023-46316	In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. local low complexity buc debian	5.5
2023-10-25	CVE-2023-5721	Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. network low complexity mozilla debian CWE-1021	4.3
2023-10-25	CVE-2023-5725	A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. network low complexity mozilla debian	4.3
2023-10-25	CVE-2023-5732	An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. network low complexity mozilla debian	6.5
2023-10-23	CVE-2023-45802	Improper Resource Shutdown or Release vulnerability in multiple products When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. network high complexity apache fedoraproject debian CWE-404	5.9
2023-10-18	CVE-2023-5631	Cross-site Scripting vulnerability in multiple products Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. network low complexity roundcube debian fedoraproject CWE-79	5.4
2023-10-11	CVE-2023-5473	Use After Free vulnerability in multiple products Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian CWE-416	6.3
2023-10-11	CVE-2023-5475	Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. network low complexity google fedoraproject debian	6.5
2023-10-11	CVE-2023-5477	Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. network low complexity google debian	4.3