High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-07-03	CVE-2023-36053	In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. network low complexity djangoproject debian fedoraproject	7.5
2023-06-28	CVE-2023-3090	Out-of-bounds Write vulnerability in multiple products A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. local low complexity linux debian CWE-787	7.8
2023-06-28	CVE-2023-3389	Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable). local low complexity linux canonical debian CWE-416	7.8
2023-06-26	CVE-2023-3420	Type Confusion vulnerability in multiple products Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian CWE-843	8.8
2023-06-26	CVE-2023-3421	Use After Free vulnerability in multiple products Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian CWE-416	8.8
2023-06-26	CVE-2023-3422	Use After Free vulnerability in multiple products Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian CWE-416	8.8
2023-06-25	CVE-2023-36661	Server-Side Request Forgery (SSRF) vulnerability in multiple products Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. network low complexity shibboleth debian CWE-918	7.5
2023-06-25	CVE-2023-36664	Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the \| pipe character prefix). local low complexity artifex debian fedoraproject	7.8
2023-06-22	CVE-2023-34241	Use After Free vulnerability in multiple products OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. local low complexity openprinting fedoraproject debian apple CWE-416	7.1
2023-06-21	CVE-2023-2828	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. network low complexity isc debian fedoraproject netapp CWE-770	7.5