High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-31	CVE-2024-1086	Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. local low complexity linux fedoraproject redhat debian netapp CWE-416	7.8
2024-01-29	CVE-2023-46838	NULL Pointer Dereference vulnerability in multiple products Transmit requests in Xen's virtual network protocol can consist of multiple parts. network low complexity linux fedoraproject debian CWE-476	7.5
2024-01-23	CVE-2024-0750	A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. network low complexity mozilla debian	8.8
2024-01-23	CVE-2024-0751	Improper Privilege Management vulnerability in multiple products A malicious devtools extension could have been used to escalate privileges. network low complexity mozilla debian CWE-269	8.8
2024-01-23	CVE-2024-0755	Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. network low complexity mozilla debian	8.8
2024-01-19	CVE-2023-50447	Code Injection vulnerability in multiple products Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). network high complexity python debian CWE-94	8.1
2024-01-16	CVE-2024-20918	Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). network high complexity oracle debian netapp	7.4
2024-01-16	CVE-2024-20952	Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). network high complexity oracle netapp debian	7.4
2024-01-16	CVE-2024-0567	Improper Verification of Cryptographic Signature vulnerability in multiple products A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. network low complexity gnu fedoraproject netapp debian CWE-347	7.5
2024-01-12	CVE-2023-6040	Out-of-bounds Read vulnerability in multiple products An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access. local low complexity linux debian CWE-125	7.8