High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-04	CVE-2023-1815	Use After Free vulnerability in multiple products Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian CWE-416	8.8
2023-04-04	CVE-2023-1818	Use After Free vulnerability in multiple products Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian CWE-416	8.8
2023-04-04	CVE-2023-1820	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian CWE-787	8.8
2023-04-03	CVE-2022-36440	Reachable Assertion vulnerability in multiple products A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. network low complexity frrouting fedoraproject debian CWE-617	7.5
2023-03-27	CVE-2023-1077	Type Confusion vulnerability in multiple products In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. local high complexity linux debian netapp CWE-843	7.0
2023-03-27	CVE-2023-1380	Out-of-bounds Read vulnerability in multiple products A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. local low complexity redhat linux netapp debian canonical CWE-125	7.1
2023-03-24	CVE-2023-28686	Authorization Bypass Through User-Controlled Key vulnerability in multiple products Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. network low complexity dino fedoraproject debian CWE-639	7.1
2023-03-21	CVE-2022-42332	Use After Free vulnerability in multiple products x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. local low complexity xen debian fedoraproject CWE-416	7.8
2023-03-21	CVE-2022-42333	Allocation of Resources Without Limits or Throttling vulnerability in multiple products x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. network low complexity xen debian fedoraproject CWE-770	8.6
2023-03-16	CVE-2023-28466	NULL Pointer Dereference vulnerability in multiple products do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). local high complexity linux netapp debian CWE-476	7.0