High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-09	CVE-2023-0770	Out-of-bounds Write vulnerability in multiple products Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2. local low complexity gpac debian CWE-787	7.8
2023-02-09	CVE-2023-22795	A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. network low complexity rubyonrails debian	7.5
2023-02-01	CVE-2023-23969	Allocation of Resources Without Limits or Throttling vulnerability in multiple products In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. network low complexity djangoproject debian CWE-770	7.5
2023-01-27	CVE-2020-36658	Improper Certificate Validation vulnerability in multiple products In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. network high complexity lemonldap-ng debian CWE-295	8.1
2023-01-27	CVE-2020-36659	Improper Certificate Validation vulnerability in multiple products In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. network high complexity lemonldap-ng debian CWE-295	8.1
2023-01-26	CVE-2023-0412	Improper Resource Shutdown or Release vulnerability in multiple products TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file network low complexity wireshark debian CWE-404	7.1
2023-01-21	CVE-2023-24038	The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. network low complexity html-stripscripts-project debian	7.5
2023-01-20	CVE-2022-48279	Interpretation Conflict vulnerability in multiple products In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. network low complexity trustwave debian CWE-436	7.5
2023-01-20	CVE-2023-24021	Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. network low complexity trustwave debian	7.5
2023-01-18	CVE-2023-22809	Improper Privilege Management vulnerability in multiple products In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. local low complexity sudo-project debian fedoraproject apple CWE-269	7.8