High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-28	CVE-2023-5217	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity webmproject microsoft mozilla fedoraproject debian apple CWE-787	8.8
2023-09-27	CVE-2023-41074	The issue was addressed with improved checks. network low complexity apple debian fedoraproject	8.8
2023-09-25	CVE-2023-42753	Out-of-bounds Write vulnerability in multiple products An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. local low complexity linux redhat debian CWE-787	7.8
2023-09-25	CVE-2023-3550	Cross-site Scripting vulnerability in multiple products Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator. network low complexity mediawiki debian CWE-79	7.3
2023-09-22	CVE-2023-34319	Out-of-bounds Write vulnerability in multiple products The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. local low complexity xen debian CWE-787	7.8
2023-09-21	CVE-2023-4504	Out-of-bounds Write vulnerability in multiple products Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. local high complexity openprinting fedoraproject debian CWE-787	7.0
2023-09-20	CVE-2023-3341	Out-of-bounds Write vulnerability in multiple products The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. network low complexity isc fedoraproject debian CWE-787	7.5
2023-09-20	CVE-2023-4236	Reachable Assertion vulnerability in multiple products A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. network low complexity isc fedoraproject debian netapp CWE-617	7.5
2023-09-12	CVE-2023-4921	Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8. local low complexity linux debian CWE-416	7.8
2023-09-12	CVE-2023-4863	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. network low complexity google fedoraproject debian mozilla microsoft webmproject CWE-787	8.8