Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-18	CVE-2023-51385	OS Command Injection vulnerability in multiple products In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. network low complexity openbsd debian CWE-78	6.5
2023-12-18	CVE-2023-48795	Improper Validation of Integrity Check Value vulnerability in multiple products The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. network high complexity openbsd putty filezilla-project microsoft panic roumenpetrov winscp bitvise lancom-systems vandyke libssh net-ssh ssh2-project proftpd freebsd crates tera-term-project oryx-embedded crushftp netsarang paramiko redhat golang russh-project sftpgo-project erlang matez libssh2 asyncssh-project dropbear-ssh-project jadaptive ssh thorntech netgate connectbot apache tinyssh trilead 9bis gentoo fedoraproject debian apple CWE-354	5.9
2023-12-18	CVE-2023-5115	Path Traversal vulnerability in multiple products An absolute path traversal attack exists in the Ansible automation platform. network low complexity redhat debian CWE-22	6.3
2023-12-12	CVE-2023-42883	The issue was addressed with improved memory handling. local low complexity apple debian	5.5
2023-12-08	CVE-2023-45866	Improper Authentication vulnerability in multiple products Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. low complexity google canonical apple fedoraproject debian CWE-287	6.3
2023-12-06	CVE-2023-6511	Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. network low complexity debian fedoraproject google	4.3
2023-12-06	CVE-2023-6512	Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. network low complexity debian fedoraproject google	6.5
2023-11-30	CVE-2023-42916	Out-of-bounds Read vulnerability in multiple products An out-of-bounds read was addressed with improved input validation. network low complexity apple fedoraproject debian webkitgtk CWE-125	6.5
2023-11-21	CVE-2023-6204	Out-of-bounds Read vulnerability in multiple products On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. network low complexity mozilla debian CWE-125	6.5
2023-11-21	CVE-2023-6205	Use After Free vulnerability in multiple products It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. network low complexity mozilla debian CWE-416	6.5