High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-07-10	CVE-2023-34318	Out-of-bounds Write vulnerability in multiple products A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. local low complexity sox-project redhat fedoraproject CWE-787	7.8
2023-07-06	CVE-2023-35934	yt-dlp is a command-line program to download videos from video sites. network low complexity yt-dlp-project youtube-dlc-project yt-dl fedoraproject	8.2
2023-07-05	CVE-2023-31248	Use After Free vulnerability in multiple products Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace local low complexity linux fedoraproject debian canonical CWE-416	7.8
2023-07-05	CVE-2023-35001	Out-of-bounds Write vulnerability in multiple products Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace local low complexity linux debian fedoraproject netapp CWE-787	7.8
2023-07-03	CVE-2023-36053	In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. network low complexity djangoproject debian fedoraproject	7.5
2023-07-01	CVE-2023-30589	The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. network low complexity nodejs fedoraproject	7.5
2023-06-25	CVE-2023-36664	Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the \| pipe character prefix). local low complexity artifex debian fedoraproject	7.8
2023-06-22	CVE-2023-34241	OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. local low complexity openprinting fedoraproject debian apple	7.1
2023-06-14	CVE-2023-30631	Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions network low complexity apache debian fedoraproject	7.5
2023-06-13	CVE-2023-3214	Use After Free vulnerability in multiple products Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian fedoraproject CWE-416	8.8