| 2023-10-25 | CVE-2023-5380 | Use After Free vulnerability in multiple products
A use-after-free flaw was found in the xorg-x11-server. | 4.7 |
| 2023-10-25 | CVE-2023-41983 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The issue was addressed with improved memory handling. | 6.5 |
| 2023-10-23 | CVE-2023-45802 | Improper Resource Shutdown or Release vulnerability in multiple products
When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. | 5.9 |
| 2023-10-18 | CVE-2023-5631 | Cross-site Scripting vulnerability in multiple products
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. | 5.4 |
| 2023-10-17 | CVE-2023-45803 | urllib3 is a user-friendly HTTP client library for Python. | 4.2 |
| 2023-10-13 | CVE-2023-39999 | Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38. | 4.3 |
| 2023-10-12 | CVE-2023-43789 | Out-of-bounds Read vulnerability in multiple products
A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system. | 5.5 |
| 2023-10-11 | CVE-2023-5475 | Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. | 6.5 |
| 2023-10-11 | CVE-2023-5484 | Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. | 6.5 |
| 2023-10-11 | CVE-2023-5487 | Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | 6.5 |