Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-15	CVE-2023-4001	Authentication Bypass by Spoofing vulnerability in multiple products An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. low complexity gnu redhat fedoraproject CWE-290	6.8
2024-01-12	CVE-2024-23301	Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. local low complexity relax-and-recover suse redhat fedoraproject	5.5
2024-01-12	CVE-2024-0443	Exposure of Resource to Wrong Sphere vulnerability in multiple products A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. local low complexity linux redhat fedoraproject CWE-668	5.5
2024-01-10	CVE-2024-0333	Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. network high complexity google fedoraproject	5.3
2024-01-10	CVE-2023-5455	Cross-Site Request Forgery (CSRF) vulnerability in multiple products A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. network low complexity freeipa fedoraproject redhat CWE-352	6.5
2024-01-03	CVE-2023-6004	Injection vulnerability in multiple products A flaw was found in libssh. local low complexity libssh redhat fedoraproject CWE-74	4.8
2024-01-02	CVE-2023-6693	Out-of-bounds Write vulnerability in multiple products A stack based buffer overflow was found in the virtio-net device of QEMU. local low complexity qemu redhat fedoraproject CWE-787	5.3
2023-12-24	CVE-2023-51766	Insufficient Verification of Data Authenticity vulnerability in multiple products Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. network low complexity exim fedoraproject debian CWE-345	5.3
2023-12-24	CVE-2023-51764	Insufficient Verification of Data Authenticity vulnerability in multiple products Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). network low complexity postfix fedoraproject redhat CWE-345	5.3
2023-12-21	CVE-2023-4255	Out-of-bounds Write vulnerability in multiple products An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. local low complexity tats fedoraproject CWE-787	5.5