High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-07-06	CVE-2023-35934	Information Exposure vulnerability in multiple products yt-dlp is a command-line program to download videos from video sites. network low complexity yt-dlp-project youtube-dlc-project yt-dl fedoraproject CWE-200	8.2
2023-07-05	CVE-2023-31248	Use After Free vulnerability in multiple products Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace local low complexity linux fedoraproject debian canonical CWE-416	7.8
2023-07-05	CVE-2023-35001	Out-of-bounds Write vulnerability in multiple products Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace local low complexity linux debian fedoraproject netapp CWE-787	7.8
2023-07-03	CVE-2023-36053	In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. network low complexity djangoproject debian fedoraproject	7.5
2023-07-01	CVE-2023-30589	The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. network low complexity nodejs fedoraproject	7.5
2023-06-25	CVE-2023-36664	Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the \| pipe character prefix). local low complexity artifex debian fedoraproject	7.8
2023-06-22	CVE-2023-34241	Use After Free vulnerability in multiple products OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. local low complexity openprinting fedoraproject debian apple CWE-416	7.1
2023-06-21	CVE-2023-2828	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. network low complexity isc debian fedoraproject netapp CWE-770	7.5
2023-06-21	CVE-2023-2911	Out-of-bounds Write vulnerability in multiple products If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. network low complexity isc debian fedoraproject netapp CWE-787	7.5
2023-06-14	CVE-2023-30631	Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions network low complexity apache debian fedoraproject CWE-20	7.5