High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-31	CVE-2023-6246	Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. local low complexity gnu fedoraproject CWE-787	7.8
2024-01-31	CVE-2023-6779	Out-of-bounds Write vulnerability in multiple products An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. network low complexity gnu fedoraproject CWE-787	7.5
2024-01-31	CVE-2024-1086	Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. local low complexity linux fedoraproject redhat debian netapp CWE-416	7.8
2024-01-30	CVE-2024-1059	Use After Free vulnerability in multiple products Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. network low complexity google fedoraproject CWE-416	8.8
2024-01-30	CVE-2024-1060	Use After Free vulnerability in multiple products Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject CWE-416	8.8
2024-01-30	CVE-2024-1077	Use After Free vulnerability in multiple products Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. network low complexity google fedoraproject CWE-416	8.8
2024-01-29	CVE-2024-23334	Path Traversal vulnerability in multiple products aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. network low complexity aiohttp fedoraproject CWE-22	7.5
2024-01-29	CVE-2023-40548	Integer Overflow or Wraparound vulnerability in multiple products A buffer overflow was found in Shim in the 32-bit system. local high complexity redhat fedoraproject CWE-190	7.4
2024-01-29	CVE-2023-46838	NULL Pointer Dereference vulnerability in multiple products Transmit requests in Xen's virtual network protocol can consist of multiple parts. network low complexity linux fedoraproject debian CWE-476	7.5
2024-01-24	CVE-2024-0804	Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google fedoraproject	7.5