High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-03	CVE-2023-43665	Improper Validation of Specified Quantity in Input vulnerability in multiple products In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. network low complexity djangoproject fedoraproject CWE-1284	7.5
2023-11-03	CVE-2023-44271	Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in Pillow before 10.0.0. network low complexity python fedoraproject CWE-770	7.5
2023-11-01	CVE-2023-5482	Insufficient Verification of Data Authenticity vulnerability in multiple products Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. network low complexity google debian fedoraproject CWE-345	8.8
2023-11-01	CVE-2023-5849	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian fedoraproject CWE-190	8.8
2023-11-01	CVE-2023-5852	Use After Free vulnerability in multiple products Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. network low complexity google debian fedoraproject CWE-416	8.8
2023-11-01	CVE-2023-5854	Use After Free vulnerability in multiple products Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. network low complexity google debian fedoraproject CWE-416	8.8
2023-11-01	CVE-2023-5855	Use After Free vulnerability in multiple products Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. network low complexity google debian fedoraproject CWE-416	8.8
2023-11-01	CVE-2023-5856	Use After Free vulnerability in multiple products Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian fedoraproject CWE-416	8.8
2023-11-01	CVE-2023-5857	Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. network low complexity google debian fedoraproject	8.8
2023-10-27	CVE-2023-34058	Improper Verification of Cryptographic Signature vulnerability in multiple products VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . high complexity vmware debian fedoraproject CWE-347	7.5