Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-16	CVE-2023-6121	Out-of-bounds Read vulnerability in Redhat Enterprise Linux An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. network low complexity redhat CWE-125	4.3
2023-11-09	CVE-2023-39198	Use After Free vulnerability in multiple products A race condition was found in the QXL driver in the Linux kernel. local high complexity linux fedoraproject redhat CWE-416	6.4
2023-11-09	CVE-2023-5544	Authorization Bypass Through User-Controlled Key vulnerability in multiple products Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. network low complexity moodle redhat fedoraproject CWE-639	5.4
2023-11-09	CVE-2023-5546	Cross-site Scripting vulnerability in multiple products ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. network low complexity moodle redhat fedoraproject CWE-79	5.4
2023-11-09	CVE-2023-5547	Cross-site Scripting vulnerability in multiple products The course upload preview contained an XSS risk for users uploading unsafe data. network low complexity moodle redhat fedoraproject CWE-79	6.1
2023-11-06	CVE-2023-40660	Improper Authentication vulnerability in multiple products A flaw was found in OpenSC packages that allow a potential PIN bypass. low complexity opensc-project redhat CWE-287	6.6
2023-11-06	CVE-2023-40661	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. low complexity opensc-project redhat CWE-119	6.4
2023-11-06	CVE-2023-5090	Improper Handling of Exceptional Conditions vulnerability in multiple products A flaw was found in KVM. local low complexity linux redhat CWE-755	5.5
2023-11-06	CVE-2023-42669	A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. network low complexity samba redhat	6.5
2023-11-03	CVE-2023-46846	HTTP Request Smuggling vulnerability in multiple products SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. network low complexity squid-cache redhat CWE-444	5.3