Search
Total
1566 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28481 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 10.0 HIGH | 9.8 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-28480 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 10.0 HIGH | 9.8 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-28483 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 7.7 HIGH | 9.0 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-34458 | 1 Microsoft | 2 Windows Server 2016, Windows Server 2019 | 2023-12-28 | 9.0 HIGH | 9.9 CRITICAL |
| Windows Kernel Remote Code Execution Vulnerability | |||||
| CVE-2021-26432 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2023-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability | |||||
| CVE-2021-26424 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-28 | 6.8 MEDIUM | 9.9 CRITICAL |
| Windows TCP/IP Remote Code Execution Vulnerability | |||||
| CVE-2023-46266 | 1 Ivanti | 1 Avalanche | 2023-12-28 | N/A | 9.1 CRITICAL |
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. | |||||
| CVE-2023-50272 | 1 Hpe | 4 Integrated Lights-out 5, Integrated Lights-out 5 Firmware, Integrated Lights-out 6 and 1 more | 2023-12-28 | N/A | 9.8 CRITICAL |
| A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass. | |||||
| CVE-2021-22962 | 1 Ivanti | 1 Avalanche | 2023-12-28 | N/A | 9.1 CRITICAL |
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. | |||||
| CVE-2021-26443 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-12-28 | 7.7 HIGH | 9.0 CRITICAL |
| Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability | |||||
| CVE-2021-42310 | 1 Microsoft | 1 Defender For Iot | 2023-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | |||||
| CVE-2023-51023 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘host_time’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi. | |||||
| CVE-2023-51024 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘tz’ parameter of the setNtpCfg interface of the cstecgi .cgi. | |||||
| CVE-2023-51026 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi. | |||||
| CVE-2023-51015 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi | |||||
| CVE-2023-51012 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter’ of the setLanConfig interface of the cstecgi .cgi. | |||||
| CVE-2023-51025 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi. | |||||
| CVE-2023-51014 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi | |||||
| CVE-2023-51027 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘apcliAuthMode’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. | |||||
| CVE-2023-51013 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter’ of the setLanConfig interface of the cstecgi .cgi. | |||||
| CVE-2023-51011 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanPriDns parameter’ of the setLanConfig interface of the cstecgi .cgi | |||||
| CVE-2023-51020 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi. | |||||
| CVE-2023-51017 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi. | |||||
| CVE-2023-51018 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi. | |||||
| CVE-2023-51019 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. | |||||
| CVE-2023-51022 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langFlag’ parameter of the setLanguageCfg interface of the cstecgi .cgi. | |||||
| CVE-2023-51021 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘merge’ parameter of the setRptWizardCfg interface of the cstecgi .cgi. | |||||
| CVE-2018-8088 | 3 Oracle, Qos, Redhat | 14 Goldengate Application Adapters, Goldengate Stream Analytics, Utilities Framework and 11 more | 2023-12-27 | 7.5 HIGH | 9.8 CRITICAL |
| org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series. | |||||
| CVE-2023-34237 | 1 Sabnzbd | 1 Sabnzbd | 2023-12-23 | N/A | 9.8 CRITICAL |
| SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the vulnerabilities requires access to the web interface. Remote exploitation is possible if users[exposed their setup to the internet or other untrusted networks without setting a username/password. By default SABnzbd is only accessible from `localhost`, with no authentication required for the web interface. This issue has been patched in commits `e3a722` and `422b4f` which have been included in the 4.0.2 release. Users are advised to upgrade. Users unable to upgrade should ensure that a username and password have been set if their instance is web accessible. | |||||
| CVE-2023-40400 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-12-22 | N/A | 9.8 CRITICAL |
| This issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. A remote user may cause an unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-28531 | 2 Netapp, Openbsd | 4 Brocade Fabric Operating System, Hci Bootstrap Os, Solidfire Element Os and 1 more | 2023-12-22 | N/A | 9.8 CRITICAL |
| ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. | |||||
| CVE-2023-21263 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In OSMMapPMRGeneric of pmr_os.c, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21163 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In PMR_ReadBytes of pmr.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40082 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21401 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In DevmemIntChangeSparse of devicemem_server.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21162 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In RGXUnbackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21228 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21164 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In DevmemIntMapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21403 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In RGXDestroyZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21217 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In PMRWritePMPageList of TBD, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21216 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21402 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In MMU_UnmapPages of mmu_common.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21218 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-35690 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21166 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In RGXBackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21215 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In DevmemIntAcquireRemoteCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-6553 | 1 Backupbliss | 1 Backup Migration | 2023-12-21 | N/A | 9.8 CRITICAL |
| The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server. | |||||
| CVE-2022-21849 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2023-12-21 | 9.3 HIGH | 9.8 CRITICAL |
| Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | |||||
| CVE-2022-21898 | 1 Microsoft | 3 Windows 10, Windows Server, Windows Server 2019 | 2023-12-21 | 10.0 HIGH | 9.8 CRITICAL |
| DirectX Graphics Kernel Remote Code Execution Vulnerability | |||||
| CVE-2022-21969 | 1 Microsoft | 1 Exchange Server | 2023-12-21 | 7.7 HIGH | 9.0 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||