Search
Total
6686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23583 | 3 Debian, Intel, Netapp | 443 Debian Linux, Core I3-1005g1, Core I3-1005g1 Firmware and 440 more | 2023-12-16 | N/A | 7.8 HIGH |
| Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. | |||||
| CVE-2023-48634 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2023-12-16 | N/A | 7.8 HIGH |
| Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-5058 | 1 Phoenix | 1 Securecore Technology | 2023-12-16 | N/A | 7.8 HIGH |
| Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution. | |||||
| CVE-2023-36403 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2023-12-15 | N/A | 7.0 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-36405 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2023-12-15 | N/A | 7.0 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-36407 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 2 more | 2023-12-15 | N/A | 7.8 HIGH |
| Windows Hyper-V Elevation of Privilege Vulnerability | |||||
| CVE-2023-36408 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2023-12-15 | N/A | 7.8 HIGH |
| Windows Hyper-V Elevation of Privilege Vulnerability | |||||
| CVE-2023-36424 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2023-12-15 | N/A | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2023-36425 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2023-12-15 | N/A | 8.0 HIGH |
| Windows Distributed File System (DFS) Remote Code Execution Vulnerability | |||||
| CVE-2023-36427 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2023-12-15 | N/A | 7.0 HIGH |
| Windows Hyper-V Elevation of Privilege Vulnerability | |||||
| CVE-2023-36705 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2023-12-15 | N/A | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2023-35621 | 1 Microsoft | 1 Dynamics 365 | 2023-12-15 | N/A | 7.5 HIGH |
| Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability | |||||
| CVE-2023-21740 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2023-12-15 | N/A | 7.8 HIGH |
| Windows Media Remote Code Execution Vulnerability | |||||
| CVE-2023-6759 | 1 Thecosy | 1 Icecms | 2023-12-15 | N/A | 7.5 HIGH |
| A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. This affects an unknown part of the file /WebResource/resource of the component Love Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247887. | |||||
| CVE-2020-12612 | 1 Beyondtrust | 1 Privilege Management For Windows | 2023-12-15 | N/A | 7.8 HIGH |
| An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefore uses the %ProgramFiles(x86)% environment variable. However, when this same policy gets pushed to a 32bit machine, this environment variable does not exist. Therefore, since the standard user can create a user level environment variable, they can repoint this variable to any folder the user has full control of. Then, the folder structure can be created in such a way that a rule matches and arbitrary code runs elevated. | |||||
| CVE-2020-12615 | 1 Beyondtrust | 1 Privilege Management For Windows | 2023-12-15 | N/A | 7.8 HIGH |
| An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes. | |||||
| CVE-2023-35644 | 1 Microsoft | 8 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 5 more | 2023-12-15 | N/A | 7.8 HIGH |
| Windows Sysmain Service Elevation of Privilege | |||||
| CVE-2023-35643 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2023-12-15 | N/A | 7.5 HIGH |
| DHCP Server Service Information Disclosure Vulnerability | |||||
| CVE-2023-35641 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2023-12-15 | N/A | 8.8 HIGH |
| Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | |||||
| CVE-2023-35639 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2023-12-15 | N/A | 8.8 HIGH |
| Microsoft ODBC Driver Remote Code Execution Vulnerability | |||||
| CVE-2023-36391 | 1 Microsoft | 1 Windows 11 23h2 | 2023-12-14 | N/A | 7.8 HIGH |
| Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-35638 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2023-12-14 | N/A | 7.5 HIGH |
| DHCP Server Service Denial of Service Vulnerability | |||||
| CVE-2023-35622 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2023-12-14 | N/A | 7.5 HIGH |
| Windows DNS Spoofing Vulnerability | |||||
| CVE-2023-35624 | 1 Microsoft | 1 Azure Connected Machine Agent | 2023-12-14 | N/A | 7.3 HIGH |
| Azure Connected Machine Agent Elevation of Privilege Vulnerability | |||||
| CVE-2023-35628 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2023-12-14 | N/A | 8.1 HIGH |
| Windows MSHTML Platform Remote Code Execution Vulnerability | |||||
| CVE-2023-36696 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2023-12-14 | N/A | 7.8 HIGH |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||
| CVE-2023-35630 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2023-12-14 | N/A | 8.8 HIGH |
| Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | |||||
| CVE-2023-35631 | 1 Microsoft | 4 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 1 more | 2023-12-14 | N/A | 7.8 HIGH |
| Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2023-35632 | 1 Microsoft | 9 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 6 more | 2023-12-14 | N/A | 7.8 HIGH |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||||
| CVE-2023-35634 | 1 Microsoft | 3 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 | 2023-12-14 | N/A | 8.8 HIGH |
| Windows Bluetooth Driver Remote Code Execution Vulnerability | |||||
| CVE-2020-12614 | 1 Beyondtrust | 1 Privilege Management For Windows | 2023-12-14 | N/A | 7.8 HIGH |
| An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator. | |||||
| CVE-2023-41118 | 1 Enterprisedb | 1 Postgres Advanced Server | 2023-12-14 | N/A | 8.8 HIGH |
| An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. When a superuser has configured file locations using CREATE DIRECTORY, these functions allow users to take a wide range of actions, including read, write, copy, rename, and delete. | |||||
| CVE-2023-45539 | 1 Haproxy | 1 Haproxy | 2023-12-14 | N/A | 8.2 HIGH |
| HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. | |||||
| CVE-2021-3187 | 2 Apple, Beyondtrust | 2 Mac Os X, Privilege Management For Mac | 2023-12-14 | N/A | 8.8 HIGH |
| An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.) | |||||
| CVE-2020-12613 | 1 Beyondtrust | 1 Privilege Management For Windows | 2023-12-14 | N/A | 8.8 HIGH |
| An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the process, but not the second user. Therefore this second user still retains access and can give permission to the process back to the first user. | |||||
| CVE-2023-32028 | 1 Microsoft | 2 Ole Db Driver For Sql Server, Sql Server | 2023-12-14 | N/A | 7.8 HIGH |
| Microsoft SQL OLE DB Remote Code Execution Vulnerability | |||||
| CVE-2023-42899 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-12-14 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. Processing an image may lead to arbitrary code execution. | |||||
| CVE-2023-34053 | 1 Vmware | 1 Spring Framework | 2023-12-14 | N/A | 7.5 HIGH |
| In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions. | |||||
| CVE-2023-5978 | 1 Freebsd | 1 Freebsd | 2023-12-14 | N/A | 7.5 HIGH |
| In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. This could permit the application to resolve domain names that were previously restricted. | |||||
| CVE-2023-41627 | 1 O-ran-sc | 1 Ric Message Router | 2023-12-14 | N/A | 7.5 HIGH |
| O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the source of the routing tables it receives, potentially allowing attackers to send forged routing tables to the device. | |||||
| CVE-2023-36585 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1809, Windows 10 21h1 and 8 more | 2023-12-14 | N/A | 7.5 HIGH |
| Windows upnphost.dll Denial of Service Vulnerability | |||||
| CVE-2023-43303 | 1 Linecorp | 1 Line | 2023-12-13 | N/A | 8.2 HIGH |
| An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43302 | 1 Linecorp | 1 Line | 2023-12-13 | N/A | 8.2 HIGH |
| An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43301 | 1 Linecorp | 1 Line | 2023-12-13 | N/A | 8.2 HIGH |
| An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43300 | 1 Linecorp | 1 Line | 2023-12-13 | N/A | 8.2 HIGH |
| An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43304 | 1 Linecorp | 1 Line | 2023-12-13 | N/A | 8.2 HIGH |
| An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-40446 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-12-13 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing maliciously crafted input may lead to arbitrary code execution in user-installed apps. | |||||
| CVE-2022-24464 | 2 Fedoraproject, Microsoft | 5 Fedora, .net, .net Core and 2 more | 2023-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| .NET and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2023-28296 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2023-12-13 | N/A | 7.8 HIGH |
| Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2023-21808 | 1 Microsoft | 25 .net, .net Framework, Visual Studio 2017 and 22 more | 2023-12-13 | N/A | 7.8 HIGH |
| .NET and Visual Studio Remote Code Execution Vulnerability | |||||