Search
Total
6686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26604 | 1 Systemd Project | 1 Systemd | 2023-08-11 | N/A | 7.8 HIGH |
| systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output. | |||||
| CVE-2023-35391 | 1 Microsoft | 3 .net, Asp.net Core, Visual Studio 2022 | 2023-08-11 | N/A | 7.5 HIGH |
| ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability | |||||
| CVE-2023-38181 | 1 Microsoft | 1 Exchange Server | 2023-08-11 | N/A | 8.8 HIGH |
| Microsoft Exchange Server Spoofing Vulnerability | |||||
| CVE-2023-38184 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-11 | N/A | 7.5 HIGH |
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | |||||
| CVE-2023-38182 | 1 Microsoft | 1 Exchange Server | 2023-08-11 | N/A | 8.0 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2023-36533 | 1 Zoom | 2 Meeting Software Development Kit, Video Software Development Kit | 2023-08-11 | N/A | 7.5 HIGH |
| Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access. | |||||
| CVE-2023-35383 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-11 | N/A | 7.5 HIGH |
| Microsoft Message Queuing Information Disclosure Vulnerability | |||||
| CVE-2023-36866 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2023-08-11 | N/A | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability | |||||
| CVE-2023-36865 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2023-08-11 | N/A | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability | |||||
| CVE-2023-36905 | 1 Microsoft | 9 Windows 10, Windows 10 1607, Windows 10 1809 and 6 more | 2023-08-11 | N/A | 7.5 HIGH |
| Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | |||||
| CVE-2023-38154 | 1 Microsoft | 2 Windows 10 1809, Windows Server 2019 | 2023-08-11 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-36892 | 1 Microsoft | 1 Sharepoint Server | 2023-08-11 | N/A | 8.0 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2023-36876 | 1 Microsoft | 1 Windows Server 2008 | 2023-08-11 | N/A | 7.1 HIGH |
| Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability | |||||
| CVE-2023-36882 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-11 | N/A | 8.8 HIGH |
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2023-36891 | 1 Microsoft | 1 Sharepoint Server | 2023-08-11 | N/A | 8.0 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2023-36913 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 7.5 HIGH |
| Microsoft Message Queuing Information Disclosure Vulnerability | |||||
| CVE-2023-38185 | 1 Microsoft | 1 Exchange Server | 2023-08-10 | N/A | 8.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2023-36895 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2023-08-10 | N/A | 7.8 HIGH |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2023-36896 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2023-08-10 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2023-36912 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 7.5 HIGH |
| Microsoft Message Queuing Denial of Service Vulnerability | |||||
| CVE-2023-38169 | 1 Microsoft | 3 Odbc Driver For Sql Server, Ole Db Driver For Sql Server, Sql Server | 2023-08-10 | N/A | 8.8 HIGH |
| Microsoft OLE DB Remote Code Execution Vulnerability | |||||
| CVE-2023-38170 | 1 Microsoft | 1 Hevc Video Extensions | 2023-08-10 | N/A | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||
| CVE-2023-36907 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 7.5 HIGH |
| Windows Cryptographic Services Information Disclosure Vulnerability | |||||
| CVE-2023-36906 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 7.5 HIGH |
| Windows Cryptographic Services Information Disclosure Vulnerability | |||||
| CVE-2023-36904 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2023-08-10 | N/A | 7.8 HIGH |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||
| CVE-2023-36898 | 1 Microsoft | 2 Windows 11 21h2, Windows 11 22h2 | 2023-08-10 | N/A | 7.8 HIGH |
| Tablet Windows User Interface Application Core Remote Code Execution Vulnerability | |||||
| CVE-2023-29330 | 1 Microsoft | 1 Teams | 2023-08-10 | N/A | 8.8 HIGH |
| Microsoft Teams Remote Code Execution Vulnerability | |||||
| CVE-2023-29328 | 1 Microsoft | 1 Teams | 2023-08-10 | N/A | 8.8 HIGH |
| Microsoft Teams Remote Code Execution Vulnerability | |||||
| CVE-2023-35359 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-35372 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2023-08-10 | N/A | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability | |||||
| CVE-2023-36900 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2023-35371 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2023-08-10 | N/A | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2023-35379 | 1 Microsoft | 1 Windows Server 2008 | 2023-08-10 | N/A | 7.8 HIGH |
| Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability | |||||
| CVE-2023-35380 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-35381 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 8.8 HIGH |
| Windows Fax Service Remote Code Execution Vulnerability | |||||
| CVE-2023-35382 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2023-08-10 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-35387 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2023-08-10 | N/A | 8.8 HIGH |
| Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability | |||||
| CVE-2023-35386 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2023-08-10 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-35357 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2023-08-10 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-35358 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2023-08-10 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-2313 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-08-10 | N/A | 8.8 HIGH |
| Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a malicious file. (Chromium security severity: High) | |||||
| CVE-2022-4906 | 1 Google | 1 Chrome | 2023-08-10 | N/A | 8.8 HIGH |
| Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2020-21514 | 1 Fluentd | 2 Fluentd, Fluentd-ui | 2023-08-10 | N/A | 8.8 HIGH |
| An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 allows attackers to gain escalated privileges and execute arbitrary code due to a default password. | |||||
| CVE-2023-4055 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Firefox Esr | 2023-08-09 | N/A | 7.5 HIGH |
| When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | |||||
| CVE-2023-4047 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Firefox Esr | 2023-08-09 | N/A | 8.8 HIGH |
| A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | |||||
| CVE-2023-33466 | 1 Orthanc-server | 1 Orthanc | 2023-08-09 | N/A | 8.8 HIGH |
| Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE). | |||||
| CVE-2023-4168 | 1 Templatecookie | 1 Adlisting | 2023-08-09 | N/A | 7.5 HIGH |
| A vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic. Affected is an unknown function of the file /ad-list of the component Redirect Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-4169 | 1 Ruijie | 2 Rg-ew1200g, Rg-ew1200g Firmware | 2023-08-09 | N/A | 8.8 HIGH |
| A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-30297 | 1 N-able | 1 N-central | 2023-08-09 | N/A | 7.0 HIGH |
| An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server. | |||||
| CVE-2022-46782 | 1 Stormshield | 1 Ssl Vpn Client | 2023-08-09 | N/A | 7.8 HIGH |
| An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine. | |||||