Search
Total
6686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40486 | 1 Microsoft | 6 Office, Office Online Server, Office Web Apps Server and 3 more | 2023-08-01 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Word Remote Code Execution Vulnerability | |||||
| CVE-2021-31946 | 1 Microsoft | 1 Paint 3d | 2023-08-01 | 6.8 MEDIUM | 7.8 HIGH |
| Paint 3D Remote Code Execution Vulnerability | |||||
| CVE-2021-31949 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2023-08-01 | 6.8 MEDIUM | 7.3 HIGH |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2021-31951 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-08-01 | 7.2 HIGH | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2021-31976 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2023-08-01 | 7.8 HIGH | 7.5 HIGH |
| Server for NFS Information Disclosure Vulnerability | |||||
| CVE-2021-36970 | 1 Microsoft | 11 Windows 10, Windows 11, Windows 7 and 8 more | 2023-08-01 | 4.3 MEDIUM | 8.8 HIGH |
| Windows Print Spooler Spoofing Vulnerability | |||||
| CVE-2023-32012 | 1 Microsoft | 4 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 1 more | 2023-08-01 | N/A | 7.8 HIGH |
| Windows Container Manager Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-31982 | 1 Microsoft | 1 Edge Chromium | 2023-08-01 | N/A | 8.8 HIGH |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
| CVE-2023-24936 | 1 Microsoft | 14 .net, .net Framework, Windows 10 1507 and 11 more | 2023-08-01 | N/A | 7.5 HIGH |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2023-38410 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-08-01 | N/A | 7.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges. | |||||
| CVE-2023-32364 | 1 Apple | 1 Macos | 2023-08-01 | N/A | 8.6 HIGH |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2023-32418 | 1 Apple | 1 Macos | 2023-08-01 | N/A | 7.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-32441 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-08-01 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-3417 | 2 Debian, Mozilla | 2 Debian Linux, Thunderbird | 2023-08-01 | N/A | 7.5 HIGH |
| Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1 and Thunderbird < 102.13.1. | |||||
| CVE-2023-37915 | 1 Objectcomputing | 1 Opendds | 2023-08-01 | N/A | 7.5 HIGH |
| OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS crashes while parsing a malformed `PID_PROPERTY_LIST` in a DATA submessage during participant discovery. Attackers can remotely crash OpenDDS processes by sending a DATA submessage containing the malformed parameter to the known multicast port. This issue has been addressed in version 3.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-0009 | 1 Paloaltonetworks | 1 Globalprotect | 2023-07-31 | N/A | 7.8 HIGH |
| A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges. | |||||
| CVE-2023-30446 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-07-31 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253361 . | |||||
| CVE-2023-30447 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-07-31 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253436. | |||||
| CVE-2023-30449 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-07-31 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439. | |||||
| CVE-2023-30448 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-07-31 | N/A | 7.5 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437. | |||||
| CVE-2023-30442 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-07-31 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202. | |||||
| CVE-2023-30445 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-07-31 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253357. | |||||
| CVE-2023-28513 | 5 Hp, Ibm, Linux and 2 more | 9 Hp-ux, Aix, I and 6 more | 2023-07-31 | N/A | 7.5 HIGH |
| IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397. | |||||
| CVE-2023-31462 | 1 Steelseries | 1 Gg | 2023-07-31 | N/A | 8.8 HIGH |
| An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges. | |||||
| CVE-2023-37916 | 1 Fit2cloud | 1 Kubepi | 2023-07-31 | N/A | 7.5 HIGH |
| KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user (including admin). A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-32046 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-07-31 | N/A | 7.8 HIGH |
| Windows MSHTML Platform Elevation of Privilege Vulnerability | |||||
| CVE-2023-37917 | 1 Fit2cloud | 1 Kubepi | 2023-07-31 | N/A | 8.8 HIGH |
| KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the `isadmin` value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-22505 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2023-07-31 | N/A | 8.8 HIGH |
| This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that you upgrade your instance to latest version. If you're unable to upgrade to latest, upgrade to one of these fixed versions: 8.3.2, 8.4.0. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html).|https://confluence.atlassian.com/doc/confluence-release-notes-327.html).] You can download the latest version of Confluence Data Center & Server from the download center ([https://www.atlassian.com/software/confluence/download-archives).|https://www.atlassian.com/software/confluence/download-archives).] This vulnerability was discovered by a private user and reported via our Bug Bounty program. | |||||
| CVE-2022-28735 | 1 Gnu | 1 Grub2 | 2023-07-28 | N/A | 7.8 HIGH |
| The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain. | |||||
| CVE-2023-3467 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2023-07-28 | N/A | 8.0 HIGH |
| Privilege Escalation to root administrator (nsroot) | |||||
| CVE-2023-30799 | 1 Mikrotik | 1 Routeros | 2023-07-28 | N/A | 7.2 HIGH |
| MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system. | |||||
| CVE-2023-22060 | 1 Oracle | 1 Hyperion Workspace | 2023-07-27 | N/A | 7.6 HIGH |
| Vulnerability in the Oracle Hyperion Workspace product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Workspace. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Workspace accessible data as well as unauthorized access to critical data or complete access to all Oracle Hyperion Workspace accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Workspace. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L). | |||||
| CVE-2023-22023 | 1 Oracle | 1 Solaris | 2023-07-27 | N/A | 7.8 HIGH |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Interface). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: CVE-2023-22023 is equivalent to CVE-2023-31284. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2023-22014 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2023-07-27 | N/A | 8.4 HIGH |
| Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2023-22047 | 1 Oracle | 1 Peoplesoft Enterprise | 2023-07-27 | N/A | 7.5 HIGH |
| Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2023-22062 | 1 Oracle | 1 Hyperion | 2023-07-27 | N/A | 8.5 HIGH |
| Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L). | |||||
| CVE-2023-32414 | 1 Apple | 1 Macos | 2023-07-27 | N/A | 8.6 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be able to break out of its sandbox. | |||||
| CVE-2023-32397 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-07-27 | N/A | 7.5 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system. | |||||
| CVE-2023-23525 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-07-27 | N/A | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5. An app may be able to gain root privileges. | |||||
| CVE-2023-32357 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-07-27 | N/A | 7.1 HIGH |
| An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to retain access to system configuration files even after its permission is revoked. | |||||
| CVE-2023-32353 | 1 Apple | 1 Itunes | 2023-07-27 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges. | |||||
| CVE-2023-23532 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-07-27 | N/A | 8.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.6 and iPadOS 15.7.6. An app may be able to break out of its sandbox. | |||||
| CVE-2023-23516 | 1 Apple | 1 Macos | 2023-07-27 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-23496 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2023-07-27 | N/A | 8.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2, watchOS 9.3, iOS 15.7.2 and iPadOS 15.7.2, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2023-28181 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2023-07-27 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.4, macOS Big Sur 11.7.7, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-27967 | 1 Apple | 1 Xcode | 2023-07-27 | N/A | 8.6 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. | |||||
| CVE-2023-23497 | 1 Apple | 1 Macos | 2023-07-27 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to gain root privileges. | |||||
| CVE-2023-27963 | 1 Apple | 4 Ipad Os, Iphone Os, Macos and 1 more | 2023-07-27 | N/A | 7.5 HIGH |
| The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the user. | |||||
| CVE-2023-27960 | 1 Apple | 1 Mac Os X | 2023-07-27 | N/A | 7.8 HIGH |
| This issue was addressed by removing the vulnerable code. This issue is fixed in GarageBand for macOS 10.4.8. An app may be able to gain elevated privileges during the installation of GarageBand. | |||||
| CVE-2023-27935 | 1 Apple | 1 Macos | 2023-07-27 | N/A | 8.8 HIGH |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected app termination or arbitrary code execution. | |||||