Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1464 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-01-04 | 2.1 LOW | 7.8 HIGH |
| <p>A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.</p> <p>In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.</p> <p>The update addresses the vulnerability by correcting how Windows validates file signatures.</p> | |||||
| CVE-2020-1459 | 1 Microsoft | 1 Windows 10 | 2024-01-04 | 2.1 LOW | 7.5 HIGH |
| <p>An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka "straight-line speculation."</p> <p>To exploit this vulnerability, an attacker with local privileges would need to run a specially crafted application.</p> <p>The security update addresses the vulnerability by bypassing the speculative execution.</p> | |||||
| CVE-2020-1380 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2024-01-04 | 7.6 HIGH | 7.8 HIGH |
| <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p> | |||||
| CVE-2020-1378 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-01-04 | 7.2 HIGH | 7.5 HIGH |
| <p>An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.</p> <p>A locally authenticated attacker could exploit this vulnerability by running a specially crafted application.</p> <p>The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.</p> | |||||
| CVE-2020-1377 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-01-04 | 7.2 HIGH | 7.8 HIGH |
| <p>An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.</p> <p>A locally authenticated attacker could exploit this vulnerability by running a specially crafted application.</p> <p>The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.</p> | |||||
| CVE-2020-1339 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-01-04 | 9.3 HIGH | 7.8 HIGH |
| <p>A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system.</p> <p>There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.</p> <p>The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects.</p> | |||||
| CVE-2020-1337 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-01-04 | 7.2 HIGH | 7.8 HIGH |
| <p>An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.</p> <p>The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.</p> | |||||
| CVE-2020-1182 | 1 Microsoft | 1 Dynamics 365 For Finance And Operations | 2024-01-04 | 6.0 MEDIUM | 7.3 HIGH |
| <p>A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server.</p> <p>An authenticated attacker with privileges to import and export data could exploit this vulnerability by sending a specially crafted file to a vulnerable Dynamics server.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11 handles user input.</p> | |||||
| CVE-2020-1046 | 1 Microsoft | 8 .net Framework, Windows 10, Windows 7 and 5 more | 2024-01-04 | 9.3 HIGH | 7.8 HIGH |
| <p>A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system.</p> <p>To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application.</p> <p>The security update addresses the vulnerability by correcting how .NET Framework processes input.</p> | |||||
| CVE-2020-0604 | 1 Microsoft | 1 Visual Studio Code | 2024-01-04 | 9.3 HIGH | 7.8 HIGH |
| <p>A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute when the target opened the integrated terminal.</p> <p>The update address the vulnerability by modifying the way Visual Studio Code handles environment variables.</p> | |||||
| CVE-2023-47091 | 1 Stormshield | 1 Network Security | 2024-01-04 | N/A | 7.5 HIGH |
| An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible. | |||||
| CVE-2023-49226 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2024-01-03 | N/A | 7.2 HIGH |
| An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root. | |||||
| CVE-2023-36486 | 1 Ilias | 1 Ilias | 2024-01-03 | N/A | 8.8 HIGH |
| The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename. | |||||
| CVE-2023-36485 | 1 Ilias | 1 Ilias | 2024-01-03 | N/A | 8.8 HIGH |
| The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file. | |||||
| CVE-2023-38321 | 1 Sierrawireless | 6 Aleos, Lx40, Lx60 and 3 more | 2024-01-03 | N/A | 7.5 HIGH |
| OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token. | |||||
| CVE-2023-49880 | 1 Ibm | 1 Financial Transaction Manager | 2024-01-03 | N/A | 7.5 HIGH |
| In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183. | |||||
| CVE-2023-43064 | 1 Ibm | 1 I | 2024-01-03 | N/A | 7.8 HIGH |
| Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689. | |||||
| CVE-2022-39822 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-01-03 | N/A | 8.8 HIGH |
| In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation. | |||||
| CVE-2022-39818 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-01-03 | N/A | 8.8 HIGH |
| In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system. | |||||
| CVE-2016-15036 | 1 Deis | 1 Workflow Manager | 2024-01-03 | N/A | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.3 is able to address this issue. The patch is named 31fe3bccbdde134a185752e53380330d16053f7f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248847. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-49328 | 2 Linux, Wolterskluwer | 2 Linux Kernel, B.point | 2024-01-03 | N/A | 7.2 HIGH |
| On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, during the authentication phase, a validated system user can achieve remote code execution via Argument Injection in the server-to-server module. | |||||
| CVE-2023-51772 | 1 Oneidentity | 1 Password Manager | 2024-01-03 | N/A | 8.8 HIGH |
| One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a session timeout, click on the Help icon, observe that there is a browser window for the One Identity website, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\SYSTEM. | |||||
| CVE-2023-28872 | 1 Ncp-e | 1 Secure Enterprise Client | 2024-01-03 | N/A | 8.8 HIGH |
| Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location. | |||||
| CVE-2023-24609 | 2 Matrixssl, Rambus | 2 Matrixssl, Tls Toolkit | 2024-01-03 | N/A | 7.5 HIGH |
| Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate. | |||||
| CVE-2023-7094 | 1 Netentsec | 1 Application Security Gateway | 2024-01-03 | N/A | 7.5 HIGH |
| A vulnerability classified as problematic was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected by this vulnerability is an unknown functionality of the file /protocol/nsasg6.0.tgz. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248941 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7090 | 1 Sudo Project | 1 Sudo | 2024-01-03 | N/A | 8.8 HIGH |
| A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them. | |||||
| CVE-2023-50254 | 1 Deepin | 1 Deepin Reader | 2024-01-03 | N/A | 7.8 HIGH |
| Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue. | |||||
| CVE-2023-51650 | 1 Dromara | 1 Hertzbeat | 2024-01-03 | N/A | 7.5 HIGH |
| Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue. | |||||
| CVE-2023-51662 | 1 Snowflake | 1 Snowflake Connector | 2024-01-03 | N/A | 7.5 HIGH |
| The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5. | |||||
| CVE-2023-51387 | 1 Dromara | 1 Hertzbeat | 2024-01-03 | N/A | 8.8 HIGH |
| Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1. | |||||
| CVE-2023-42465 | 1 Sudo Project | 1 Sudo | 2024-01-03 | N/A | 7.0 HIGH |
| Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. | |||||
| CVE-2023-41097 | 1 Silabs | 1 Gecko Software Development Kit | 2024-01-03 | N/A | 7.5 HIGH |
| An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0. | |||||
| CVE-2023-6348 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-01-03 | N/A | 8.8 HIGH |
| Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-4911 | 3 Fedoraproject, Gnu, Redhat | 4 Fedora, Glibc, Enterprise Linux and 1 more | 2024-01-03 | N/A | 7.8 HIGH |
| A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. | |||||
| CVE-2023-4320 | 1 Redhat | 1 Satellite | 2024-01-03 | N/A | 7.5 HIGH |
| An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity. | |||||
| CVE-2023-4692 | 2 Gnu, Redhat | 2 Grub2, Enterprise Linux | 2024-01-03 | N/A | 7.8 HIGH |
| An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved. | |||||
| CVE-2022-47502 | 1 Apache | 1 Openoffice | 2024-01-03 | N/A | 7.8 HIGH |
| Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. | |||||
| CVE-2022-43680 | 4 Debian, Fedoraproject, Libexpat Project and 1 more | 18 Debian Linux, Fedora, Libexpat and 15 more | 2024-01-03 | N/A | 7.5 HIGH |
| In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | |||||
| CVE-2023-3812 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-01-03 | N/A | 7.8 HIGH |
| An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system. | |||||
| CVE-2023-7138 | 1 Code-projects | 1 Client Details System | 2024-01-03 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. This affects an unknown part of the file /admin of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249141 was assigned to this vulnerability. | |||||
| CVE-2023-7137 | 1 Code-projects | 1 Client Details System | 2024-01-03 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the component HTTP POST Request Handler. The manipulation of the argument uemail leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249140. | |||||
| CVE-2023-7155 | 1 Mayurik | 1 Free And Open Source Inventory Management System | 2024-01-03 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in SourceCodester Free and Open Source Inventory Management System 1.0. This affects an unknown part of the file /ample/app/action/edit_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249177 was assigned to this vulnerability. | |||||
| CVE-2023-49938 | 1 Schedmd | 1 Slurm | 2024-01-03 | N/A | 8.2 HIGH |
| An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7. | |||||
| CVE-2023-49936 | 1 Schedmd | 1 Slurm | 2024-01-03 | N/A | 7.5 HIGH |
| An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1. | |||||
| CVE-2023-49935 | 1 Schedmd | 1 Slurm | 2024-01-03 | N/A | 8.8 HIGH |
| An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect against undesired MUNGE credential reuse. The fixed versions are 23.02.7 and 23.11.1. | |||||
| CVE-2023-49933 | 1 Schedmd | 1 Slurm | 2024-01-03 | N/A | 7.5 HIGH |
| An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1. | |||||
| CVE-2023-51661 | 1 Wasmer | 1 Wasmer | 2024-01-03 | N/A | 8.6 HIGH |
| Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4. | |||||
| CVE-2023-43116 | 1 Buildkite | 1 Elastic Ci Stack | 2024-01-03 | N/A | 7.8 HIGH |
| A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script. | |||||
| CVE-2023-43741 | 1 Buildkite | 1 Elastic Ci Stack | 2024-01-03 | N/A | 7.0 HIGH |
| A time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to bypass a symbolic link check for the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script. | |||||
| CVE-2023-48298 | 1 Clickhouse | 2 Clickhouse, Clickhouse Cloud | 2024-01-03 | N/A | 7.5 HIGH |
| ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited. | |||||