Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37982 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 8.8 HIGH |
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2022-37980 | 1 Microsoft | 3 Windows 10, Windows 11, Windows Server 2022 | 2023-12-20 | N/A | 7.8 HIGH |
| Windows DHCP Client Elevation of Privilege Vulnerability | |||||
| CVE-2022-37979 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-12-20 | N/A | 7.8 HIGH |
| Windows Hyper-V Elevation of Privilege Vulnerability | |||||
| CVE-2022-37978 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 7.5 HIGH |
| Windows Active Directory Certificate Services Security Feature Bypass | |||||
| CVE-2022-37976 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2023-12-20 | N/A | 8.8 HIGH |
| Active Directory Certificate Services Elevation of Privilege Vulnerability | |||||
| CVE-2022-37975 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 8.8 HIGH |
| Windows Group Policy Elevation of Privilege Vulnerability | |||||
| CVE-2022-37973 | 1 Microsoft | 3 Windows 10, Windows 11, Windows Server 2022 | 2023-12-20 | N/A | 7.7 HIGH |
| Windows Local Session Manager (LSM) Denial of Service Vulnerability | |||||
| CVE-2022-37971 | 1 Microsoft | 1 Malware Protection Engine | 2023-12-20 | N/A | 7.1 HIGH |
| Microsoft Windows Defender Elevation of Privilege Vulnerability | |||||
| CVE-2022-37970 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2019 and 1 more | 2023-12-20 | N/A | 7.8 HIGH |
| Windows DWM Core Library Elevation of Privilege Vulnerability | |||||
| CVE-2022-34689 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 7.5 HIGH |
| Windows CryptoAPI Spoofing Vulnerability | |||||
| CVE-2022-33645 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 7.5 HIGH |
| Windows TCP/IP Driver Denial of Service Vulnerability | |||||
| CVE-2022-33635 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 7.8 HIGH |
| Windows GDI+ Remote Code Execution Vulnerability | |||||
| CVE-2022-33634 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 8.1 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||
| CVE-2022-30198 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 8.1 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||
| CVE-2022-24504 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 8.1 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||
| CVE-2022-22035 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 8.1 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||
| CVE-2022-41082 | 1 Microsoft | 1 Exchange Server | 2023-12-20 | N/A | 8.0 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2022-41040 | 1 Microsoft | 1 Exchange Server | 2023-12-20 | N/A | 8.8 HIGH |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||
| CVE-2022-37972 | 1 Microsoft | 1 Endpoint Configuration Manager | 2023-12-20 | N/A | 7.5 HIGH |
| Microsoft Endpoint Configuration Manager Spoofing Vulnerability | |||||
| CVE-2022-38019 | 1 Microsoft | 1 Av1 Video Extension | 2023-12-20 | N/A | 7.8 HIGH |
| AV1 Video Extension Remote Code Execution Vulnerability | |||||
| CVE-2022-38013 | 2 Fedoraproject, Microsoft | 5 Fedora, .net, .net Core and 2 more | 2023-12-20 | N/A | 7.5 HIGH |
| .NET Core and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2022-38011 | 1 Microsoft | 3 Raw Image Extension, Windows 10, Windows 11 | 2023-12-20 | N/A | 7.3 HIGH |
| Raw Image Extension Remote Code Execution Vulnerability | |||||
| CVE-2022-38007 | 1 Microsoft | 2 Azure Arc, Azure Guest Configuration | 2023-12-20 | N/A | 7.8 HIGH |
| Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability | |||||
| CVE-2022-35828 | 1 Microsoft | 1 Defender For Endpoint | 2023-12-20 | N/A | 7.8 HIGH |
| Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability | |||||
| CVE-2022-26929 | 1 Microsoft | 11 .net Framework, Windows 10, Windows 11 and 8 more | 2023-12-20 | N/A | 7.8 HIGH |
| .NET Framework Remote Code Execution Vulnerability | |||||
| CVE-2023-31937 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 7.2 HIGH |
| Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file. | |||||
| CVE-2023-31936 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 7.2 HIGH |
| Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-pass-detail.php file. | |||||
| CVE-2023-31933 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 7.2 HIGH |
| Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-pass-detail.php file. | |||||
| CVE-2023-31932 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 7.2 HIGH |
| Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-enquiry.php file. | |||||
| CVE-2023-6891 | 1 Peazip | 1 Peazip | 2023-12-20 | N/A | 7.8 HIGH |
| A vulnerability has been found in PeaZip 9.4.0 and classified as problematic. Affected by this vulnerability is an unknown functionality in the library dragdropfilesdll.dll of the component Library Handler. The manipulation leads to uncontrolled search path. An attack has to be approached locally. Upgrading to version 9.6.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248251. NOTE: Vendor was contacted early, confirmed the existence of the flaw and immediately worked on a patched release. | |||||
| CVE-2023-6893 | 1 Hikvision | 30 Ds-kd-bk, Ds-kd-dis, Ds-kd-e and 27 more | 2023-12-20 | N/A | 7.5 HIGH |
| A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input C:\ICPAS\Wnmp\WWW\php\conversion.php leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248252. | |||||
| CVE-2022-47085 | 1 Ostree Project | 1 Ostree | 2023-12-20 | N/A | 7.5 HIGH |
| An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs. | |||||
| CVE-2023-5379 | 1 Redhat | 3 Jboss Enterprise Application Platform, Single Sign-on, Undertow | 2023-12-20 | N/A | 7.5 HIGH |
| A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS). | |||||
| CVE-2023-6773 | 1 Codeastro | 1 Pos And Inventory Management System | 2023-12-20 | N/A | 8.8 HIGH |
| A vulnerability has been found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /accounts_con/register_account of the component User Creation Handler. The manipulation of the argument account_type with the input Admin leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247909 was assigned to this vulnerability. | |||||
| CVE-2023-50444 | 1 Primx | 3 Zed\!, Zedmail, Zonecentral | 2023-12-20 | N/A | 7.5 HIGH |
| By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force. | |||||
| CVE-2022-1800 | 1 Soflyy | 1 Export Any Wordpress Data To Xml\/csv | 2023-12-20 | 6.5 MEDIUM | 7.2 HIGH |
| The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability. | |||||
| CVE-2023-5574 | 2 Redhat, X.org | 2 Enterprise Linux, X Server | 2023-12-20 | N/A | 7.0 HIGH |
| A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service. | |||||
| CVE-2023-44487 | 31 Akka, Amazon, Apache and 28 more | 127 Http Server, Opensearch Data Prepper, Apisix and 124 more | 2023-12-20 | N/A | 7.5 HIGH |
| The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | |||||
| CVE-2023-39340 | 1 Ivanti | 1 Connect Secure | 2023-12-20 | N/A | 7.5 HIGH |
| A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance. | |||||
| CVE-2021-42797 | 1 Aveva | 1 Edge | 2023-12-20 | N/A | 7.5 HIGH |
| Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources. | |||||
| CVE-2020-17483 | 1 Uffizio | 1 Gps Tracker | 2023-12-20 | N/A | 7.5 HIGH |
| An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed. | |||||
| CVE-2023-5869 | 2 Postgresql, Redhat | 21 Postgresql, Codeready Linux Builder Eus, Codeready Linux Builder Eus For Power Little Endian Eus and 18 more | 2023-12-20 | N/A | 8.8 HIGH |
| A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory. | |||||
| CVE-2023-39417 | 3 Debian, Postgresql, Redhat | 4 Debian Linux, Postgresql, Enterprise Linux and 1 more | 2023-12-20 | N/A | 8.8 HIGH |
| IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. | |||||
| CVE-2023-42799 | 1 Moonlight-stream | 7 Moonlight, Moonlight-common-c, Moonlight Embedded and 4 more | 2023-12-20 | N/A | 8.8 HIGH |
| Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 02b7742f4d19631024bd766bd2bb76715780004e. | |||||
| CVE-2023-48375 | 1 Csharp | 1 Cws Collaborative Development Platform | 2023-12-20 | N/A | 8.8 HIGH |
| SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege, resulting in performing arbitrary system operations or disrupting service. | |||||
| CVE-2022-42003 | 4 Debian, Fasterxml, Netapp and 1 more | 4 Debian Linux, Jackson-databind, Oncommand Workflow Automation and 1 more | 2023-12-20 | N/A | 7.5 HIGH |
| In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. | |||||
| CVE-2023-49355 | 1 Jqlang | 1 Jq | 2023-12-20 | N/A | 7.5 HIGH |
| decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation. | |||||
| CVE-2023-49855 | 1 Binarycarpenter | 1 Menu Bar Cart Icon For Woocommerce | 2023-12-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter.This issue affects Menu Bar Cart Icon For WooCommerce By Binary Carpenter: from n/a through 1.49.3. | |||||
| CVE-2023-49854 | 1 Madebytribe | 1 Caddy | 2023-12-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Tribe Interactive Caddy – Smart Side Cart for WooCommerce.This issue affects Caddy – Smart Side Cart for WooCommerce: from n/a through 1.9.7. | |||||
| CVE-2023-49844 | 1 Reviewsignal | 1 Wpperformancetester | 2023-12-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Kevin Ohashi WPPerformanceTester.This issue affects WPPerformanceTester: from n/a through 2.0.0. | |||||