Search
Total
2821 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20900 | 6 Debian, Fedoraproject, Linux and 3 more | 7 Debian Linux, Fedora, Linux Kernel and 4 more | 2024-01-12 | N/A | 7.5 HIGH |
| A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | |||||
| CVE-2023-46167 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-01-12 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367. | |||||
| CVE-2023-29258 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-01-12 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048. | |||||
| CVE-2023-47145 | 2 Ibm, Microsoft | 2 Db2, Windows | 2024-01-11 | N/A | 7.8 HIGH |
| IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402. | |||||
| CVE-2023-47039 | 2 Microsoft, Perl | 2 Windows, Perl | 2024-01-08 | N/A | 7.8 HIGH |
| A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations. | |||||
| CVE-2023-32214 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-01-07 | N/A | 7.5 HIGH |
| Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||||
| CVE-2021-36958 | 1 Microsoft | 1 Windows | 2023-12-28 | 9.3 HIGH | 7.8 HIGH |
| <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> | |||||
| CVE-2022-24765 | 5 Apple, Debian, Fedoraproject and 2 more | 5 Xcode, Debian Linux, Fedora and 2 more | 2023-12-27 | 6.9 MEDIUM | 7.8 HIGH |
| Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`. | |||||
| CVE-2023-40372 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499. | |||||
| CVE-2023-40374 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575. | |||||
| CVE-2023-40373 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574. | |||||
| CVE-2023-38728 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258. | |||||
| CVE-2023-38740 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613. | |||||
| CVE-2023-38720 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616. | |||||
| CVE-2023-30987 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440. | |||||
| CVE-2023-30991 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037. | |||||
| CVE-2023-47704 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220. | |||||
| CVE-2023-47706 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2023-12-22 | N/A | 8.8 HIGH |
| IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X-Force ID: 271341. | |||||
| CVE-2023-3955 | 2 Kubernetes, Microsoft | 2 Kubernetes, Windows | 2023-12-21 | N/A | 8.8 HIGH |
| A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | |||||
| CVE-2023-46803 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 7.5 HIGH |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | |||||
| CVE-2023-46804 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 7.5 HIGH |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | |||||
| CVE-2023-41151 | 2 Microsoft, Softing | 4 Windows, Opc, Opc Ua C\+\+ Software Development Kit and 1 more | 2023-12-19 | N/A | 7.5 HIGH |
| An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing. | |||||
| CVE-2023-48676 | 2 Acronis, Microsoft | 2 Cyber Protect Cloud Agent, Windows | 2023-12-19 | N/A | 7.1 HIGH |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943. | |||||
| CVE-2023-48632 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2023-12-16 | N/A | 7.8 HIGH |
| Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-48633 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2023-12-16 | N/A | 7.8 HIGH |
| Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-48634 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2023-12-16 | N/A | 7.8 HIGH |
| Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-6753 | 2 Lfprojects, Microsoft | 2 Mlflow, Windows | 2023-12-15 | N/A | 8.8 HIGH |
| Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2. | |||||
| CVE-2023-47074 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2023-12-14 | N/A | 7.8 HIGH |
| Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47063 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2023-12-14 | N/A | 7.8 HIGH |
| Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47075 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2023-12-14 | N/A | 7.8 HIGH |
| Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-48677 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2023-12-14 | N/A | 7.8 HIGH |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901. | |||||
| CVE-2023-45283 | 2 Golang, Microsoft | 2 Go, Windows | 2023-12-14 | N/A | 7.5 HIGH |
| The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example, the path \??\c:\x is equivalent to the more common path c:\x. Before fix, Clean could convert a rooted path such as \a\..\??\b into the root local device path \??\b. Clean will now convert this to .\??\b. Similarly, Join(\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \??\b. Join will now convert this to \.\??\b. In addition, with fix, IsAbs now correctly reports paths beginning with \??\ as absolute, and VolumeName correctly reports the \??\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \?, resulting in filepath.Clean(\?\c:) returning \?\c: rather than \?\c:\ (among other effects). The previous behavior has been restored. | |||||
| CVE-2023-48861 | 2 Baidu, Microsoft | 2 Ttplayer, Windows | 2023-12-11 | N/A | 7.8 HIGH |
| DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll. | |||||
| CVE-2023-45252 | 2 Huddly, Microsoft | 2 Huddlycameraservice, Windows | 2023-12-08 | N/A | 7.8 HIGH |
| DLL Hijacking vulnerability in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, due to the installation of the service in a directory that grants write privileges to standard users, allows attackers to manipulate files, execute arbitrary code, and escalate privileges. | |||||
| CVE-2023-45253 | 2 Huddly, Microsoft | 2 Huddlycameraservices, Windows | 2023-12-08 | N/A | 7.8 HIGH |
| An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library. | |||||
| CVE-2019-0232 | 2 Apache, Microsoft | 2 Tomcat, Windows | 2023-12-08 | 9.3 HIGH | 8.1 HIGH |
| When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/). | |||||
| CVE-2023-41613 | 2 Ezviz, Microsoft | 2 Ezviz Studio, Windows | 2023-12-07 | N/A | 7.8 HIGH |
| EzViz Studio v2.2.0 is vulnerable to DLL hijacking. | |||||
| CVE-2023-47701 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-07 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166. | |||||
| CVE-2023-38727 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-07 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257. | |||||
| CVE-2023-40687 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-07 | N/A | 7.5 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809. | |||||
| CVE-2023-4770 | 2 4d, Microsoft | 3 4d, Server, Windows | 2023-12-06 | N/A | 7.8 HIGH |
| An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution. | |||||
| CVE-2023-44330 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2023-12-05 | N/A | 7.8 HIGH |
| Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-40699 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-12-04 | N/A | 7.5 HIGH |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161. | |||||
| CVE-2023-38268 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-12-04 | N/A | 8.8 HIGH |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585. | |||||
| CVE-2023-47047 | 3 Adobe, Apple, Microsoft | 3 Audition, Macos, Windows | 2023-12-04 | N/A | 7.8 HIGH |
| Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47264 | 4 Apple, Linux, Microsoft and 1 more | 10 Macos, Linux Kernel, Windows and 7 more | 2023-12-01 | N/A | 7.5 HIGH |
| Certain WithSecure products have a buffer over-read whereby processing certain fuzz file types may cause a denial of service (DoS). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later. | |||||
| CVE-2023-49322 | 4 Apple, F-secure, Linux and 1 more | 10 Macos, Atlant, Client Security and 7 more | 2023-12-01 | N/A | 7.5 HIGH |
| Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1. | |||||
| CVE-2023-47263 | 4 Apple, Linux, Microsoft and 1 more | 10 Macos, Linux Kernel, Windows and 7 more | 2023-12-01 | N/A | 7.5 HIGH |
| Certain WithSecure products allow a Denial of Service (DoS) in the antivirus engine when scanning a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later. | |||||
| CVE-2023-3676 | 2 Kubernetes, Microsoft | 2 Kubernetes, Windows | 2023-11-30 | N/A | 8.8 HIGH |
| A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | |||||
| CVE-2023-27305 | 2 Intel, Microsoft | 3 Arc A Graphics, Iris Xe Graphics, Windows | 2023-11-30 | N/A | 7.8 HIGH |
| Incorrect default permissions in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||