Search
Total
6056 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5483 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-12-22 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-5479 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-12-22 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-5478 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-12-22 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-5485 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-12-22 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-5486 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-12-22 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-4764 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-12-22 | N/A | 6.5 MEDIUM |
| Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-5475 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-12-22 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium) | |||||
| CVE-2023-5477 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-12-22 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low) | |||||
| CVE-2023-5850 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-12-22 | N/A | 4.3 MEDIUM |
| Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) | |||||
| CVE-2023-40076 | 1 Google | 1 Android | 2023-12-22 | N/A | 5.5 MEDIUM |
| In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40098 | 1 Google | 1 Android | 2023-12-22 | N/A | 5.5 MEDIUM |
| In mOnDone of NotificationConversationInfo.java, there is a possible way to access app notification data of another user due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40074 | 1 Google | 1 Android | 2023-12-22 | N/A | 5.5 MEDIUM |
| In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40075 | 1 Google | 1 Android | 2023-12-22 | N/A | 5.5 MEDIUM |
| In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2021-25736 | 2 Kubernetes, Microsoft | 2 Kubernetes, Windows | 2023-12-21 | N/A | 6.3 MEDIUM |
| Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected. | |||||
| CVE-2023-34055 | 1 Vmware | 1 Spring Boot | 2023-12-21 | N/A | 6.5 MEDIUM |
| In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * org.springframework.boot:spring-boot-actuator is on the classpath | |||||
| CVE-2022-30949 | 1 Jenkins | 1 Repo | 2023-12-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. | |||||
| CVE-2023-38140 | 1 Microsoft | 8 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 5 more | 2023-12-21 | N/A | 5.5 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability | |||||
| CVE-2023-6289 | 1 Swteplugins | 1 Swift Performance | 2023-12-21 | N/A | 4.3 MEDIUM |
| The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens. | |||||
| CVE-2023-6065 | 1 Quttera | 1 Quttera Web Malware Scanner | 2023-12-21 | N/A | 5.3 MEDIUM |
| The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code | |||||
| CVE-2023-6077 | 1 Wpfrank | 1 Slider Factory Pro | 2023-12-21 | N/A | 6.5 MEDIUM |
| The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protected | |||||
| CVE-2023-6894 | 1 Hikvision | 30 Ds-kd-bk, Ds-kd-dis, Ds-kd-e and 27 more | 2023-12-21 | N/A | 6.5 MEDIUM |
| A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-248253 was assigned to this vulnerability. | |||||
| CVE-2023-5310 | 1 Silabs | 3 Z-wave Long Range 700, Z-wave Long Range 800, Z-wave Software Development Kit | 2023-12-21 | N/A | 6.5 MEDIUM |
| A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device. | |||||
| CVE-2018-2378 | 1 Sap | 1 Hana Extended Application Services | 2023-12-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In SAP HANA Extended Application Services, 1.0, unauthorized users can read statistical data about deployed applications including resource consumption. | |||||
| CVE-2018-2377 | 1 Sap | 1 Hana Extended Application Services | 2023-12-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In SAP HANA Extended Application Services, 1.0, some general server statistics and status information could be retrieved by unauthorized users. | |||||
| CVE-2018-2374 | 1 Sap | 1 Hana Extended Application Services | 2023-12-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space. | |||||
| CVE-2022-25320 | 1 Cerebrate-project | 1 Cerebrate | 2023-12-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Cerebrate through 1.4. Username enumeration could occur. | |||||
| CVE-2022-25319 | 1 Cerebrate-project | 1 Cerebrate | 2023-12-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled. | |||||
| CVE-2022-30159 | 1 Microsoft | 3 Office Online Server, Office Web Apps Server, Sharepoint Server | 2023-12-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30171, CVE-2022-30172. | |||||
| CVE-2023-31489 | 2 Fedoraproject, Frrouting | 2 Fedora, Frrouting | 2023-12-21 | N/A | 5.5 MEDIUM |
| An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function. | |||||
| CVE-2022-24512 | 2 Fedoraproject, Microsoft | 6 Fedora, .net, .net Core and 3 more | 2023-12-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| .NET and Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2023-22940 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-12-21 | N/A | 5.7 MEDIUM |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled. | |||||
| CVE-2022-23256 | 1 Microsoft | 1 Azure Data Explorer | 2023-12-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Azure Data Explorer Spoofing Vulnerability | |||||
| CVE-2022-21894 | 1 Microsoft | 7 Windows 10, Windows 11, Windows 8.1 and 4 more | 2023-12-21 | 4.9 MEDIUM | 4.4 MEDIUM |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2022-21892 | 1 Microsoft | 7 Windows 10, Windows 11, Windows 8.1 and 4 more | 2023-12-21 | 7.2 HIGH | 6.8 MEDIUM |
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |||||
| CVE-2022-21962 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-12-21 | 7.2 HIGH | 6.8 MEDIUM |
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |||||
| CVE-2022-21924 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-12-21 | 5.4 MEDIUM | 5.3 MEDIUM |
| Workstation Service Remote Protocol Security Feature Bypass Vulnerability | |||||
| CVE-2022-21961 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-12-21 | 7.2 HIGH | 6.8 MEDIUM |
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |||||
| CVE-2022-21906 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2023-12-21 | 2.1 LOW | 5.5 MEDIUM |
| Windows Defender Application Control Security Feature Bypass Vulnerability | |||||
| CVE-2022-21921 | 1 Microsoft | 3 Windows 10, Windows 11, Windows Server | 2023-12-21 | 4.9 MEDIUM | 4.4 MEDIUM |
| Windows Defender Credential Guard Security Feature Bypass Vulnerability | |||||
| CVE-2022-21891 | 1 Microsoft | 1 Dynamics 365 Sales | 2023-12-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability | |||||
| CVE-2022-21915 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Windows GDI+ Information Disclosure Vulnerability | |||||
| CVE-2022-21959 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-12-21 | 7.2 HIGH | 6.8 MEDIUM |
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |||||
| CVE-2022-21960 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-12-21 | 7.2 HIGH | 6.8 MEDIUM |
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |||||
| CVE-2022-21900 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-12-21 | 3.8 LOW | 4.6 MEDIUM |
| Windows Hyper-V Security Feature Bypass Vulnerability | |||||
| CVE-2022-21963 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-12-21 | 7.2 HIGH | 6.8 MEDIUM |
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |||||
| CVE-2022-21928 | 1 Microsoft | 7 Windows 10, Windows 11, Windows 8.1 and 4 more | 2023-12-21 | 6.9 MEDIUM | 6.4 MEDIUM |
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |||||
| CVE-2022-21839 | 1 Microsoft | 2 Windows 10, Windows Server 2019 | 2023-12-21 | 2.1 LOW | 5.5 MEDIUM |
| Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability | |||||
| CVE-2022-21931 | 1 Microsoft | 1 Edge Chromium | 2023-12-21 | 4.0 MEDIUM | 4.2 MEDIUM |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2022-21918 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2023-12-21 | 4.9 MEDIUM | 6.5 MEDIUM |
| DirectX Graphics Kernel File Denial of Service Vulnerability | |||||
| CVE-2022-21925 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2023-12-21 | 5.4 MEDIUM | 5.3 MEDIUM |
| Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability | |||||