Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5672 | 1 Wpvibes | 1 Wp Mail Log | 2024-01-04 | N/A | 6.5 MEDIUM |
| The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files. | |||||
| CVE-2023-42436 | 1 Weseek | 1 Growi | 2024-01-04 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting vulnerability exists in the presentation feature of GROWI versions prior to v3.4.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | |||||
| CVE-2023-4641 | 2 Redhat, Shadow-maint | 9 Codeready Linux Builder, Codeready Linux Builder For Arm64, Codeready Linux Builder For Ibm Z Systems and 6 more | 2024-01-04 | N/A | 5.5 MEDIUM |
| A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory. | |||||
| CVE-2023-51654 | 1 Brother | 1 Iprint\&scan | 2024-01-04 | N/A | 5.5 MEDIUM |
| Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. A symlink attack by a malicious user may cause a Denial-of-service (DoS) condition on the PC. | |||||
| CVE-2023-50297 | 1 Alfasado | 1 Powercms | 2024-01-04 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Series) allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability. | |||||
| CVE-2022-2389 | 1 Funnelkit | 1 Funnelkit Automations | 2024-01-04 | N/A | 4.3 MEDIUM |
| The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations | |||||
| CVE-2023-42940 | 1 Apple | 1 Macos | 2024-01-04 | N/A | 5.7 MEDIUM |
| A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content. | |||||
| CVE-2023-43088 | 1 Dell | 2 Precision 7865 Tower, Precision 7865 Tower Firmware | 2024-01-04 | N/A | 6.8 MEDIUM |
| Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device. | |||||
| CVE-2023-39251 | 1 Dell | 26 Inspiron 7510, Inspiron 7510 Firmware, Inspiron 7610 and 23 more | 2024-01-04 | N/A | 6.7 MEDIUM |
| Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system. | |||||
| CVE-2023-5988 | 1 Uyumsoft | 1 Lioxerp | 2024-01-04 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies LioXERP allows Reflected XSS.This issue affects LioXERP: before v.146. | |||||
| CVE-2023-5989 | 1 Uyumsoft | 1 Lioxerp | 2024-01-04 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies LioXERP allows Stored XSS.This issue affects LioXERP: before v.146. | |||||
| CVE-2023-3742 | 1 Google | 2 Chrome, Chrome Os | 2024-01-04 | N/A | 6.8 MEDIUM |
| Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium security severity: High) | |||||
| CVE-2023-40058 | 1 Solarwinds | 1 Access Rights Manager | 2024-01-04 | N/A | 6.5 MEDIUM |
| Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment. | |||||
| CVE-2023-49438 | 1 Flask-security-too Project | 1 Flask-security-too | 2024-01-04 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes. | |||||
| CVE-2023-48003 | 1 Aspnetzero | 1 Asp.net Zero | 2024-01-04 | N/A | 6.1 MEDIUM |
| An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' in the WebSocket messages. | |||||
| CVE-2023-6268 | 1 Json-content-importer | 1 Json Content Importer | 2024-01-04 | N/A | 6.1 MEDIUM |
| The JSON Content Importer WordPress plugin before 1.5.4 does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-46711 | 1 Buffalo | 2 Vr-s1000, Vr-s1000 Firmware | 2024-01-04 | N/A | 4.6 MEDIUM |
| VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user. | |||||
| CVE-2023-49117 | 1 Alfasado | 1 Powercms | 2024-01-04 | N/A | 5.4 MEDIUM |
| PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability. | |||||
| CVE-2023-45741 | 1 Buffalo | 2 Vr-s1000, Vr-s1000 Firmware | 2024-01-04 | N/A | 6.8 MEDIUM |
| VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands. | |||||
| CVE-2020-1591 | 1 Microsoft | 1 Dynamics 365 | 2024-01-04 | 3.5 LOW | 5.4 MEDIUM |
| <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests.</p> | |||||
| CVE-2020-1580 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-01-04 | 3.5 LOW | 5.4 MEDIUM |
| <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p> | |||||
| CVE-2020-1578 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-01-04 | 1.9 LOW | 4.7 MEDIUM |
| <p>An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a <a href="https://technet.microsoft.com/en-us/library/security/dn848375.aspx#ASLR">Kernel Address Space Layout Randomization (ASLR)</a> bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.</p> <p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.</p> | |||||
| CVE-2020-1574 | 1 Microsoft | 1 Windows 10 | 2024-01-04 | 6.9 MEDIUM | 5.5 MEDIUM |
| <p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.</p> <p>Exploitation of the vulnerability requires that a program process a specially crafted image file.</p> <p>The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.</p> | |||||
| CVE-2020-1573 | 1 Microsoft | 4 Sharepoint Designer, Sharepoint Enterprise Server, Sharepoint Foundation and 1 more | 2024-01-04 | 3.5 LOW | 5.5 MEDIUM |
| <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p> | |||||
| CVE-2020-1567 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2024-01-04 | 7.6 HIGH | 4.2 MEDIUM |
| <p>A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.</p> <p>An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how MSHTML engine validates input.</p> | |||||
| CVE-2020-1566 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-01-04 | 7.2 HIGH | 4.2 MEDIUM |
| <p>An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.</p> <p>The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.</p> | |||||
| CVE-2020-1510 | 1 Microsoft | 1 Windows 10 | 2024-01-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| <p>An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting how win32k handles objects in memory.</p> | |||||
| CVE-2020-1505 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-01-04 | 2.1 LOW | 5.5 MEDIUM |
| <p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.</p> | |||||
| CVE-2020-1503 | 1 Microsoft | 7 365 Apps, Office, Office Online Server and 4 more | 2024-01-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| <p>An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.</p> <p>To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.</p> <p>The update addresses the vulnerability by changing the way certain Word functions handle objects in memory.</p> | |||||
| CVE-2020-1502 | 1 Microsoft | 4 365 Apps, Office, Office Online Server and 1 more | 2024-01-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| <p>An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.</p> <p>To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.</p> <p>The update addresses the vulnerability by changing the way certain Word functions handle objects in memory.</p> | |||||
| CVE-2020-1501 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-01-04 | 5.5 MEDIUM | 5.4 MEDIUM |
| <p>A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p> | |||||
| CVE-2020-1500 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-01-04 | 5.5 MEDIUM | 5.4 MEDIUM |
| <p>A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p> | |||||
| CVE-2020-1499 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-01-04 | 5.5 MEDIUM | 5.4 MEDIUM |
| <p>A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p> | |||||
| CVE-2020-1497 | 1 Microsoft | 3 365 Apps, Excel, Office | 2024-01-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| <p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.</p> <p>To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.</p> <p>The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.</p> | |||||
| CVE-2020-1493 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2024-01-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| <p>An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users.</p> <p>To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting.</p> <p>The security update addresses the vulnerability by correcting how Outlook handles file attachment links.</p> | |||||
| CVE-2020-1485 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-01-04 | 2.1 LOW | 5.5 MEDIUM |
| <p>An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit the vulnerability, an authenticated attacker could connect an imaging device (camera, scanner, cellular phone) to an affected system and run a specially crafted application to disclose information.</p> <p>The security update addresses the vulnerability by correcting how the WIA Service handles objects in memory.</p> | |||||
| CVE-2020-1483 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2024-01-04 | 9.3 HIGH | 5.0 MEDIUM |
| <p>A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>Note that where severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector.</p> <p>The security update addresses the vulnerability by correcting how Outlook handles objects in memory.</p> | |||||
| CVE-2020-1476 | 1 Microsoft | 9 .net Framework, Windows 10, Windows 7 and 6 more | 2024-01-04 | 2.1 LOW | 5.5 MEDIUM |
| <p>An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files.</p> <p>To exploit this vulnerability, an attacker would need to send a specially crafted request to an affected server.</p> <p>The update addresses the vulnerability by changing how ASP.NET and .NET handle requests.</p> | |||||
| CVE-2020-1472 | 8 Canonical, Debian, Fedoraproject and 5 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-01-04 | 9.3 HIGH | 5.5 MEDIUM |
| <p>An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (<a href="https://docs.microsoft.com/openspecs/windows_protocols/ms-nrpc/ff8f970f-3e37-40f7-bd4b-af7336e4792f">MS-NRPC</a>). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.</p> <p>To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.</p> <p>Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels.</p> <p>For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see <a href="https://support.microsoft.com/kb/4557222">How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472</a> (updated September 28, 2020).</p> <p>When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See <a href="https://technet.microsoft.com/en-us/security/dd252948">Microsoft Technical Security Notifications</a>.</p> | |||||
| CVE-2020-1455 | 1 Microsoft | 1 Sql Server Management Studio | 2024-01-04 | 2.1 LOW | 5.3 MEDIUM |
| <p>A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files. An attacker could exploit the vulnerability to trigger a denial of service.</p> <p>To exploit the vulnerability, an attacker would first require execution on the victim system.</p> <p>The security update addresses the vulnerability by ensuring Microsoft SQL Server Management Studio properly handles files.</p> | |||||
| CVE-2020-1417 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-01-04 | 7.2 HIGH | 5.5 MEDIUM |
| <p>An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.</p> <p>The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.</p> | |||||
| CVE-2020-1383 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-01-04 | 2.1 LOW | 5.5 MEDIUM |
| <p>An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system</p> <p>To exploit this vulnerability, an attacker would need to run a specially crafted application against an RPC server which has Routing and Remote Access enabled. Routing and Remote Access is a non-default configuration; systems without it enabled are not vulnerable.</p> <p>The security update addresses the vulnerability by correcting how the Routing and Remote Access service handles requests.</p> | |||||
| CVE-2020-1379 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-01-04 | 6.8 MEDIUM | 5.5 MEDIUM |
| <p>A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.</p> <p>The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.</p> | |||||
| CVE-2023-47247 | 1 Sysaid | 1 Sysaid | 2024-01-04 | N/A | 4.3 MEDIUM |
| In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102. | |||||
| CVE-2012-5639 | 3 Apache, Debian, Libreoffice | 3 Openoffice, Debian Linux, Libreoffice | 2024-01-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| LibreOffice and OpenOffice automatically open embedded content | |||||
| CVE-2023-38826 | 1 Follettlearning | 1 Solutions Destiny | 2024-01-03 | N/A | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in Follet Learning Solutions Destiny through 20.0_1U. via the handlewpesearchform.do. searchString. | |||||
| CVE-2023-49944 | 1 Beyondtrust | 1 Privilege Management For Windows | 2024-01-03 | N/A | 6.7 MEDIUM |
| The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature. | |||||
| CVE-2023-27150 | 1 Opencrx | 1 Opencrx | 2024-01-03 | N/A | 5.4 MEDIUM |
| openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity. | |||||
| CVE-2023-51363 | 1 Buffalo | 2 Vr-s1000, Vr-s1000 Firmware | 2024-01-03 | N/A | 6.5 MEDIUM |
| VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unauthenticated attacker who can access the product's web management page to obtain sensitive information. | |||||
| CVE-2023-30451 | 1 Typo3 | 1 Typo3 | 2024-01-03 | N/A | 4.9 MEDIUM |
| In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF]. | |||||