Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36894 | 1 Microsoft | 1 Sharepoint Server | 2023-08-11 | N/A | 6.5 MEDIUM |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||
| CVE-2023-36893 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2023-08-11 | N/A | 6.5 MEDIUM |
| Microsoft Outlook Spoofing Vulnerability | |||||
| CVE-2023-36877 | 1 Microsoft | 1 Azure Hdinsights | 2023-08-11 | N/A | 4.5 MEDIUM |
| Azure Apache Oozie Spoofing Vulnerability | |||||
| CVE-2023-36881 | 1 Microsoft | 1 Azure Hdinsights | 2023-08-11 | N/A | 4.5 MEDIUM |
| Azure Apache Ambari Spoofing Vulnerability | |||||
| CVE-2023-36890 | 1 Microsoft | 1 Sharepoint Server | 2023-08-11 | N/A | 6.5 MEDIUM |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||
| CVE-2023-36889 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-11 | N/A | 5.5 MEDIUM |
| Windows Group Policy Security Feature Bypass Vulnerability | |||||
| CVE-2021-30947 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-08-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user's files. | |||||
| CVE-2023-38157 | 1 Microsoft | 1 Edge Chromium | 2023-08-10 | N/A | 6.5 MEDIUM |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
| CVE-2023-35384 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 6.5 MEDIUM |
| Windows HTML Platforms Security Feature Bypass Vulnerability | |||||
| CVE-2023-39518 | 1 Fobybus | 1 Social-media-skeleton | 2023-08-10 | N/A | 5.4 MEDIUM |
| social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3. | |||||
| CVE-2023-38188 | 1 Microsoft | 1 Azure Hdinsights | 2023-08-10 | N/A | 4.5 MEDIUM |
| Azure Apache Hadoop Spoofing Vulnerability | |||||
| CVE-2023-36873 | 1 Microsoft | 12 .net Framework, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 5.9 MEDIUM |
| .NET Framework Spoofing Vulnerability | |||||
| CVE-2023-38254 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 6.5 MEDIUM |
| Microsoft Message Queuing Denial of Service Vulnerability | |||||
| CVE-2023-35394 | 1 Microsoft | 1 Azure Hdinsights | 2023-08-10 | N/A | 4.6 MEDIUM |
| Azure HDInsight Jupyter Notebook Spoofing Vulnerability | |||||
| CVE-2023-36897 | 1 Microsoft | 6 365 Apps, Office, Visual Studio 2010 Tools For Office Runtime and 3 more | 2023-08-10 | N/A | 6.5 MEDIUM |
| Visual Studio Tools for Office Runtime Spoofing Vulnerability | |||||
| CVE-2023-35393 | 1 Microsoft | 1 Azure Hdinsights | 2023-08-10 | N/A | 4.5 MEDIUM |
| Azure Apache Hive Spoofing Vulnerability | |||||
| CVE-2023-35377 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 6.5 MEDIUM |
| Microsoft Message Queuing Denial of Service Vulnerability | |||||
| CVE-2023-35376 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 6.5 MEDIUM |
| Microsoft Message Queuing Denial of Service Vulnerability | |||||
| CVE-2023-38686 | 1 Matrix | 1 Sydent | 2023-08-10 | N/A | 5.3 MEDIUM |
| Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation emails. This is patched in Sydent 2.5.6. When patching, make sure that Sydent trusts the certificate of the server it is connecting to. This should happen automatically when using properly issued certificates. Those who use self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of your operating system. As a workaround, one can ensure Sydent's emails fail to send by setting the configured SMTP server to a loopback or non-routable address under one's control which does not have a listening SMTP server. | |||||
| CVE-2023-36909 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 6.5 MEDIUM |
| Microsoft Message Queuing Denial of Service Vulnerability | |||||
| CVE-2023-36908 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 6.5 MEDIUM |
| Windows Hyper-V Information Disclosure Vulnerability | |||||
| CVE-2023-35389 | 1 Microsoft | 1 Dynamics 365 | 2023-08-10 | N/A | 6.5 MEDIUM |
| Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | |||||
| CVE-2023-32600 | 1 Rankmath | 1 Seo | 2023-08-10 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin <= 1.0.119 versions. | |||||
| CVE-2023-21647 | 1 Qualcomm | 86 Qca6390, Qca6390 Firmware, Qca6391 and 83 more | 2023-08-10 | N/A | 6.5 MEDIUM |
| Information disclosure in Bluetooth when an GATT packet is received due to improper input validation. | |||||
| CVE-2023-38697 | 1 Socketry | 1 Protocol-http1 | 2023-08-10 | N/A | 5.3 MEDIUM |
| protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split from chunk data using CRLF, and the chunk extension shouldn't contain any invisible character. However, Falcon has following behaviors while disobey the corresponding RFCs: accepting Content-Length header values that have `+` prefix, accepting Content-Length header values that written in hexadecimal with `0x` prefix, accepting `0x` and `+` prefixed chunk size, and accepting LF in chunk extension. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially results in HTTP request smuggling and firewall bypassing. This issue is fixed in `protocol-http1` v0.15.1. There are no known workarounds. | |||||
| CVE-2023-38698 | 1 Ens.domains | 1 Ethereum Name Service | 2023-08-10 | N/A | 6.5 MEDIUM |
| Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled controller may be able to reduce the expiration time of existing domains due to an integer overflow in the renew function. The vulnerability resides `@ensdomains/ens-contracts` prior to version 0.0.22. If successfully exploited, this vulnerability would enable attackers to force the expiration of any ENS record, ultimately allowing them to claim the affected domains for themselves. Currently, it would require a malicious DAO to exploit it. Nevertheless, any vulnerability present in the controllers could potentially render this issue exploitable in the future. An additional concern is the possibility of renewal discounts. Should ENS decide to implement a system that offers unlimited .eth domains for a fixed fee in the future, the vulnerability could become exploitable by any user due to the reduced attack cost. Version 0.0.22 contains a patch for this issue. As long as registration cost remains linear or superlinear based on registration duration, or limited to a reasonable maximum (eg, 1 million years), this vulnerability could only be exploited by a malicious DAO. The interim workaround is thus to take no action. | |||||
| CVE-2023-38699 | 1 Mindsdb | 1 Mindsdb | 2023-08-10 | N/A | 6.5 MEDIUM |
| MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version 23.7.4.0, certificates are validated by default, which is the desired behavior. | |||||
| CVE-2023-4196 | 1 Agentejo | 1 Cockpit | 2023-08-10 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3. | |||||
| CVE-2023-33912 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-10 | N/A | 5.5 MEDIUM |
| In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33911 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2023-08-10 | N/A | 5.5 MEDIUM |
| In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33910 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-10 | N/A | 5.5 MEDIUM |
| In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33909 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-10 | N/A | 5.5 MEDIUM |
| In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33908 | 2 Google, Unisoc | 13 Android, S8000, Sc9832e and 10 more | 2023-08-10 | N/A | 5.5 MEDIUM |
| In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33907 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-10 | N/A | 5.5 MEDIUM |
| In Contacts Service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2022-47351 | 2 Google, Unisoc | 10 Android, S8000, T606 and 7 more | 2023-08-10 | N/A | 4.4 MEDIUM |
| In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | |||||
| CVE-2023-3766 | 1 Cloudflare | 1 Odoh-rs | 2023-08-10 | N/A | 5.9 MEDIUM |
| A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the service temporarily unavailable. | |||||
| CVE-2022-47350 | 2 Google, Unisoc | 12 Android, S8000, Sc9863a and 9 more | 2023-08-10 | N/A | 4.4 MEDIUM |
| In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | |||||
| CVE-2023-23880 | 1 Monsterinsights | 1 Exactmetrics | 2023-08-10 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExactMetrics plugin <= 7.14.1 versions. | |||||
| CVE-2023-23877 | 1 Bkmacdaddy | 1 Pinterest Rss Widget | 2023-08-10 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in bkmacdaddy designs Pinterest RSS Widget plugin <= 2.3.1 versions. | |||||
| CVE-2023-23829 | 1 Pierre-jehan | 1 Owl Carousel | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pierre JEHAN Owl Carousel plugin <= 0.5.3 versions. | |||||
| CVE-2022-45821 | 1 Nootheme | 1 Noo Timetable | 2023-08-10 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NooTheme Noo Timetable plugin <= 2.1.3 versions. | |||||
| CVE-2023-36692 | 1 Wp-cirrus Project | 1 Wp-cirrus | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christian Kramer & Hendrik Thole WP-Cirrus plugin <= 0.6.11 versions. | |||||
| CVE-2023-32503 | 1 Gtmetrix | 1 Gtmetrix | 2023-08-10 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.6 versions. | |||||
| CVE-2023-29099 | 1 Elegant Themes | 1 Divi | 2023-08-10 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Elegant themes Divi theme <= 4.20.2 versions. | |||||
| CVE-2023-27422 | 1 Nsthemes | 1 Ns Coupon To Become Customer | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes NS Coupon To Become Customer plugin <= 1.2.2 versions. | |||||
| CVE-2023-27421 | 1 Everestthemes | 1 Everest News | 2023-08-10 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Everest News theme <= 1.1.0 versions. | |||||
| CVE-2023-27416 | 1 Decondigital | 1 Decon Wp Sms | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Decon Digital Decon WP SMS plugin <= 1.1 versions. | |||||
| CVE-2023-27412 | 1 Everestthemes | 1 Mocho Blog | 2023-08-10 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Mocho Blog theme <= 1.0.4 versions. | |||||
| CVE-2023-27627 | 1 Eggemplo | 1 Woocommerce Email Report | 2023-08-10 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in eggemplo Woocommerce Email Report plugin <= 2.4 versions. | |||||
| CVE-2023-27415 | 1 Themeqx | 1 Letterpress | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themeqx LetterPress plugin <= 1.1.2 versions. | |||||