Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21294 | 3 Debian, Netapp, Oracle | 19 Debian Linux, 7-mode Transition Tool, Active Iq Unified Manager and 16 more | 2024-01-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2023-42663 | 1 Apache | 1 Airflow | 2024-01-12 | N/A | 6.5 MEDIUM |
| Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability. | |||||
| CVE-2023-38201 | 3 Fedoraproject, Keylime, Redhat | 9 Fedora, Keylime, Enterprise Linux and 6 more | 2024-01-12 | N/A | 6.5 MEDIUM |
| A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database. | |||||
| CVE-2022-20531 | 1 Google | 1 Android | 2024-01-12 | N/A | 5.5 MEDIUM |
| In Telecom, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-20662 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-01-12 | N/A | 4.9 MEDIUM |
| Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability | |||||
| CVE-2024-20663 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-01-12 | N/A | 6.5 MEDIUM |
| Windows Message Queuing Client (MSMQC) Information Disclosure | |||||
| CVE-2024-20664 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-01-12 | N/A | 6.5 MEDIUM |
| Microsoft Message Queuing Information Disclosure Vulnerability | |||||
| CVE-2023-4753 | 1 Openharmony | 1 Openharmony | 2024-01-12 | N/A | 5.5 MEDIUM |
| OpenHarmony v3.2.1 and prior version has a system call function usage error. Local attackers can crash kernel by the error input. | |||||
| CVE-2023-49235 | 1 Trendnet | 2 Tv-ip1314pi, Tv-ip1314pi Firmware | 2024-01-12 | N/A | 9.8 CRITICAL |
| An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command. | |||||
| CVE-2024-22125 | 1 Sap | 1 Gui Connector | 2024-01-12 | N/A | 7.5 HIGH |
| Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) - version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confidentiality. | |||||
| CVE-2023-41603 | 1 Dlink | 2 R15, R15 Firmware | 2024-01-12 | N/A | 5.3 MEDIUM |
| D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6. | |||||
| CVE-2024-20696 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-01-12 | N/A | 7.3 HIGH |
| Windows Libarchive Remote Code Execution Vulnerability | |||||
| CVE-2024-20698 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-01-12 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-21305 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-01-12 | N/A | 4.4 MEDIUM |
| Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | |||||
| CVE-2024-21311 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-01-12 | N/A | 5.5 MEDIUM |
| Windows Cryptographic Services Information Disclosure Vulnerability | |||||
| CVE-2024-21310 | 1 Microsoft | 8 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 5 more | 2024-01-12 | N/A | 7.8 HIGH |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||
| CVE-2023-50121 | 1 Autelrobotics | 2 Evo Nano Drone, Evo Nano Drone Firmware | 2024-01-12 | N/A | 5.7 MEDIUM |
| Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS). | |||||
| CVE-2024-21306 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more | 2024-01-12 | N/A | 5.7 MEDIUM |
| Microsoft Bluetooth Driver Spoofing Vulnerability | |||||
| CVE-2024-21309 | 1 Microsoft | 4 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 1 more | 2024-01-12 | N/A | 7.8 HIGH |
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-21316 | 1 Microsoft | 10 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 7 more | 2024-01-12 | N/A | 6.1 MEDIUM |
| Windows Server Key Distribution Service Security Feature Bypass | |||||
| CVE-2024-21312 | 1 Microsoft | 13 .net Framework, Windows 10 1607, Windows 10 1809 and 10 more | 2024-01-12 | N/A | 7.5 HIGH |
| .NET Framework Denial of Service Vulnerability | |||||
| CVE-2024-21314 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-01-12 | N/A | 6.5 MEDIUM |
| Microsoft Message Queuing Information Disclosure Vulnerability | |||||
| CVE-2024-21313 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-01-12 | N/A | 5.3 MEDIUM |
| Windows TCP/IP Information Disclosure Vulnerability | |||||
| CVE-2024-21320 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-01-12 | N/A | 6.5 MEDIUM |
| Windows Themes Spoofing Vulnerability | |||||
| CVE-2024-21318 | 1 Microsoft | 1 Sharepoint Server | 2024-01-12 | N/A | 8.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2024-21325 | 1 Microsoft | 1 Printer Metadata Troubleshooter Tool | 2024-01-12 | N/A | 7.8 HIGH |
| Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability | |||||
| CVE-2023-42882 | 1 Apple | 1 Macos | 2024-01-12 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2. Processing an image may lead to arbitrary code execution. | |||||
| CVE-2023-51406 | 1 Ninjateam | 1 Fastdup | 2024-01-12 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup – Fastest WordPress Migration & Duplicator.This issue affects FastDup – Fastest WordPress Migration & Duplicator: from n/a through 2.1.7. | |||||
| CVE-2023-50643 | 1 Evernote | 1 Evernote | 2024-01-12 | N/A | 9.8 CRITICAL |
| An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components. | |||||
| CVE-2023-46906 | 1 Juzaweb | 1 Cms | 2024-01-12 | N/A | 4.9 MEDIUM |
| juzaweb <= 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated. | |||||
| CVE-2023-42929 | 1 Apple | 1 Macos | 2024-01-12 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access protected user data. | |||||
| CVE-2023-42933 | 1 Apple | 1 Macos | 2024-01-12 | N/A | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to gain elevated privileges. | |||||
| CVE-2023-42876 | 1 Apple | 1 Macos | 2024-01-12 | N/A | 7.1 HIGH |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to a denial-of-service or potentially disclose memory contents. | |||||
| CVE-2023-42826 | 1 Apple | 1 Macos | 2024-01-12 | N/A | 7.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to arbitrary code execution. | |||||
| CVE-2023-41994 | 1 Apple | 1 Macos | 2024-01-12 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks This issue is fixed in macOS Sonoma 14. A camera extension may be able to access the camera view from apps other than the app for which it was granted permission. | |||||
| CVE-2023-40430 | 1 Apple | 1 Macos | 2024-01-12 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access removable volumes without user consent. | |||||
| CVE-2023-41987 | 1 Apple | 1 Macos | 2024-01-12 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data. | |||||
| CVE-2023-40411 | 1 Apple | 1 Macos | 2024-01-12 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14. An app may be able to access user-sensitive data. | |||||
| CVE-2023-29258 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-01-12 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048. | |||||
| CVE-2023-46167 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-01-12 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367. | |||||
| CVE-2023-45178 | 1 Ibm | 1 Db2 | 2024-01-12 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used. IBM X-Force ID: 268073. | |||||
| CVE-2023-6534 | 1 Freebsd | 1 Freebsd | 2024-01-12 | N/A | 7.5 HIGH |
| In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE before 12.4-RELEASE-p9, the pf(4) packet filter incorrectly validates TCP sequence numbers. This could allow a malicious actor to execute a denial-of-service attack against hosts behind the firewall. | |||||
| CVE-2023-26433 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 4.3 MEDIUM |
| When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted IMAP server response to reasonable length/size. No publicly available exploits are known. | |||||
| CVE-2023-26432 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 4.3 MEDIUM |
| When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted SMTP server response to reasonable length/size. No publicly available exploits are known. | |||||
| CVE-2023-26434 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 4.3 MEDIUM |
| When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server response to reasonable length/size. No publicly available exploits are known. | |||||
| CVE-2023-47489 | 1 Combodo | 1 Itop | 2024-01-11 | N/A | 7.8 HIGH |
| CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components. | |||||
| CVE-2023-49252 | 1 Siemens | 1 Simatic Cn 4100 | 2024-01-11 | N/A | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected application allows IP configuration change without authentication to the device. This could allow an attacker to cause denial of service condition. | |||||
| CVE-2023-35356 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2024-01-11 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-35633 | 1 Microsoft | 3 Windows 10 1507, Windows Server 2008, Windows Server 2012 | 2024-01-11 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-0305 | 1 Ncast Project | 1 Ncast | 2024-01-11 | N/A | 7.5 HIGH |
| A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Affected by this issue is some unknown functionality of the file /manage/IPSetup.php of the component Guest Login. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249872. | |||||