Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35636 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2023-12-14 | N/A | 6.5 MEDIUM |
| Microsoft Outlook Information Disclosure Vulnerability | |||||
| CVE-2023-35619 | 1 Microsoft | 1 Office Long Term Servicing Channel | 2023-12-14 | N/A | 5.3 MEDIUM |
| Microsoft Outlook for Mac Spoofing Vulnerability | |||||
| CVE-2015-2179 | 1 Xaviershay-dm-rails Porject | 1 Xaviershay-dm-rails | 2023-12-14 | N/A | 5.5 MEDIUM |
| The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments. | |||||
| CVE-2020-12614 | 1 Beyondtrust | 1 Privilege Management For Windows | 2023-12-14 | N/A | 7.8 HIGH |
| An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator. | |||||
| CVE-2023-48430 | 1 Siemens | 1 Sinec Ins | 2023-12-14 | N/A | 2.7 LOW |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart. | |||||
| CVE-2023-24922 | 1 Microsoft | 1 Dynamics 365 | 2023-12-14 | N/A | 6.5 MEDIUM |
| Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | |||||
| CVE-2023-49874 | 1 Mattermost | 1 Mattermost Server | 2023-12-14 | N/A | 4.3 MEDIUM |
| Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID. | |||||
| CVE-2023-41118 | 1 Enterprisedb | 1 Postgres Advanced Server | 2023-12-14 | N/A | 8.8 HIGH |
| An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. When a superuser has configured file locations using CREATE DIRECTORY, these functions allow users to take a wide range of actions, including read, write, copy, rename, and delete. | |||||
| CVE-2023-45539 | 1 Haproxy | 1 Haproxy | 2023-12-14 | N/A | 8.2 HIGH |
| HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. | |||||
| CVE-2023-41116 | 1 Enterprisedb | 1 Postgres Advanced Server | 2023-12-14 | N/A | 4.3 MEDIUM |
| An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions. | |||||
| CVE-2021-3187 | 2 Apple, Beyondtrust | 2 Mac Os X, Privilege Management For Mac | 2023-12-14 | N/A | 8.8 HIGH |
| An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.) | |||||
| CVE-2023-41114 | 1 Enterprisedb | 1 Postgres Advanced Server | 2023-12-14 | N/A | 6.5 MEDIUM |
| An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the functions get_url_as_text and get_url_as_bytea that are publicly executable, thus permitting an authenticated user to read any file from the local filesystem or remote system regardless of that user's permissions. | |||||
| CVE-2023-41113 | 1 Enterprisedb | 1 Postgres Advanced Server | 2023-12-14 | N/A | 4.3 MEDIUM |
| An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occur when attempting to read them, and some limited information about their contents (regardless of permissions). This can occur when a superuser has configured one or more directories for filesystem access via CREATE DIRECTORY and adopted certain non-default settings for log_line_prefix and log_connections. | |||||
| CVE-2023-41115 | 1 Enterprisedb | 1 Postgres Advanced Server | 2023-12-14 | N/A | 6.5 MEDIUM |
| An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTL_ENCODE, an authenticated user can read any large object, regardless of that user's permissions. | |||||
| CVE-2020-12613 | 1 Beyondtrust | 1 Privilege Management For Windows | 2023-12-14 | N/A | 8.8 HIGH |
| An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the process, but not the second user. Therefore this second user still retains access and can give permission to the process back to the first user. | |||||
| CVE-2023-32028 | 1 Microsoft | 2 Ole Db Driver For Sql Server, Sql Server | 2023-12-14 | N/A | 7.8 HIGH |
| Microsoft SQL OLE DB Remote Code Execution Vulnerability | |||||
| CVE-2023-49796 | 1 Mindsdb | 1 Mindsdb | 2023-12-14 | N/A | 5.3 MEDIUM |
| MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in `file.py` Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue. | |||||
| CVE-2023-42900 | 1 Apple | 1 Macos | 2023-12-14 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data. | |||||
| CVE-2023-42914 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-12-14 | N/A | 6.3 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to break out of its sandbox. | |||||
| CVE-2023-42919 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-12-14 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to access sensitive user data. | |||||
| CVE-2023-42899 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-12-14 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. Processing an image may lead to arbitrary code execution. | |||||
| CVE-2023-42922 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-12-14 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to read sensitive location information. | |||||
| CVE-2023-34053 | 1 Vmware | 1 Spring Framework | 2023-12-14 | N/A | 7.5 HIGH |
| In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions. | |||||
| CVE-2023-5978 | 1 Freebsd | 1 Freebsd | 2023-12-14 | N/A | 7.5 HIGH |
| In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. This could permit the application to resolve domain names that were previously restricted. | |||||
| CVE-2023-41627 | 1 O-ran-sc | 1 Ric Message Router | 2023-12-14 | N/A | 7.5 HIGH |
| O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the source of the routing tables it receives, potentially allowing attackers to send forged routing tables to the device. | |||||
| CVE-2023-2247 | 1 Octopus | 1 Octopus Deploy | 2023-12-14 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function | |||||
| CVE-2023-36585 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1809, Windows 10 21h1 and 8 more | 2023-12-14 | N/A | 7.5 HIGH |
| Windows upnphost.dll Denial of Service Vulnerability | |||||
| CVE-2023-42874 | 1 Apple | 1 Macos | 2023-12-13 | N/A | 2.4 LOW |
| This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2. Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard. | |||||
| CVE-2023-42898 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-12-13 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing an image may lead to arbitrary code execution. | |||||
| CVE-2023-43304 | 1 Linecorp | 1 Line | 2023-12-13 | N/A | 8.2 HIGH |
| An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43300 | 1 Linecorp | 1 Line | 2023-12-13 | N/A | 8.2 HIGH |
| An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43303 | 1 Linecorp | 1 Line | 2023-12-13 | N/A | 8.2 HIGH |
| An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43301 | 1 Linecorp | 1 Line | 2023-12-13 | N/A | 8.2 HIGH |
| An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43302 | 1 Linecorp | 1 Line | 2023-12-13 | N/A | 8.2 HIGH |
| An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-42923 | 1 Apple | 2 Ipados, Iphone Os | 2023-12-13 | N/A | 5.3 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in iOS 17.2 and iPadOS 17.2. Private Browsing tabs may be accessed without authentication. | |||||
| CVE-2023-6181 | 1 Google | 2 Chromecast, Chromecast Firmware | 2023-12-13 | N/A | 9.8 CRITICAL |
| An oversight in BCB handling of reboot reason that allows for persistent code execution | |||||
| CVE-2023-48424 | 1 Google | 2 Chromecast, Chromecast Firmware | 2023-12-13 | N/A | 9.8 CRITICAL |
| U-Boot shell vulnerability resulting in Privilege escalation in a production device | |||||
| CVE-2023-48425 | 1 Google | 2 Chromecast, Chromecast Firmware | 2023-12-13 | N/A | 9.8 CRITICAL |
| U-Boot vulnerability resulting in persistent Code Execution | |||||
| CVE-2023-42932 | 1 Apple | 1 Macos | 2023-12-13 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access protected user data. | |||||
| CVE-2023-42897 | 1 Apple | 2 Ipados, Iphone Os | 2023-12-13 | N/A | 4.6 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker with physical access may be able to use Siri to access sensitive user data. | |||||
| CVE-2023-40446 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-12-13 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing maliciously crafted input may lead to arbitrary code execution in user-installed apps. | |||||
| CVE-2023-6507 | 1 Python | 1 Python | 2023-12-13 | N/A | 4.9 MEDIUM |
| An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`). | |||||
| CVE-2023-48311 | 1 Jupyter | 1 Dockerspawner | 2023-12-13 | N/A | 4.3 MEDIUM |
| dockerspawner is a tool to spawn JupyterHub single user servers in Docker containers. Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying `DockerSpawner.allowed_images` configuration allow users to launch _any_ pullable docker image, instead of restricting to only the single configured image, as intended. This issue has been addressed in commit `3ba4b665b` which has been included in dockerspawner release version 13. Users are advised to upgrade. Users unable to upgrade should explicitly set `DockerSpawner.allowed_images` to a non-empty list containing only the default image will result in the intended default behavior. | |||||
| CVE-2023-42884 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2023-12-13 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. An app may be able to disclose kernel memory. | |||||
| CVE-2023-50456 | 1 Zammad | 1 Zammad | 2023-12-13 | N/A | 5.3 MEDIUM |
| An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name. | |||||
| CVE-2023-42891 | 1 Apple | 1 Macos | 2023-12-13 | N/A | 5.5 MEDIUM |
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to monitor keystrokes without user permission. | |||||
| CVE-2023-48405 | 1 Google | 1 Android | 2023-12-13 | N/A | 6.7 MEDIUM |
| there is a possible way for the secure world to write to NS memory due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-48406 | 1 Google | 1 Android | 2023-12-13 | N/A | 6.7 MEDIUM |
| there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-24464 | 2 Fedoraproject, Microsoft | 5 Fedora, .net, .net Core and 2 more | 2023-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| .NET and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2023-21808 | 1 Microsoft | 25 .net, .net Framework, Visual Studio 2017 and 22 more | 2023-12-13 | N/A | 7.8 HIGH |
| .NET and Visual Studio Remote Code Execution Vulnerability | |||||