Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36035 | 1 Microsoft | 1 Exchange Server | 2023-11-20 | N/A | 8.0 HIGH |
| Microsoft Exchange Server Spoofing Vulnerability | |||||
| CVE-2023-36036 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2023-11-20 | N/A | 7.8 HIGH |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||
| CVE-2023-36037 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2023-11-20 | N/A | 7.8 HIGH |
| Microsoft Excel Security Feature Bypass Vulnerability | |||||
| CVE-2023-36039 | 1 Microsoft | 1 Exchange Server | 2023-11-20 | N/A | 8.0 HIGH |
| Microsoft Exchange Server Spoofing Vulnerability | |||||
| CVE-2023-38151 | 1 Microsoft | 2 Host Integration Server, Ole Db Provider | 2023-11-20 | N/A | 8.8 HIGH |
| Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability | |||||
| CVE-2023-42781 | 1 Apache | 1 Airflow | 2023-11-20 | N/A | 6.5 MEDIUM |
| Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome. Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability. | |||||
| CVE-2023-36045 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2023-11-20 | N/A | 7.8 HIGH |
| Microsoft Office Graphics Remote Code Execution Vulnerability | |||||
| CVE-2023-36047 | 1 Microsoft | 8 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 5 more | 2023-11-20 | N/A | 7.8 HIGH |
| Windows Authentication Elevation of Privilege Vulnerability | |||||
| CVE-2023-36046 | 1 Microsoft | 4 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 1 more | 2023-11-20 | N/A | 7.1 HIGH |
| Windows Authentication Denial of Service Vulnerability | |||||
| CVE-2023-36050 | 1 Microsoft | 1 Exchange Server | 2023-11-20 | N/A | 8.0 HIGH |
| Microsoft Exchange Server Spoofing Vulnerability | |||||
| CVE-2023-36052 | 1 Microsoft | 1 Azure Cli | 2023-11-20 | N/A | 8.6 HIGH |
| Azure CLI REST Command Information Disclosure Vulnerability | |||||
| CVE-2023-36392 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2023-11-20 | N/A | 7.5 HIGH |
| DHCP Server Service Denial of Service Vulnerability | |||||
| CVE-2023-36393 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2023-11-20 | N/A | 7.8 HIGH |
| Windows User Interface Application Core Remote Code Execution Vulnerability | |||||
| CVE-2023-36394 | 1 Microsoft | 9 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 6 more | 2023-11-20 | N/A | 7.0 HIGH |
| Windows Search Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-36396 | 1 Microsoft | 2 Windows 11 22h2, Windows 11 23h2 | 2023-11-20 | N/A | 7.8 HIGH |
| Windows Compressed Folder Remote Code Execution Vulnerability | |||||
| CVE-2023-36395 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2023-11-20 | N/A | 7.5 HIGH |
| Windows Deployment Services Denial of Service Vulnerability | |||||
| CVE-2023-36028 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2023-11-20 | N/A | 9.8 CRITICAL |
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | |||||
| CVE-2023-47117 | 1 Humansignal | 1 Label Studio | 2023-11-20 | N/A | 7.5 HIGH |
| Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper (ORM). Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by character. In addition, Label Studio had a hard coded secret key that an attacker can use to forge a session token of any user by exploiting this ORM Leak vulnerability to leak account password hashes. This vulnerability has been addressed in commit `f931d9d129` which is included in the 1.9.2post0 release. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-6100 | 1 Maiwei Safety Production Control Platform Project | 1 Maiwei Safety Production Control Platform | 2023-11-20 | N/A | 5.3 MEDIUM |
| A vulnerability classified as problematic was found in Maiwei Safety Production Control Platform 4.1. This vulnerability affects unknown code of the file /api/DataDictionary/GetItemList. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-245062 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6101 | 1 Maiwei Safety Production Control Platform Project | 1 Maiwei Safety Production Control Platform | 2023-11-20 | N/A | 7.5 HIGH |
| A vulnerability, which was classified as problematic, has been found in Maiwei Safety Production Control Platform 4.1. This issue affects some unknown processing of the file /TC/V2.7/ha.html of the component Intelligent Monitoring. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-245063. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2020-8973 | 1 Zigor | 2 Zgr Tps200 Ng, Zgr Tps200 Ng Firmware | 2023-11-20 | N/A | 8.1 HIGH |
| ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests. This allows an attacker with access to the network where the affected asset is located, to operate and change several parameters without having to be registered as a user on the web that owns the device. | |||||
| CVE-2023-6073 | 1 Volkswagen | 2 Id.3, Id.3 Firmware | 2023-11-18 | N/A | 6.3 MEDIUM |
| Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls. | |||||
| CVE-2023-5543 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2023-11-18 | N/A | 3.3 LOW |
| When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting. | |||||
| CVE-2014-125102 | 1 Bestwebsoft | 1 Relevant | 2023-11-18 | N/A | 7.5 HIGH |
| A vulnerability classified as problematic was found in Bestwebsoft Relevant Plugin up to 1.0.7 on WordPress. Affected by this vulnerability is an unknown functionality of the component Thumbnail Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.0.8 is able to address this issue. The identifier of the patch is 860d1891025548cf0f5f97364c1f51a888f523c3. It is recommended to upgrade the affected component. The identifier VDB-230113 was assigned to this vulnerability. | |||||
| CVE-2023-41138 | 1 Appsanywhere | 1 Appsanywhere Client | 2023-11-18 | N/A | 6.7 MEDIUM |
| The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process. | |||||
| CVE-2023-43902 | 1 Emsigner | 1 Emsigner | 2023-11-17 | N/A | 9.8 CRITICAL |
| Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token. | |||||
| CVE-2023-43901 | 1 Emsigner | 1 Emsigner | 2023-11-17 | N/A | 5.9 MEDIUM |
| Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user. | |||||
| CVE-2023-45878 | 1 Gibbonedu | 1 Gibbon | 2023-11-17 | N/A | 9.8 CRITICAL |
| GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set, the defined path is used as the destination folder, concatenated with the absolute path of the installation directory. The content of the img parameter is base64 decoded and written to the defined file path. This allows creation of PHP files that permit Remote Code Execution (unauthenticated). | |||||
| CVE-2018-8863 | 1 Philips | 1 Encoreanywhere | 2023-11-17 | N/A | 7.5 HIGH |
| The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information. | |||||
| CVE-2022-41076 | 1 Microsoft | 11 Powershell, Windows 10, Windows 11 and 8 more | 2023-11-17 | N/A | 8.5 HIGH |
| PowerShell Remote Code Execution Vulnerability | |||||
| CVE-2022-41089 | 1 Microsoft | 11 .net Framework, Windows 10, Windows 11 and 8 more | 2023-11-17 | N/A | 7.8 HIGH |
| .NET Framework Remote Code Execution Vulnerability | |||||
| CVE-2022-41121 | 1 Microsoft | 12 Powershell, Remote Desktop, Windows 10 and 9 more | 2023-11-17 | N/A | 7.8 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||
| CVE-2022-44689 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2019 and 2 more | 2023-11-17 | N/A | 7.8 HIGH |
| Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2022-44702 | 1 Microsoft | 3 Terminal, Windows 10, Windows 11 | 2023-11-17 | N/A | 7.8 HIGH |
| Windows Terminal Remote Code Execution Vulnerability | |||||
| CVE-2022-44704 | 1 Microsoft | 1 Windows Sysmon | 2023-11-17 | N/A | 7.8 HIGH |
| Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability | |||||
| CVE-2023-5551 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2023-11-17 | N/A | 3.3 LOW |
| Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups. | |||||
| CVE-2023-45284 | 2 Golang, Microsoft | 2 Go, Windows | 2023-11-17 | N/A | 5.3 MEDIUM |
| On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local. | |||||
| CVE-2023-45558 | 1 Golden Project | 1 Golden | 2023-11-17 | N/A | 7.5 HIGH |
| An issue in Golden v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | |||||
| CVE-2023-45560 | 1 Memberscard Project | 1 Memberscard | 2023-11-17 | N/A | 7.5 HIGH |
| An issue in Yasukawa memberscard v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | |||||
| CVE-2023-38363 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2023-11-17 | N/A | 4.3 MEDIUM |
| IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 260818. | |||||
| CVE-2023-39228 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 7.5 HIGH |
| Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2023-39221 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 8.8 HIGH |
| Improper access control for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-46646 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 5.5 MEDIUM |
| Exposure of sensitive information to an unauthorized actor for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2023-22285 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 7.5 HIGH |
| Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2023-22448 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 7.2 HIGH |
| Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access. | |||||
| CVE-2023-36027 | 1 Microsoft | 1 Edge Chromium | 2023-11-16 | N/A | 6.3 MEDIUM |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2023-4379 | 1 Gitlab | 1 Gitlab | 2023-11-16 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated. | |||||
| CVE-2023-45167 | 1 Ibm | 2 Aix, Vios | 2023-11-16 | N/A | 5.5 MEDIUM |
| IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965. | |||||
| CVE-2023-6076 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2023-11-16 | N/A | 7.5 HIGH |
| A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file booking-details.php of the component Reservation Status Handler. The manipulation of the argument bid leads to information disclosure. The attack can be launched remotely. The identifier VDB-244945 was assigned to this vulnerability. | |||||
| CVE-2023-47614 | 1 Telit | 20 Bgs5, Bgs5 Firmware, Ehs5 and 17 more | 2023-11-16 | N/A | 3.3 LOW |
| A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system. | |||||