Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15398 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2023-08-11 | 4.3 MEDIUM | 4.0 MEDIUM |
| A vulnerability in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to errors that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit this vulnerability by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to access resources that are behind the affected device and would typically be protected by the interface ACL. | |||||
| CVE-2023-38704 | 1 Datadoghq | 1 Import-in-the-middle | 2023-08-11 | N/A | 9.8 CRITICAL |
| import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for remote code execution in cases where an application passes user-supplied input directly to the `import()` function. This vulnerability has been patched in import-in-the-middle version 1.4.2. Some workarounds are available. Do not pass any user-supplied input to `import()`. Instead, verify it against a set of allowed values. If using import-in-the-middle, directly or indirectly, and support for EcmaScript Modules is not needed, ensure that no options are set, either via command-line or the `NODE_OPTIONS` environment variable, that would enable loader hooks. | |||||
| CVE-2023-36899 | 1 Microsoft | 11 .net, .net Framework, Windows 10 1809 and 8 more | 2023-08-11 | N/A | 8.8 HIGH |
| ASP.NET Elevation of Privilege Vulnerability | |||||
| CVE-2023-38172 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-11 | N/A | 7.5 HIGH |
| Microsoft Message Queuing Denial of Service Vulnerability | |||||
| CVE-2023-38167 | 1 Microsoft | 1 Dynamics 365 Business Central | 2023-08-11 | N/A | 7.2 HIGH |
| Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability | |||||
| CVE-2023-36914 | 1 Microsoft | 5 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 2 more | 2023-08-11 | N/A | 5.5 MEDIUM |
| Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability | |||||
| CVE-2023-39217 | 1 Zoom | 2 Meeting Software Development Kit, Video Software Development Kit | 2023-08-11 | N/A | 7.5 HIGH |
| Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access. | |||||
| CVE-2023-39216 | 1 Zoom | 1 Zoom | 2023-08-11 | N/A | 9.8 CRITICAL |
| Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access. | |||||
| CVE-2023-35368 | 1 Microsoft | 1 Exchange Server | 2023-08-11 | N/A | 8.8 HIGH |
| Microsoft Exchange Remote Code Execution Vulnerability | |||||
| CVE-2023-35388 | 1 Microsoft | 1 Exchange Server | 2023-08-11 | N/A | 8.0 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2023-38175 | 1 Microsoft | 1 Windows Defender | 2023-08-11 | N/A | 7.8 HIGH |
| Microsoft Windows Defender Elevation of Privilege Vulnerability | |||||
| CVE-2023-38178 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2023-08-11 | N/A | 7.5 HIGH |
| .NET Core and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2023-38176 | 1 Microsoft | 1 Azure Arc-enabled Servers | 2023-08-11 | N/A | 7.0 HIGH |
| Azure Arc-Enabled Servers Elevation of Privilege Vulnerability | |||||
| CVE-2023-26604 | 1 Systemd Project | 1 Systemd | 2023-08-11 | N/A | 7.8 HIGH |
| systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output. | |||||
| CVE-2023-35391 | 1 Microsoft | 3 .net, Asp.net Core, Visual Studio 2022 | 2023-08-11 | N/A | 7.5 HIGH |
| ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability | |||||
| CVE-2023-38181 | 1 Microsoft | 1 Exchange Server | 2023-08-11 | N/A | 8.8 HIGH |
| Microsoft Exchange Server Spoofing Vulnerability | |||||
| CVE-2023-38184 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-11 | N/A | 7.5 HIGH |
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | |||||
| CVE-2023-38182 | 1 Microsoft | 1 Exchange Server | 2023-08-11 | N/A | 8.0 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2023-36533 | 1 Zoom | 2 Meeting Software Development Kit, Video Software Development Kit | 2023-08-11 | N/A | 7.5 HIGH |
| Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access. | |||||
| CVE-2023-35383 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-11 | N/A | 7.5 HIGH |
| Microsoft Message Queuing Information Disclosure Vulnerability | |||||
| CVE-2023-36866 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2023-08-11 | N/A | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability | |||||
| CVE-2023-36865 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2023-08-11 | N/A | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability | |||||
| CVE-2023-36869 | 1 Microsoft | 1 Azure Devops Server | 2023-08-11 | N/A | 6.3 MEDIUM |
| Azure DevOps Server Spoofing Vulnerability | |||||
| CVE-2023-36905 | 1 Microsoft | 9 Windows 10, Windows 10 1607, Windows 10 1809 and 6 more | 2023-08-11 | N/A | 7.5 HIGH |
| Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | |||||
| CVE-2023-38154 | 1 Microsoft | 2 Windows 10 1809, Windows Server 2019 | 2023-08-11 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-36894 | 1 Microsoft | 1 Sharepoint Server | 2023-08-11 | N/A | 6.5 MEDIUM |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||
| CVE-2023-36892 | 1 Microsoft | 1 Sharepoint Server | 2023-08-11 | N/A | 8.0 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2023-36893 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2023-08-11 | N/A | 6.5 MEDIUM |
| Microsoft Outlook Spoofing Vulnerability | |||||
| CVE-2023-36876 | 1 Microsoft | 1 Windows Server 2008 | 2023-08-11 | N/A | 7.1 HIGH |
| Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability | |||||
| CVE-2023-36877 | 1 Microsoft | 1 Azure Hdinsights | 2023-08-11 | N/A | 4.5 MEDIUM |
| Azure Apache Oozie Spoofing Vulnerability | |||||
| CVE-2023-36881 | 1 Microsoft | 1 Azure Hdinsights | 2023-08-11 | N/A | 4.5 MEDIUM |
| Azure Apache Ambari Spoofing Vulnerability | |||||
| CVE-2023-36890 | 1 Microsoft | 1 Sharepoint Server | 2023-08-11 | N/A | 6.5 MEDIUM |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||
| CVE-2023-36889 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-11 | N/A | 5.5 MEDIUM |
| Windows Group Policy Security Feature Bypass Vulnerability | |||||
| CVE-2023-36882 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-11 | N/A | 8.8 HIGH |
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2023-36891 | 1 Microsoft | 1 Sharepoint Server | 2023-08-11 | N/A | 8.0 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2023-38157 | 1 Microsoft | 1 Edge Chromium | 2023-08-10 | N/A | 6.5 MEDIUM |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
| CVE-2023-36913 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 7.5 HIGH |
| Microsoft Message Queuing Information Disclosure Vulnerability | |||||
| CVE-2023-35384 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 6.5 MEDIUM |
| Windows HTML Platforms Security Feature Bypass Vulnerability | |||||
| CVE-2023-38185 | 1 Microsoft | 1 Exchange Server | 2023-08-10 | N/A | 8.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2023-38188 | 1 Microsoft | 1 Azure Hdinsights | 2023-08-10 | N/A | 4.5 MEDIUM |
| Azure Apache Hadoop Spoofing Vulnerability | |||||
| CVE-2023-38186 | 1 Microsoft | 5 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 2 more | 2023-08-10 | N/A | 9.8 CRITICAL |
| Windows Mobile Device Management Elevation of Privilege Vulnerability | |||||
| CVE-2023-36873 | 1 Microsoft | 12 .net Framework, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 5.9 MEDIUM |
| .NET Framework Spoofing Vulnerability | |||||
| CVE-2023-38254 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 6.5 MEDIUM |
| Microsoft Message Queuing Denial of Service Vulnerability | |||||
| CVE-2023-35394 | 1 Microsoft | 1 Azure Hdinsights | 2023-08-10 | N/A | 4.6 MEDIUM |
| Azure HDInsight Jupyter Notebook Spoofing Vulnerability | |||||
| CVE-2023-36895 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2023-08-10 | N/A | 7.8 HIGH |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2023-36897 | 1 Microsoft | 6 365 Apps, Office, Visual Studio 2010 Tools For Office Runtime and 3 more | 2023-08-10 | N/A | 6.5 MEDIUM |
| Visual Studio Tools for Office Runtime Spoofing Vulnerability | |||||
| CVE-2023-36896 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2023-08-10 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2023-36910 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 9.8 CRITICAL |
| Microsoft Message Queuing Remote Code Execution Vulnerability | |||||
| CVE-2023-36912 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 7.5 HIGH |
| Microsoft Message Queuing Denial of Service Vulnerability | |||||
| CVE-2023-38169 | 1 Microsoft | 3 Odbc Driver For Sql Server, Ole Db Driver For Sql Server, Sql Server | 2023-08-10 | N/A | 8.8 HIGH |
| Microsoft OLE DB Remote Code Execution Vulnerability | |||||