Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35385 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 9.8 CRITICAL |
| Microsoft Message Queuing Remote Code Execution Vulnerability | |||||
| CVE-2023-35393 | 1 Microsoft | 1 Azure Hdinsights | 2023-08-10 | N/A | 4.5 MEDIUM |
| Azure Apache Hive Spoofing Vulnerability | |||||
| CVE-2023-35377 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 6.5 MEDIUM |
| Microsoft Message Queuing Denial of Service Vulnerability | |||||
| CVE-2023-35376 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 6.5 MEDIUM |
| Microsoft Message Queuing Denial of Service Vulnerability | |||||
| CVE-2023-38170 | 1 Microsoft | 1 Hevc Video Extensions | 2023-08-10 | N/A | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||
| CVE-2023-36911 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 9.8 CRITICAL |
| Microsoft Message Queuing Remote Code Execution Vulnerability | |||||
| CVE-2023-36909 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 6.5 MEDIUM |
| Microsoft Message Queuing Denial of Service Vulnerability | |||||
| CVE-2023-36907 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 7.5 HIGH |
| Windows Cryptographic Services Information Disclosure Vulnerability | |||||
| CVE-2023-36906 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 7.5 HIGH |
| Windows Cryptographic Services Information Disclosure Vulnerability | |||||
| CVE-2023-36904 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2023-08-10 | N/A | 7.8 HIGH |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||
| CVE-2023-36908 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 6.5 MEDIUM |
| Windows Hyper-V Information Disclosure Vulnerability | |||||
| CVE-2023-36898 | 1 Microsoft | 2 Windows 11 21h2, Windows 11 22h2 | 2023-08-10 | N/A | 7.8 HIGH |
| Tablet Windows User Interface Application Core Remote Code Execution Vulnerability | |||||
| CVE-2023-29330 | 1 Microsoft | 1 Teams | 2023-08-10 | N/A | 8.8 HIGH |
| Microsoft Teams Remote Code Execution Vulnerability | |||||
| CVE-2023-29328 | 1 Microsoft | 1 Teams | 2023-08-10 | N/A | 8.8 HIGH |
| Microsoft Teams Remote Code Execution Vulnerability | |||||
| CVE-2023-36903 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 9.8 CRITICAL |
| Windows System Assessment Tool Elevation of Privilege Vulnerability | |||||
| CVE-2023-35359 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-35372 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2023-08-10 | N/A | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability | |||||
| CVE-2023-36900 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2023-35371 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2023-08-10 | N/A | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2023-35379 | 1 Microsoft | 1 Windows Server 2008 | 2023-08-10 | N/A | 7.8 HIGH |
| Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability | |||||
| CVE-2023-35380 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-35381 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 8.8 HIGH |
| Windows Fax Service Remote Code Execution Vulnerability | |||||
| CVE-2023-35382 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2023-08-10 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-35387 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2023-08-10 | N/A | 8.8 HIGH |
| Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability | |||||
| CVE-2023-35386 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2023-08-10 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-35389 | 1 Microsoft | 1 Dynamics 365 | 2023-08-10 | N/A | 6.5 MEDIUM |
| Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | |||||
| CVE-2023-35358 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2023-08-10 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-35357 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2023-08-10 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-33379 | 1 Connectedio | 2 Er2000t-vz-cat1, Er2000t-vz-cat1 Firmware | 2023-08-10 | N/A | 9.8 CRITICAL |
| Connected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devices to connect to the broker and issue commands to other device, impersonating Connected IO management platform and sending commands to all of Connected IO's devices. | |||||
| CVE-2023-2311 | 1 Google | 1 Chrome | 2023-08-10 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4909 | 1 Google | 1 Chrome | 2023-08-10 | N/A | 6.3 MEDIUM |
| Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially perform an ASLR bypass via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2022-4908 | 1 Google | 1 Chrome | 2023-08-10 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-2313 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-08-10 | N/A | 8.8 HIGH |
| Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a malicious file. (Chromium security severity: High) | |||||
| CVE-2022-4910 | 1 Google | 1 Chrome | 2023-08-10 | N/A | 5.4 MEDIUM |
| Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4906 | 1 Google | 1 Chrome | 2023-08-10 | N/A | 8.8 HIGH |
| Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2020-21514 | 1 Fluentd | 2 Fluentd, Fluentd-ui | 2023-08-10 | N/A | 8.8 HIGH |
| An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 allows attackers to gain escalated privileges and execute arbitrary code due to a default password. | |||||
| CVE-2023-4047 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Firefox Esr | 2023-08-09 | N/A | 8.8 HIGH |
| A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | |||||
| CVE-2023-4046 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Firefox Esr | 2023-08-09 | N/A | 5.3 MEDIUM |
| In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | |||||
| CVE-2023-4055 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Firefox Esr | 2023-08-09 | N/A | 7.5 HIGH |
| When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | |||||
| CVE-2020-26082 | 1 Cisco | 8 Asyncos, Email Security Appliance C170, Email Security Appliance C190 and 5 more | 2023-08-09 | N/A | 5.3 MEDIUM |
| A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email. | |||||
| CVE-2023-33466 | 1 Orthanc-server | 1 Orthanc | 2023-08-09 | N/A | 8.8 HIGH |
| Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE). | |||||
| CVE-2023-4168 | 1 Templatecookie | 1 Adlisting | 2023-08-09 | N/A | 7.5 HIGH |
| A vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic. Affected is an unknown function of the file /ad-list of the component Redirect Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-39529 | 1 Prestashop | 1 Prestashop | 2023-08-09 | N/A | 9.1 CRITICAL |
| PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no known workarounds. | |||||
| CVE-2023-4169 | 1 Ruijie | 2 Rg-ew1200g, Rg-ew1200g Firmware | 2023-08-09 | N/A | 8.8 HIGH |
| A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-38646 | 1 Metabase | 1 Metabase | 2023-08-09 | N/A | 9.8 CRITICAL |
| Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2. | |||||
| CVE-2022-38795 | 1 Gitea | 1 Gitea | 2023-08-09 | N/A | 6.5 MEDIUM |
| In Gitea through 1.17.1, repo cloning can occur in the migration function. | |||||
| CVE-2023-20810 | 3 Google, Linux, Mediatek | 54 Android, Linux Kernel, Mt5221 and 51 more | 2023-08-09 | N/A | 4.4 MEDIUM |
| In IOMMU, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061. | |||||
| CVE-2023-34038 | 1 Vmware | 1 Horizon Client | 2023-08-09 | N/A | 5.3 MEDIUM |
| VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration. | |||||
| CVE-2022-4955 | 1 Google | 1 Chrome | 2023-08-09 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-38332 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-08-09 | N/A | 6.5 MEDIUM |
| Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure. | |||||