Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20690 | 2024-01-09 | N/A | 6.5 MEDIUM | ||
| Windows Nearby Sharing Spoofing Vulnerability | |||||
| CVE-2024-20687 | 2024-01-09 | N/A | 7.5 HIGH | ||
| Microsoft AllJoyn API Denial of Service Vulnerability | |||||
| CVE-2024-20686 | 2024-01-09 | N/A | 7.8 HIGH | ||
| Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2024-20683 | 2024-01-09 | N/A | 7.8 HIGH | ||
| Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2024-20682 | 2024-01-09 | N/A | 7.8 HIGH | ||
| Windows Cryptographic Services Remote Code Execution Vulnerability | |||||
| CVE-2024-20681 | 2024-01-09 | N/A | 7.8 HIGH | ||
| Windows Subsystem for Linux Elevation of Privilege Vulnerability | |||||
| CVE-2024-20680 | 2024-01-09 | N/A | 6.5 MEDIUM | ||
| Windows Message Queuing Client (MSMQC) Information Disclosure | |||||
| CVE-2024-20677 | 2024-01-09 | N/A | 7.8 HIGH | ||
| <p>A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365.</p> <p>3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time.</p> <p>This change is effective as of the January 9, 2024 security update.</p> | |||||
| CVE-2024-20676 | 2024-01-09 | N/A | 8.0 HIGH | ||
| Azure Storage Mover Remote Code Execution Vulnerability | |||||
| CVE-2024-20666 | 2024-01-09 | N/A | 6.6 MEDIUM | ||
| BitLocker Security Feature Bypass Vulnerability | |||||
| CVE-2024-20661 | 2024-01-09 | N/A | 7.5 HIGH | ||
| Microsoft Message Queuing Denial of Service Vulnerability | |||||
| CVE-2024-20660 | 2024-01-09 | N/A | 6.5 MEDIUM | ||
| Microsoft Message Queuing Information Disclosure Vulnerability | |||||
| CVE-2024-20658 | 2024-01-09 | N/A | 7.8 HIGH | ||
| Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | |||||
| CVE-2024-20657 | 2024-01-09 | N/A | 7.0 HIGH | ||
| Windows Group Policy Elevation of Privilege Vulnerability | |||||
| CVE-2024-20656 | 2024-01-09 | N/A | 7.8 HIGH | ||
| Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2024-20655 | 2024-01-09 | N/A | 6.6 MEDIUM | ||
| Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability | |||||
| CVE-2024-20654 | 2024-01-09 | N/A | 8.0 HIGH | ||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-20653 | 2024-01-09 | N/A | 7.8 HIGH | ||
| Microsoft Common Log File System Elevation of Privilege Vulnerability | |||||
| CVE-2024-20652 | 2024-01-09 | N/A | 7.5 HIGH | ||
| Windows HTML Platforms Security Feature Bypass Vulnerability | |||||
| CVE-2024-0340 | 2024-01-09 | N/A | N/A | ||
| A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. | |||||
| CVE-2024-0057 | 2024-01-09 | N/A | 9.1 CRITICAL | ||
| NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability | |||||
| CVE-2024-0056 | 2024-01-09 | N/A | 8.7 HIGH | ||
| Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability | |||||
| CVE-2022-48618 | 2024-01-09 | N/A | N/A | ||
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1. | |||||
| CVE-2023-6129 | 2024-01-09 | N/A | N/A | ||
| Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue. | |||||
| CVE-2022-36765 | 2024-01-09 | N/A | N/A | ||
| EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. | |||||
| CVE-2022-36764 | 2024-01-09 | N/A | N/A | ||
| EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. | |||||
| CVE-2022-36763 | 2024-01-09 | N/A | N/A | ||
| EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. | |||||
| CVE-2023-50093 | 1 Apiida | 1 Api Gateway Manager | 2024-01-09 | N/A | 6.1 MEDIUM |
| APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection. | |||||
| CVE-2023-50348 | 1 Hcltech | 1 Dryice Myxalytics | 2024-01-09 | N/A | 5.3 MEDIUM |
| HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application returns detailed error messages that can provide an attacker with insight into the application, system, etc. | |||||
| CVE-2023-50346 | 1 Hcltech | 1 Dryice Myxalytics | 2024-01-09 | N/A | 4.3 MEDIUM |
| HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file information. | |||||
| CVE-2023-50345 | 1 Hcltech | 1 Dryice Myxalytics | 2024-01-09 | N/A | 6.1 MEDIUM |
| HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats. | |||||
| CVE-2023-50350 | 1 Hcltech | 1 Dryice Myxalytics | 2024-01-09 | N/A | 7.5 HIGH |
| HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information. | |||||
| CVE-2023-45722 | 1 Hcltech | 1 Dryice Myxalytics | 2024-01-09 | N/A | 9.8 CRITICAL |
| HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. The product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Potential exploits can completely disrupt or take over the application. | |||||
| CVE-2023-50351 | 1 Hcltech | 1 Dryice Myxalytics | 2024-01-09 | N/A | 9.1 CRITICAL |
| HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data. | |||||
| CVE-2023-50092 | 1 Apiida | 1 Api Gateway Manager | 2024-01-09 | N/A | 6.1 MEDIUM |
| APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2023-39655 | 1 Perfood | 1 Couchauth | 2024-01-09 | N/A | 9.6 CRITICAL |
| A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This may allow an attacker to reset other users' passwords and take over their accounts. | |||||
| CVE-2023-33120 | 1 Qualcomm | 464 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9206 Lte Modem and 461 more | 2024-01-09 | N/A | 7.8 HIGH |
| Memory corruption in Audio when memory map command is executed consecutively in ADSP. | |||||
| CVE-2023-33113 | 1 Qualcomm | 254 Ar8035, Ar8035 Firmware, Csra6620 and 251 more | 2024-01-09 | N/A | 7.8 HIGH |
| Memory corruption when resource manager sends the host kernel a reply message with multiple fragments. | |||||
| CVE-2023-33112 | 1 Qualcomm | 254 Ar8035, Ar8035 Firmware, Csra6620 and 251 more | 2024-01-09 | N/A | 7.5 HIGH |
| Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element. | |||||
| CVE-2023-51784 | 1 Apache | 1 Inlong | 2024-01-09 | N/A | 9.8 CRITICAL |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9329 | |||||
| CVE-2024-0208 | 1 Wireshark | 1 Wireshark | 2024-01-09 | N/A | 7.5 HIGH |
| GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2023-33110 | 1 Qualcomm | 246 Snapdragon 425 Mobile Platform, Snapdragon 425 Mobile Platform Firmware, Snapdragon 427 Mobile Platform and 243 more | 2024-01-09 | N/A | 7.0 HIGH |
| The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption. | |||||
| CVE-2023-33109 | 1 Qualcomm | 620 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 617 more | 2024-01-09 | N/A | 7.5 HIGH |
| Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. | |||||
| CVE-2023-33094 | 1 Qualcomm | 250 Ar8035, Ar8035 Firmware, Csra6620 and 247 more | 2024-01-09 | N/A | 7.8 HIGH |
| Memory corruption while running VK synchronization with KASAN enabled. | |||||
| CVE-2023-33062 | 1 Qualcomm | 580 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 577 more | 2024-01-09 | N/A | 7.5 HIGH |
| Transient DOS in WLAN Firmware while parsing a BTM request. | |||||
| CVE-2023-33040 | 1 Qualcomm | 288 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 285 more | 2024-01-09 | N/A | 7.5 HIGH |
| Transient DOS in Data Modem during DTLS handshake. | |||||
| CVE-2023-33038 | 1 Qualcomm | 288 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 285 more | 2024-01-09 | N/A | 7.8 HIGH |
| Memory corruption while receiving a message in Bus Socket Transport Server. | |||||
| CVE-2023-33037 | 1 Qualcomm | 166 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 163 more | 2024-01-09 | N/A | 5.5 MEDIUM |
| Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data. | |||||
| CVE-2022-36566 | 1 Yogeshojha | 1 Rengine | 2024-01-09 | N/A | 9.8 CRITICAL |
| Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function. | |||||
| CVE-2022-28995 | 1 Yogeshojha | 1 Rengine | 2024-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function. | |||||