Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36535 | 1 Zoom | 3 Rooms, Virtual Desktop Infrastructure, Zoom | 2023-08-11 | N/A | 6.5 MEDIUM |
| Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access. | |||||
| CVE-2023-36534 | 1 Zoom | 1 Zoom | 2023-08-11 | N/A | 9.8 CRITICAL |
| Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access. | |||||
| CVE-2023-36532 | 1 Zoom | 3 Rooms, Virtual Desktop Infrastructure, Zoom | 2023-08-11 | N/A | 7.5 HIGH |
| Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access. | |||||
| CVE-2023-36533 | 1 Zoom | 2 Meeting Software Development Kit, Video Software Development Kit | 2023-08-11 | N/A | 7.5 HIGH |
| Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access. | |||||
| CVE-2023-35383 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-11 | N/A | 7.5 HIGH |
| Microsoft Message Queuing Information Disclosure Vulnerability | |||||
| CVE-2023-36866 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2023-08-11 | N/A | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability | |||||
| CVE-2023-36865 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2023-08-11 | N/A | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability | |||||
| CVE-2023-36869 | 1 Microsoft | 1 Azure Devops Server | 2023-08-11 | N/A | 6.3 MEDIUM |
| Azure DevOps Server Spoofing Vulnerability | |||||
| CVE-2023-36905 | 1 Microsoft | 9 Windows 10, Windows 10 1607, Windows 10 1809 and 6 more | 2023-08-11 | N/A | 7.5 HIGH |
| Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | |||||
| CVE-2022-3403 | 2023-08-11 | N/A | N/A | ||
| ** REJECT ** Duplicate, please use CVE-2023-28931 instead. | |||||
| CVE-2023-38154 | 1 Microsoft | 2 Windows 10 1809, Windows Server 2019 | 2023-08-11 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-36894 | 1 Microsoft | 1 Sharepoint Server | 2023-08-11 | N/A | 6.5 MEDIUM |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||
| CVE-2023-36893 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2023-08-11 | N/A | 6.5 MEDIUM |
| Microsoft Outlook Spoofing Vulnerability | |||||
| CVE-2023-36892 | 1 Microsoft | 1 Sharepoint Server | 2023-08-11 | N/A | 8.0 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2023-36877 | 1 Microsoft | 1 Azure Hdinsights | 2023-08-11 | N/A | 4.5 MEDIUM |
| Azure Apache Oozie Spoofing Vulnerability | |||||
| CVE-2023-36876 | 1 Microsoft | 1 Windows Server 2008 | 2023-08-11 | N/A | 7.1 HIGH |
| Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability | |||||
| CVE-2023-36881 | 1 Microsoft | 1 Azure Hdinsights | 2023-08-11 | N/A | 4.5 MEDIUM |
| Azure Apache Ambari Spoofing Vulnerability | |||||
| CVE-2023-36890 | 1 Microsoft | 1 Sharepoint Server | 2023-08-11 | N/A | 6.5 MEDIUM |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||
| CVE-2023-36889 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-11 | N/A | 5.5 MEDIUM |
| Windows Group Policy Security Feature Bypass Vulnerability | |||||
| CVE-2023-36882 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-11 | N/A | 8.8 HIGH |
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2023-36891 | 1 Microsoft | 1 Sharepoint Server | 2023-08-11 | N/A | 8.0 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2021-30939 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2023-08-11 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2021-30947 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-08-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user's files. | |||||
| CVE-2023-36183 | 1 Openimageio | 1 Openimageio | 2023-08-11 | N/A | 7.8 HIGH |
| Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function. | |||||
| CVE-2023-4275 | 2023-08-10 | N/A | N/A | ||
| ** REJECT ** It is invalid. | |||||
| CVE-2023-32090 | 1 Pega | 1 Pega Platform | 2023-08-10 | N/A | 9.8 CRITICAL |
| Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials | |||||
| CVE-2023-38157 | 1 Microsoft | 1 Edge Chromium | 2023-08-10 | N/A | 6.5 MEDIUM |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
| CVE-2023-36913 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 7.5 HIGH |
| Microsoft Message Queuing Information Disclosure Vulnerability | |||||
| CVE-2023-35384 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 6.5 MEDIUM |
| Windows HTML Platforms Security Feature Bypass Vulnerability | |||||
| CVE-2023-38185 | 1 Microsoft | 1 Exchange Server | 2023-08-10 | N/A | 8.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2023-29505 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2023-08-10 | N/A | 8.8 HIGH |
| An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking. | |||||
| CVE-2023-39518 | 1 Fobybus | 1 Social-media-skeleton | 2023-08-10 | N/A | 5.4 MEDIUM |
| social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3. | |||||
| CVE-2023-38188 | 1 Microsoft | 1 Azure Hdinsights | 2023-08-10 | N/A | 4.5 MEDIUM |
| Azure Apache Hadoop Spoofing Vulnerability | |||||
| CVE-2023-38186 | 1 Microsoft | 5 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 2 more | 2023-08-10 | N/A | 9.8 CRITICAL |
| Windows Mobile Device Management Elevation of Privilege Vulnerability | |||||
| CVE-2023-36873 | 1 Microsoft | 12 .net Framework, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 5.9 MEDIUM |
| .NET Framework Spoofing Vulnerability | |||||
| CVE-2023-38254 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 6.5 MEDIUM |
| Microsoft Message Queuing Denial of Service Vulnerability | |||||
| CVE-2023-35394 | 1 Microsoft | 1 Azure Hdinsights | 2023-08-10 | N/A | 4.6 MEDIUM |
| Azure HDInsight Jupyter Notebook Spoofing Vulnerability | |||||
| CVE-2023-36895 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2023-08-10 | N/A | 7.8 HIGH |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2023-36897 | 1 Microsoft | 6 365 Apps, Office, Visual Studio 2010 Tools For Office Runtime and 3 more | 2023-08-10 | N/A | 6.5 MEDIUM |
| Visual Studio Tools for Office Runtime Spoofing Vulnerability | |||||
| CVE-2023-36896 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2023-08-10 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2023-36910 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 9.8 CRITICAL |
| Microsoft Message Queuing Remote Code Execution Vulnerability | |||||
| CVE-2023-36912 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 7.5 HIGH |
| Microsoft Message Queuing Denial of Service Vulnerability | |||||
| CVE-2023-38169 | 1 Microsoft | 3 Odbc Driver For Sql Server, Ole Db Driver For Sql Server, Sql Server | 2023-08-10 | N/A | 8.8 HIGH |
| Microsoft OLE DB Remote Code Execution Vulnerability | |||||
| CVE-2023-35385 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 9.8 CRITICAL |
| Microsoft Message Queuing Remote Code Execution Vulnerability | |||||
| CVE-2023-35393 | 1 Microsoft | 1 Azure Hdinsights | 2023-08-10 | N/A | 4.5 MEDIUM |
| Azure Apache Hive Spoofing Vulnerability | |||||
| CVE-2023-35377 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 6.5 MEDIUM |
| Microsoft Message Queuing Denial of Service Vulnerability | |||||
| CVE-2023-35376 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 6.5 MEDIUM |
| Microsoft Message Queuing Denial of Service Vulnerability | |||||
| CVE-2023-38686 | 1 Matrix | 1 Sydent | 2023-08-10 | N/A | 5.3 MEDIUM |
| Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation emails. This is patched in Sydent 2.5.6. When patching, make sure that Sydent trusts the certificate of the server it is connecting to. This should happen automatically when using properly issued certificates. Those who use self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of your operating system. As a workaround, one can ensure Sydent's emails fail to send by setting the configured SMTP server to a loopback or non-routable address under one's control which does not have a listening SMTP server. | |||||
| CVE-2023-4205 | 2023-08-10 | N/A | N/A | ||
| ** REJECT ** This was deemed as a false positive both by the reporter and upstream kernel. | |||||
| CVE-2023-39346 | 1 Renjikai | 1 Linuxasmcallgraph | 2023-08-10 | N/A | 9.8 CRITICAL |
| LinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers to cause a remote code execution on the server side via uploading a crafted ZIP file due to incorrect filtering rules of uploaded file. The problem has been patched in commit 20dba06bd1a3cf260612d4f21547c25002121cd5. There are no known workarounds. | |||||