Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49826 | 1 Pencidesign | 1 Soledad | 2023-12-29 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1. | |||||
| CVE-2023-50830 | 1 Seosthemes | 1 Seos Contact Form | 2023-12-29 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seosbg Seos Contact Form allows Stored XSS.This issue affects Seos Contact Form: from n/a through 1.8.0. | |||||
| CVE-2023-50829 | 1 Quick-plugins | 1 Loan Repayment Calculator And Application Form | 2023-12-29 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aerin Loan Repayment Calculator and Application Form allows Stored XSS.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.3. | |||||
| CVE-2023-49288 | 1 Squid-cache | 1 Squid | 2023-12-29 | N/A | 7.5 HIGH |
| Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf. | |||||
| CVE-2023-46728 | 1 Squid-cache | 1 Squid | 2023-12-29 | N/A | 7.5 HIGH |
| Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests. | |||||
| CVE-2023-46724 | 1 Squid-cache | 1 Squid | 2023-12-29 | N/A | 7.5 HIGH |
| Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages. | |||||
| CVE-2023-50473 | 1 Billahmed | 1 Qbit Matui | 2023-12-29 | N/A | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers (SID) in index.js file. | |||||
| CVE-2023-47267 | 1 Thegreenbow | 3 Windows Enterprise Certified Vpn, Windows Enterprise Vpn, Windows Standard Vpn | 2023-12-29 | N/A | 9.8 CRITICAL |
| An issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges via crafted changes to memory mapped file. | |||||
| CVE-2023-46624 | 1 Parcelpro | 1 Parcel Pro | 2023-12-29 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Parcel Pro.This issue affects Parcel Pro: from n/a through 1.6.11. | |||||
| CVE-2023-29485 | 3 Apple, Heimdalsecurity, Microsoft | 3 Macos, Thor, Windows | 2023-12-29 | N/A | 9.8 CRITICAL |
| An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module. | |||||
| CVE-2023-29486 | 3 Apple, Heimdalsecurity, Microsoft | 3 Macos, Thor, Windows | 2023-12-29 | N/A | 9.8 CRITICAL |
| An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component. | |||||
| CVE-2021-28483 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 7.7 HIGH | 9.0 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-28482 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 9.0 HIGH | 8.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-28481 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 10.0 HIGH | 9.8 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-28480 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 10.0 HIGH | 9.8 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-28477 | 1 Microsoft | 1 Visual Studio Code | 2023-12-29 | 6.8 MEDIUM | 7.0 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2021-28475 | 1 Microsoft | 1 Visual Studio Code | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2021-28473 | 1 Microsoft | 1 Visual Studio Code | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2021-28472 | 1 Microsoft | 1 Vscode-maven | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability | |||||
| CVE-2021-28471 | 1 Microsoft | 1 Visual Studio Code | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2021-28470 | 1 Microsoft | 1 Visual Studio Code Github Pull Requests And Issues | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability | |||||
| CVE-2021-28469 | 1 Microsoft | 1 Visual Studio Code | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2021-28468 | 1 Microsoft | 1 Raw Image Extension | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Raw Image Extension Remote Code Execution Vulnerability | |||||
| CVE-2021-28466 | 1 Microsoft | 1 Raw Image Extension | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Raw Image Extension Remote Code Execution Vulnerability | |||||
| CVE-2021-28464 | 1 Microsoft | 1 Vp9 Video Extensions | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| VP9 Video Extensions Remote Code Execution Vulnerability | |||||
| CVE-2021-28460 | 1 Microsoft | 1 Azure Sphere | 2023-12-29 | 4.6 MEDIUM | 8.1 HIGH |
| Azure Sphere Unsigned Code Execution Vulnerability | |||||
| CVE-2021-28459 | 1 Microsoft | 1 Azure Devops Server | 2023-12-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Azure DevOps Server Spoofing Vulnerability | |||||
| CVE-2021-28458 | 1 Microsoft | 1 Ms-rest-nodeauth | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability | |||||
| CVE-2021-28457 | 1 Microsoft | 1 Visual Studio Code | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2021-28456 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2023-12-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Excel Information Disclosure Vulnerability | |||||
| CVE-2021-28454 | 1 Microsoft | 4 365 Apps, Office, Office Online Server and 1 more | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2021-28453 | 1 Microsoft | 7 365 Apps, Office, Office Online Server and 4 more | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Word Remote Code Execution Vulnerability | |||||
| CVE-2021-28452 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2023-12-29 | 6.8 MEDIUM | 7.1 HIGH |
| Microsoft Outlook Memory Corruption Vulnerability | |||||
| CVE-2021-28451 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2021-28450 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2023-12-29 | 4.0 MEDIUM | 5.0 MEDIUM |
| Microsoft SharePoint Denial of Service Vulnerability | |||||
| CVE-2021-28449 | 1 Microsoft | 3 365 Apps, Excel, Office | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2021-28448 | 1 Microsoft | 1 Visual Studio Code Kubernetes Tools | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability | |||||
| CVE-2021-27067 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2023-12-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability | |||||
| CVE-2021-27064 | 1 Microsoft | 2 Visual Studio 2017, Visual Studio 2019 | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Visual Studio Installer Elevation of Privilege Vulnerability | |||||
| CVE-2023-50044 | 1 Cesanta | 1 Mjs | 2023-12-29 | N/A | 9.8 CRITICAL |
| Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string. | |||||
| CVE-2023-49786 | 2 Digium, Sangoma | 2 Asterisk, Certified Asterisk | 2023-12-29 | N/A | 5.9 MEDIUM |
| Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6. | |||||
| CVE-2023-49294 | 2 Digium, Sangoma | 2 Asterisk, Certified Asterisk | 2023-12-29 | N/A | 7.5 HIGH |
| Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue. | |||||
| CVE-2023-37457 | 2 Digium, Sangoma | 2 Asterisk, Certified Asterisk | 2023-12-29 | N/A | 8.2 HIGH |
| Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa. | |||||
| CVE-2023-38703 | 1 Teluu | 1 Pjsip | 2023-12-29 | N/A | 9.8 CRITICAL |
| PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch. | |||||
| CVE-2021-31204 | 2 Fedoraproject, Microsoft | 4 Fedora, .net, .net Core and 1 more | 2023-12-29 | 4.6 MEDIUM | 7.3 HIGH |
| .NET and Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2021-31180 | 1 Microsoft | 3 365 Apps, Office, Word | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Graphics Remote Code Execution Vulnerability | |||||
| CVE-2021-31177 | 1 Microsoft | 6 365 Apps, Excel, Office and 3 more | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2021-28455 | 1 Microsoft | 10 365 Apps, Office, Windows 10 and 7 more | 2023-12-29 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability | |||||
| CVE-2021-27068 | 1 Microsoft | 1 Visual Studio 2019 | 2023-12-29 | 6.5 MEDIUM | 8.8 HIGH |
| Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2021-36931 | 1 Microsoft | 1 Edge Chromium | 2023-12-28 | 6.8 MEDIUM | 4.4 MEDIUM |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||