Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24512 | 2 Fedoraproject, Microsoft | 6 Fedora, .net, .net Core and 3 more | 2023-12-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| .NET and Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2020-2241 | 1 Jenkins | 1 Database | 2023-12-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. | |||||
| CVE-2022-28136 | 1 Jenkins | 1 Jiratestresultreporter | 2023-12-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2022-27210 | 1 Jenkins | 1 Kubernetes Continuous Deploy | 2023-12-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2020-2281 | 1 Jenkins | 1 Lockable Resources | 2023-12-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources. | |||||
| CVE-2023-38559 | 4 Artifex, Debian, Fedoraproject and 1 more | 4 Ghostscript, Debian Linux, Fedora and 1 more | 2023-12-21 | N/A | 5.5 MEDIUM |
| A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. | |||||
| CVE-2023-31431 | 1 Broadcom | 1 Brocade Fabric Operating System | 2023-12-21 | N/A | 5.5 MEDIUM |
| A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service. | |||||
| CVE-2023-42787 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2023-12-21 | N/A | 6.5 MEDIUM |
| A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution. | |||||
| CVE-2023-31430 | 1 Broadcom | 1 Brocade Fabric Operating System | 2023-12-21 | N/A | 5.5 MEDIUM |
| A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service. | |||||
| CVE-2023-44766 | 1 Concretecms | 1 Concrete Cms | 2023-12-21 | N/A | 4.8 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature. | |||||
| CVE-2023-5184 | 1 Zephyrproject | 1 Zephyr | 2023-12-21 | N/A | 8.8 HIGH |
| Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers. | |||||
| CVE-2015-4852 | 1 Oracle | 3 Storagetek Tape Analytics Sw Tool, Virtual Desktop Infrastructure, Weblogic Server | 2023-12-21 | 7.5 HIGH | 9.8 CRITICAL |
| The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product. | |||||
| CVE-2022-47909 | 1 Tribe29 | 1 Checkmk | 2023-12-21 | N/A | 7.8 HIGH |
| Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost. | |||||
| CVE-2022-46836 | 1 Tribe29 | 1 Checkmk | 2023-12-21 | N/A | 8.8 HIGH |
| PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component. | |||||
| CVE-2023-22940 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-12-21 | N/A | 5.7 MEDIUM |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled. | |||||
| CVE-2023-22941 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-12-21 | N/A | 7.5 HIGH |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd). | |||||
| CVE-2023-22939 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-12-21 | N/A | 8.8 HIGH |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. | |||||
| CVE-2023-22937 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-12-21 | N/A | 4.3 MEDIUM |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl. | |||||
| CVE-2023-22935 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-12-21 | N/A | 8.8 HIGH |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. | |||||
| CVE-2022-26832 | 1 Microsoft | 11 .net Framework, Windows 10, Windows 11 and 8 more | 2023-12-21 | 5.0 MEDIUM | 7.5 HIGH |
| .NET Framework Denial of Service Vulnerability | |||||
| CVE-2022-24527 | 1 Microsoft | 1 Endpoint Configuration Manager | 2023-12-21 | 4.6 MEDIUM | 7.8 HIGH |
| Microsoft Endpoint Configuration Manager Elevation of Privilege Vulnerability | |||||
| CVE-2022-23256 | 1 Microsoft | 1 Azure Data Explorer | 2023-12-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Azure Data Explorer Spoofing Vulnerability | |||||
| CVE-2022-21965 | 1 Microsoft | 1 Teams | 2023-12-21 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft Teams Denial of Service Vulnerability | |||||
| CVE-2022-21957 | 1 Microsoft | 1 Dynamics 365 | 2023-12-21 | 6.5 MEDIUM | 7.2 HIGH |
| Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | |||||
| CVE-2022-21970 | 1 Microsoft | 1 Edge Chromium | 2023-12-21 | 8.3 HIGH | 6.1 MEDIUM |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2022-21969 | 1 Microsoft | 1 Exchange Server | 2023-12-21 | 7.7 HIGH | 9.0 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2022-21964 | 1 Microsoft | 1 Windows 10 | 2023-12-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability | |||||
| CVE-2022-21963 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-12-21 | 7.2 HIGH | 6.8 MEDIUM |
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |||||
| CVE-2022-21962 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-12-21 | 7.2 HIGH | 6.8 MEDIUM |
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |||||
| CVE-2022-21961 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-12-21 | 7.2 HIGH | 6.8 MEDIUM |
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |||||
| CVE-2022-21960 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-12-21 | 7.2 HIGH | 6.8 MEDIUM |
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |||||
| CVE-2022-21959 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-12-21 | 7.2 HIGH | 6.8 MEDIUM |
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |||||
| CVE-2022-21958 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-12-21 | 7.2 HIGH | 6.8 MEDIUM |
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |||||
| CVE-2022-21954 | 1 Microsoft | 1 Edge Chromium | 2023-12-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2022-21932 | 1 Microsoft | 1 Dynamics 365 | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | |||||
| CVE-2022-21931 | 1 Microsoft | 1 Edge Chromium | 2023-12-21 | 4.0 MEDIUM | 4.2 MEDIUM |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2022-21930 | 1 Microsoft | 1 Edge Chromium | 2023-12-21 | 4.0 MEDIUM | 4.2 MEDIUM |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2022-21929 | 1 Microsoft | 1 Edge Chromium | 2023-12-21 | 2.6 LOW | 2.5 LOW |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2022-21928 | 1 Microsoft | 7 Windows 10, Windows 11, Windows 8.1 and 4 more | 2023-12-21 | 6.9 MEDIUM | 6.4 MEDIUM |
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |||||
| CVE-2022-21925 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2023-12-21 | 5.4 MEDIUM | 5.3 MEDIUM |
| Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability | |||||
| CVE-2022-21924 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-12-21 | 5.4 MEDIUM | 5.3 MEDIUM |
| Workstation Service Remote Protocol Security Feature Bypass Vulnerability | |||||
| CVE-2022-21922 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-12-21 | 9.0 HIGH | 8.8 HIGH |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | |||||
| CVE-2022-21921 | 1 Microsoft | 3 Windows 10, Windows 11, Windows Server | 2023-12-21 | 4.9 MEDIUM | 4.4 MEDIUM |
| Windows Defender Credential Guard Security Feature Bypass Vulnerability | |||||
| CVE-2022-21920 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-21 | 9.0 HIGH | 8.8 HIGH |
| Windows Kerberos Elevation of Privilege Vulnerability | |||||
| CVE-2022-21919 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-12-21 | 6.9 MEDIUM | 7.0 HIGH |
| Windows User Profile Service Elevation of Privilege Vulnerability | |||||
| CVE-2022-21918 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2023-12-21 | 4.9 MEDIUM | 6.5 MEDIUM |
| DirectX Graphics Kernel File Denial of Service Vulnerability | |||||
| CVE-2022-21917 | 1 Microsoft | 1 Hevc Video Extensions | 2023-12-21 | 9.3 HIGH | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||
| CVE-2022-21916 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-12-21 | 7.2 HIGH | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2022-21915 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Windows GDI+ Information Disclosure Vulnerability | |||||
| CVE-2022-21914 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-21 | 7.2 HIGH | 7.8 HIGH |
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |||||