Search
Total
6341 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0001 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2024-01-12 | N/A | 6.7 MEDIUM |
| An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent. | |||||
| CVE-2023-20900 | 6 Debian, Fedoraproject, Linux and 3 more | 7 Debian Linux, Fedora, Linux Kernel and 4 more | 2024-01-12 | N/A | 7.5 HIGH |
| A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | |||||
| CVE-2024-20713 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-01-12 | N/A | 5.5 MEDIUM |
| Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-20712 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-01-12 | N/A | 5.5 MEDIUM |
| Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-20711 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-01-12 | N/A | 5.5 MEDIUM |
| Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-20710 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-01-12 | N/A | 5.5 MEDIUM |
| Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-29258 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-01-12 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048. | |||||
| CVE-2023-46167 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-01-12 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367. | |||||
| CVE-2023-47145 | 2 Ibm, Microsoft | 2 Db2, Windows | 2024-01-11 | N/A | 7.8 HIGH |
| IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402. | |||||
| CVE-2023-47039 | 2 Microsoft, Perl | 2 Windows, Perl | 2024-01-08 | N/A | 7.8 HIGH |
| A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations. | |||||
| CVE-2023-32214 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-01-07 | N/A | 7.5 HIGH |
| Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||||
| CVE-2021-38927 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2024-01-05 | N/A | 6.1 MEDIUM |
| IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322. | |||||
| CVE-2023-45702 | 2 Hcltechsw, Microsoft | 2 Hcl Launch, Windows | 2024-01-04 | N/A | 5.5 MEDIUM |
| An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts.. | |||||
| CVE-2023-7047 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2024-01-04 | N/A | 4.4 MEDIUM |
| Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources. | |||||
| CVE-2023-29487 | 3 Apple, Heimdalsecurity, Microsoft | 3 Macos, Thor, Windows | 2024-01-04 | N/A | 9.1 CRITICAL |
| An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. | |||||
| CVE-2022-45052 | 3 Axiell, Linux, Microsoft | 3 Iguana, Linux Kernel, Windows | 2024-01-02 | N/A | 6.5 MEDIUM |
| A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server. | |||||
| CVE-2021-42083 | 3 Linux, Microsoft, Osnexus | 3 Linux Kernel, Windows, Quantastor | 2024-01-02 | N/A | 5.4 MEDIUM |
| An authenticated attacker is able to create alerts that trigger a stored XSS attack. | |||||
| CVE-2022-0564 | 2 Microsoft, Qlik | 2 Windows, Qlik Sense | 2024-01-02 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured. | |||||
| CVE-2023-29485 | 3 Apple, Heimdalsecurity, Microsoft | 3 Macos, Thor, Windows | 2023-12-29 | N/A | 9.8 CRITICAL |
| An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module. | |||||
| CVE-2023-29486 | 3 Apple, Heimdalsecurity, Microsoft | 3 Macos, Thor, Windows | 2023-12-29 | N/A | 9.8 CRITICAL |
| An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component. | |||||
| CVE-2021-36958 | 1 Microsoft | 1 Windows | 2023-12-28 | 9.3 HIGH | 7.8 HIGH |
| <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> | |||||
| CVE-2023-6105 | 3 Linux, Microsoft, Zohocorp | 41 Linux Kernel, Windows, Manageengine Access Manager Plus and 38 more | 2023-12-28 | N/A | 5.5 MEDIUM |
| An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database. | |||||
| CVE-2022-24765 | 5 Apple, Debian, Fedoraproject and 2 more | 5 Xcode, Debian Linux, Fedora and 2 more | 2023-12-27 | 6.9 MEDIUM | 7.8 HIGH |
| Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`. | |||||
| CVE-2023-38719 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 4.4 MEDIUM |
| IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. IBM X-Force ID: 261607. | |||||
| CVE-2023-40374 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575. | |||||
| CVE-2023-40372 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499. | |||||
| CVE-2023-40373 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574. | |||||
| CVE-2023-38740 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613. | |||||
| CVE-2023-38728 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258. | |||||
| CVE-2023-38720 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616. | |||||
| CVE-2023-30991 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037. | |||||
| CVE-2023-30987 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440. | |||||
| CVE-2023-47704 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220. | |||||
| CVE-2023-47706 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2023-12-22 | N/A | 8.8 HIGH |
| IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X-Force ID: 271341. | |||||
| CVE-2023-47702 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2023-12-22 | N/A | 9.1 CRITICAL |
| IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view modify files on the system. IBM X-Force ID: 271196. | |||||
| CVE-2023-47703 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2023-12-22 | N/A | 5.3 MEDIUM |
| IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 271197. | |||||
| CVE-2023-47705 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2023-12-22 | N/A | 4.3 MEDIUM |
| IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. IBM X-Force ID: 271228. | |||||
| CVE-2023-47707 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2023-12-22 | N/A | 5.4 MEDIUM |
| IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271522. | |||||
| CVE-2023-3955 | 2 Kubernetes, Microsoft | 2 Kubernetes, Windows | 2023-12-21 | N/A | 8.8 HIGH |
| A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | |||||
| CVE-2021-25736 | 2 Kubernetes, Microsoft | 2 Kubernetes, Windows | 2023-12-21 | N/A | 6.3 MEDIUM |
| Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected. | |||||
| CVE-2023-46263 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution. | |||||
| CVE-2023-46804 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 7.5 HIGH |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | |||||
| CVE-2023-46803 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 7.5 HIGH |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | |||||
| CVE-2023-46264 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | |||||
| CVE-2023-46261 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46260 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46259 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-41727 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46258 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46222 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||