Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37410 | 1 Ibm | 1 Person Communications | 2024-11-21 | N/A | 8.4 HIGH |
|
IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. IBM X-Force ID: 260138.
|
|||||
| CVE-2023-37404 | 1 Ibm | 1 Observability With Instana | 2024-11-21 | N/A | 6.4 MEDIUM |
|
IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. IBM X-Force ID: 259789.
|
|||||
| CVE-2023-37378 | 1 Nullsoft | 1 Nullsoft Scriptable Install System | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory.
|
|||||
| CVE-2023-37369 | 2 Debian, Qt | 2 Debian Linux, Qt | 2024-11-21 | N/A | 7.5 HIGH |
|
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
|
|||||
| CVE-2023-37267 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | N/A | 7.5 HIGH |
|
Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.
|
|||||
| CVE-2023-37263 | 1 Strapi | 1 Strapi | 2024-11-21 | N/A | 6.8 MEDIUM |
|
Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible. Version 4.12.1 has a fix for this issue.
|
|||||
| CVE-2023-37249 | 1 Infoblox | 1 Nios | 2024-11-21 | N/A | 8.8 HIGH |
|
Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access.
|
|||||
| CVE-2023-37239 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
|
Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program.
|
|||||
| CVE-2023-37238 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features.
|
|||||
| CVE-2023-37216 | 1 Anasystem | 2 Sensmini M4, Sensmini M4 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
AnaSystem SensMini M4 – Using the configuration tool, an authenticated user can cause Denial of Service for the device
|
|||||
| CVE-2023-37210 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.
|
|||||
| CVE-2023-37208 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
|
When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
|
|||||
| CVE-2023-37205 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 6.5 MEDIUM |
|
The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115.
|
|||||
| CVE-2023-37204 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.
|
|||||
| CVE-2023-37203 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 7.8 HIGH |
|
Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115.
|
|||||
| CVE-2023-37174 | 1 Gpac | 1 Gpac | 2024-11-21 | N/A | 5.5 MEDIUM |
|
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c.
|
|||||
| CVE-2023-36984 | 1 Lavalite | 1 Lavalite | 2024-11-21 | N/A | 7.5 HIGH |
|
LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.
|
|||||
| CVE-2023-36983 | 1 Lavalite | 1 Lavalite | 2024-11-21 | N/A | 7.5 HIGH |
|
LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.
|
|||||
| CVE-2023-36980 | 1 Ethereum | 1 Blockchain | 2024-11-21 | N/A | 5.3 MEDIUM |
|
An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold.
|
|||||
| CVE-2023-36914 | 1 Microsoft | 5 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 2 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability
|
|||||
| CVE-2023-36913 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Microsoft Message Queuing Information Disclosure Vulnerability
|
|||||
| CVE-2023-36911 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36910 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36908 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Windows Hyper-V Information Disclosure Vulnerability
|
|||||
| CVE-2023-36907 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Windows Cryptographic Services Information Disclosure Vulnerability
|
|||||
| CVE-2023-36906 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Windows Cryptographic Services Information Disclosure Vulnerability
|
|||||
| CVE-2023-36905 | 1 Microsoft | 9 Windows 10, Windows 10 1607, Windows 10 1809 and 6 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
|
|||||
| CVE-2023-36904 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36903 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows System Assessment Tool Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36900 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Common Log File System Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36899 | 1 Microsoft | 10 .net Framework, Windows 10 1809, Windows 10 21h2 and 7 more | 2024-11-21 | N/A | 8.8 HIGH |
|
ASP.NET Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36898 | 1 Microsoft | 2 Windows 11 21h2, Windows 11 22h2 | 2024-11-21 | N/A | 7.8 HIGH |
|
Tablet Windows User Interface Application Core Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36897 | 1 Microsoft | 6 365 Apps, Office, Visual Studio 2010 Tools For Office Runtime and 3 more | 2024-11-21 | N/A | 8.1 HIGH |
|
Visual Studio Tools for Office Runtime Spoofing Vulnerability
|
|||||
| CVE-2023-36896 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft Excel Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36895 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft Outlook Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36893 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Microsoft Outlook Spoofing Vulnerability
|
|||||
| CVE-2023-36892 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | N/A | 8.0 HIGH |
|
Microsoft SharePoint Server Spoofing Vulnerability
|
|||||
| CVE-2023-36891 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | N/A | 8.0 HIGH |
|
Microsoft SharePoint Server Spoofing Vulnerability
|
|||||
| CVE-2023-36890 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Microsoft SharePoint Server Information Disclosure Vulnerability
|
|||||
| CVE-2023-36889 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Windows Group Policy Security Feature Bypass Vulnerability
|
|||||