Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36674 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 5.3 MEDIUM |
|
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.
|
|||||
| CVE-2023-36638 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | N/A | 4.3 MEDIUM |
|
An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID.
|
|||||
| CVE-2023-36628 | 1 Purestorage | 1 Purity\/\/fa | 2024-11-21 | N/A | 8.8 HIGH |
|
A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.
|
|||||
| CVE-2023-36627 | 1 Purestorage | 1 Purity | 2024-11-21 | N/A | 7.7 HIGH |
|
A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly.
|
|||||
| CVE-2023-36620 | 1 Nationaledtech | 1 Boomerang | 2024-11-21 | N/A | 4.6 MEDIUM |
|
An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API.
|
|||||
| CVE-2023-36605 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-11-21 | N/A | 7.4 HIGH |
|
Windows Named Pipe Filesystem Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36603 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Windows TCP/IP Denial of Service Vulnerability
|
|||||
| CVE-2023-36602 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Windows TCP/IP Denial of Service Vulnerability
|
|||||
| CVE-2023-36598 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1809, Windows 10 21h1 and 8 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36594 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1809, Windows 10 21h1 and 8 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Graphics Component Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36593 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36590 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.3 HIGH |
|
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36585 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1809, Windows 10 21h1 and 8 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Windows upnphost.dll Denial of Service Vulnerability
|
|||||
| CVE-2023-36583 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.3 HIGH |
|
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36582 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.3 HIGH |
|
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36578 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.3 HIGH |
|
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36577 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1809, Windows 10 21h1 and 8 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36568 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-21 | N/A | 7.0 HIGH |
|
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36567 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1809, Windows 10 21h1 and 8 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Windows Deployment Services Information Disclosure Vulnerability
|
|||||
| CVE-2023-36566 | 1 Microsoft | 1 Common Data Model Sdk | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Microsoft Common Data Model SDK Denial of Service Vulnerability
|
|||||
| CVE-2023-36565 | 1 Microsoft | 2 Office, Office Long Term Servicing Channel | 2024-11-21 | N/A | 7.0 HIGH |
|
Microsoft Office Graphics Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36564 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Windows Search Security Feature Bypass Vulnerability
|
|||||
| CVE-2023-36561 | 1 Microsoft | 1 Azure Devops Server | 2024-11-21 | N/A | 7.3 HIGH |
|
Azure DevOps Server Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36560 | 1 Microsoft | 14 .net Framework, Windows 10 1507, Windows 10 1607 and 11 more | 2024-11-21 | N/A | 8.8 HIGH |
|
ASP.NET Security Feature Bypass Vulnerability
|
|||||
| CVE-2023-36557 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 7 more | 2024-11-21 | N/A | 7.8 HIGH |
|
PrintHTML API Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36551 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request.
|
|||||
| CVE-2023-36537 | 1 Zoom | 1 Rooms | 2024-11-21 | N/A | 7.3 HIGH |
|
Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.
|
|||||
| CVE-2023-36533 | 1 Zoom | 2 Meeting Software Development Kit, Video Software Development Kit | 2024-11-21 | N/A | 7.1 HIGH |
|
Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access.
|
|||||
| CVE-2023-36523 | 1 Gopiplus | 1 Email Download Link | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email download link.This issue affects Email download link: from n/a through 3.7.
|
|||||
| CVE-2023-36507 | 1 Reputeinfosystems | 1 Bookingpress | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.64.
|
|||||
| CVE-2023-36496 | 1 Pingidentity | 1 Pingdirectory | 2024-11-21 | N/A | 7.7 HIGH |
|
Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.
|
|||||
| CVE-2023-36490 | 1 Intel | 1 Memory And Storage Tool | 2024-11-21 | N/A | 5.0 MEDIUM |
|
Improper initialization in some Intel(R) MAS software before version 2.3 may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2023-36486 | 1 Ilias | 1 Ilias | 2024-11-21 | N/A | 7.2 HIGH |
|
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename.
|
|||||
| CVE-2023-36485 | 1 Ilias | 1 Ilias | 2024-11-21 | N/A | 7.2 HIGH |
|
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file.
|
|||||
| CVE-2023-36462 | 1 Joinmastodon | 1 Mastodon | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 2.6.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker can craft a verified profile link using specific formatting to conceal arbitrary parts of the link, enabling it to appear to link to a different URL altogether. The link is visually misleading, but clicking on it will reveal the actual link. This can still be used for phishing, though, similar to IDN homograph attacks. Versions 3.5.9, 4. ...
Show More |
|||||
| CVE-2023-36439 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A | 8.0 HIGH |
|
Microsoft Exchange Server Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36438 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Windows TCP/IP Information Disclosure Vulnerability
|
|||||
| CVE-2023-36437 | 1 Microsoft | 1 Azure Pipelines Agent | 2024-11-21 | N/A | 8.8 HIGH |
|
Azure DevOps Server Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36436 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1809, Windows 10 21h1 and 8 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows MSHTML Platform Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36435 | 1 Microsoft | 4 .net, Windows 11 21h2, Windows 11 22h2 and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Microsoft QUIC Denial of Service Vulnerability
|
|||||