Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36045 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft Office Graphics Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36039 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A | 8.0 HIGH |
|
Microsoft Exchange Server Spoofing Vulnerability
|
|||||
| CVE-2023-36038 | 1 Microsoft | 3 .net, Asp.net Core, Visual Studio 2022 | 2024-11-21 | N/A | 8.2 HIGH |
|
ASP.NET Core Denial of Service Vulnerability
|
|||||
| CVE-2023-36037 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft Excel Security Feature Bypass Vulnerability
|
|||||
| CVE-2023-36035 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A | 8.0 HIGH |
|
Microsoft Exchange Server Spoofing Vulnerability
|
|||||
| CVE-2023-36030 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Microsoft Dynamics 365 Sales Spoofing Vulnerability
|
|||||
| CVE-2023-36028 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36027 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 7.1 HIGH |
|
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36026 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
|||||
| CVE-2023-36021 | 1 Microsoft | 1 On-prem Data Gateway | 2024-11-21 | N/A | 8.0 HIGH |
|
Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability
|
|||||
| CVE-2023-36019 | 1 Microsoft | 2 Azure Logic Apps, Power Platform | 2024-11-21 | N/A | 9.6 CRITICAL |
|
Microsoft Power Platform Connector Spoofing Vulnerability
|
|||||
| CVE-2023-36018 | 1 Microsoft | 1 Jupyter | 2024-11-21 | N/A | 7.8 HIGH |
|
Visual Studio Code Jupyter Extension Spoofing Vulnerability
|
|||||
| CVE-2023-36012 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-11-21 | N/A | 5.3 MEDIUM |
|
DHCP Server Service Information Disclosure Vulnerability
|
|||||
| CVE-2023-36011 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Win32k Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36010 | 1 Microsoft | 1 Malware Protection Platform | 2024-11-21 | N/A | 7.5 HIGH |
|
Microsoft Defender Denial of Service Vulnerability
|
|||||
| CVE-2023-36009 | 1 Microsoft | 2 365 Apps, Office | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Microsoft Word Information Disclosure Vulnerability
|
|||||
| CVE-2023-36008 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 6.6 MEDIUM |
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36007 | 1 Microsoft | 1 Send Customer Voice Survey From Dynamics 365 | 2024-11-21 | N/A | 7.6 HIGH |
|
Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability
|
|||||
| CVE-2023-36006 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36005 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Windows Telephony Server Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36004 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability
|
|||||
| CVE-2023-36003 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
XAML Diagnostics Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-35983 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 5.5 MEDIUM |
|
This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system.
|
|||||
| CVE-2023-35977 | 1 Arubanetworks | 14 Arubaos, Mc-va-10, Mc-va-1k and 11 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
|
|||||
| CVE-2023-35976 | 1 Arubanetworks | 14 Arubaos, Mc-va-10, Mc-va-1k and 11 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
|
|||||
| CVE-2023-35928 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 8.4 HIGH |
|
Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 19.0.0 until 19.0.13.9, 20.0.0 until 20.0.14.14, 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, a user could use this functionality to get access to the login credentials of another user and tak ...
Show More |
|||||
| CVE-2023-35927 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 7.6 HIGH |
|
NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, when two server are registered as trusted servers for each other and successfully exchanged the share secrets, the malici ...
Show More |
|||||
| CVE-2023-35921 | 1 Siemens | 12 Simatic Mv540 H, Simatic Mv540 H Firmware, Simatic Mv540 S and 9 more | 2024-11-21 | N/A | 7.5 HIGH |
|
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). Affected devices cannot properly process specially crafted Ethernet frames sent to the devices. This could allow an unauthenticated remote attacker to cause a denial of service condition. The affected devices must b ...
Show More |
|||||
| CVE-2023-35920 | 1 Siemens | 12 Simatic Mv540 H, Simatic Mv540 H Firmware, Simatic Mv540 S and 9 more | 2024-11-21 | N/A | 7.5 HIGH |
|
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). Affected devices cannot properly process specially crafted IP packets sent to the devices. This could allow an unauthenticated remote attacker to cause a denial of service condition. The affected devices must be res ...
Show More |
|||||
| CVE-2023-35900 | 3 Ibm, Microsoft, Redhat | 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368.
|
|||||
| CVE-2023-35898 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: 259352.
|
|||||
| CVE-2023-35818 | 1 Espressif | 44 Esp-eye, Esp-eye Firmware, Esp32-d0wd-v3 and 41 more | 2024-11-21 | N/A | 6.8 MEDIUM |
|
An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit another behavior in the chip to gain unauthorized access to the ROM download mode. Access to ROM download mode may be further exploited to read the encrypted flash content in cleartext format or execute s ...
Show More |
|||||
| CVE-2023-35692 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
|
In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-35690 | 1 Google | 1 Android | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-35677 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-35676 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
|
In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-35675 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-35671 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when the device is in locked screen mode due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-35667 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
|
In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-35643 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
|
DHCP Server Service Information Disclosure Vulnerability
|
|||||