Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28646 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | N/A | 4.4 MEDIUM |
|
Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This allows to see meta information like sharer, sharees and activity of files. It is recommended that the Nextcloud Android app is upgraded to 3.24.1. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2023-28644 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 5.7 MEDIUM |
|
Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is upgraded to 25.0.3. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2023-28626 | 1 Comrak Project | 1 Comrak | 2024-11-21 | N/A | 5.3 MEDIUM |
|
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in version 0.17.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-047`
|
|||||
| CVE-2023-28584 | 1 Qualcomm | 144 Aqt1000, Aqt1000 Firmware, Csrb31024 and 141 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA).
|
|||||
| CVE-2023-28568 | 1 Qualcomm | 176 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 173 more | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Information disclosure in WLAN HAL when reception status handler is called.
|
|||||
| CVE-2023-28553 | 1 Qualcomm | 288 Ar8035, Ar8035 Firmware, Ar9380 and 285 more | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Information Disclosure in WLAN Host when processing WMI event command.
|
|||||
| CVE-2023-28513 | 5 Hp, Ibm, Linux and 2 more | 9 Hp-ux, Aix, I and 6 more | 2024-11-21 | N/A | 5.9 MEDIUM |
|
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.
|
|||||
| CVE-2023-28483 | 1 Tigergraph | 1 Tigergraph | 2024-11-21 | N/A | 8.8 HIGH |
|
An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL queries that contain UDFs can bypass this configuration setting and, as a consequence, can write to any file location to which the administrative user has access.
|
|||||
| CVE-2023-28479 | 1 Tigergraph | 1 Tigergraph | 2024-11-21 | N/A | 8.8 HIGH |
|
An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform installs a full development toolchain within every TigerGraph deployment. An attacker is able to compile new executables on each Tigergraph system and modify system and Tigergraph binaries.
|
|||||
| CVE-2023-28440 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 2.7 LOW |
|
Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untrusted. This issue has been addressed in versions 3.0.3 and 3.1.0.beta4. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2023-28433 | 1 Minio | 1 Minio | 2024-11-21 | N/A | 8.8 HIGH |
|
Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the `\` character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key, service account, or STS credential, which only has permission to `PutObject` in a specific bucket, can create an admin user. This issue is patched in RELEASE.2023-03-20T20-16-18Z. There are no known workar ...
Show More |
|||||
| CVE-2023-28374 | 1 Intel | 7 Killer, Killer Wi-fi 6e Ax1675, Killer Wi-fi 6e Ax1690 and 4 more | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
|
|||||
| CVE-2023-28373 | 1 Purestorage | 1 Purity\/\/fa | 2024-11-21 | N/A | 4.4 MEDIUM |
|
A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.
|
|||||
| CVE-2023-28372 | 1 Purestorage | 1 Purity | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.
|
|||||
| CVE-2023-28330 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.
|
|||||
| CVE-2023-28312 | 1 Microsoft | 1 Azure Machine Learning | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Azure Machine Learning Information Disclosure Vulnerability
|
|||||
| CVE-2023-28311 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft Word Remote Code Execution Vulnerability
|
|||||
| CVE-2023-28310 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A | 8.0 HIGH |
|
Microsoft Exchange Server Remote Code Execution Vulnerability
|
|||||
| CVE-2023-28304 | 1 Microsoft | 2 Odbc, Ole Db | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
|
|||||
| CVE-2023-28303 | 1 Microsoft | 2 Snip \& Sketch, Snipping Tool | 2024-11-21 | N/A | 3.3 LOW |
|
Windows Snipping Tool Information Disclosure Vulnerability
|
|||||
| CVE-2023-28300 | 1 Microsoft | 1 Azure Service Connector | 2024-11-21 | N/A | 7.5 HIGH |
|
Azure Service Connector Security Feature Bypass Vulnerability
|
|||||
| CVE-2023-28299 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Visual Studio Spoofing Vulnerability
|
|||||
| CVE-2023-28298 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 9 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Windows Kernel Denial of Service Vulnerability
|
|||||
| CVE-2023-28297 | 1 Microsoft | 10 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 7 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-28296 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2024-11-21 | N/A | 7.8 HIGH |
|
Visual Studio Remote Code Execution Vulnerability
|
|||||
| CVE-2023-28295 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft Publisher Remote Code Execution Vulnerability
|
|||||
| CVE-2023-28292 | 1 Microsoft | 5 Raw Image Extension, Windows 10 20h2, Windows 10 21h2 and 2 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Raw Image Extension Remote Code Execution Vulnerability
|
|||||
| CVE-2023-28291 | 1 Microsoft | 5 Raw Image Extension, Windows 10 20h2, Windows 10 21h2 and 2 more | 2024-11-21 | N/A | 8.4 HIGH |
|
Raw Image Extension Remote Code Execution Vulnerability
|
|||||
| CVE-2023-28287 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft Publisher Remote Code Execution Vulnerability
|
|||||
| CVE-2023-28283 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 8.1 HIGH |
|
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
|
|||||
| CVE-2023-28277 | 1 Microsoft | 1 Windows Server 2022 | 2024-11-21 | N/A | 4.9 MEDIUM |
|
Windows DNS Server Information Disclosure Vulnerability
|
|||||
| CVE-2023-28276 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 4.4 MEDIUM |
|
Windows Group Policy Security Feature Bypass Vulnerability
|
|||||
| CVE-2023-28275 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2023-28274 | 1 Microsoft | 8 Windows 10 1809, Windows 10 20h2, Windows 10 21h2 and 5 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Win32k Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-28272 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Kernel Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-28271 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Windows Kernel Memory Information Disclosure Vulnerability
|
|||||
| CVE-2023-28270 | 1 Microsoft | 8 Windows 10 1809, Windows 10 20h2, Windows 10 21h2 and 5 more | 2024-11-21 | N/A | 6.8 MEDIUM |
|
Windows Lock Screen Security Feature Bypass Vulnerability
|
|||||
| CVE-2023-28269 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 6.2 MEDIUM |
|
Windows Boot Manager Security Feature Bypass Vulnerability
|
|||||
| CVE-2023-28268 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-11-21 | N/A | 8.1 HIGH |
|
Netlogon RPC Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-28266 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Windows Common Log File System Driver Information Disclosure Vulnerability
|
|||||