Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24885 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
|
|||||
| CVE-2023-24884 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
|
|||||
| CVE-2023-24883 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
|
|||||
| CVE-2023-24881 | 1 Microsoft | 1 Teams | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Microsoft Teams Information Disclosure Vulnerability
|
|||||
| CVE-2023-24876 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
|
|||||
| CVE-2023-24872 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
|
|||||
| CVE-2023-24871 | 1 Microsoft | 6 Windows 10 20h2, Windows 10 21h2, Windows 10 22h2 and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Windows Bluetooth Service Remote Code Execution Vulnerability
|
|||||
| CVE-2023-24869 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.1 HIGH |
|
Remote Procedure Call Runtime Remote Code Execution Vulnerability
|
|||||
| CVE-2023-24868 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
|
|||||
| CVE-2023-24867 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
|
|||||
| CVE-2023-24865 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
|
|||||
| CVE-2023-24864 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-24859 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
|
|||||
| CVE-2023-24858 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
|
|||||
| CVE-2023-24857 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
|
|||||
| CVE-2023-24856 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
|
|||||
| CVE-2023-24736 | 1 Sigb | 1 Pmb | 2024-11-21 | N/A | 9.8 CRITICAL |
|
PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php.
|
|||||
| CVE-2023-24607 | 1 Qt | 1 Qt | 2024-11-21 | N/A | 7.5 HIGH |
|
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.
|
|||||
| CVE-2023-24597 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | N/A | 5.3 MEDIUM |
|
OX App Suite before frontend 7.10.6-rev24 allows the loading (without user consent) of an e-mail message's remote resources during printing.
|
|||||
| CVE-2023-24589 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-24588 | 1 Intel | 10 Optane Memory H20 With Solid State Storage, Optane Memory H20 With Solid State Storage Firmware, Optane Ssd 900p and 7 more | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Exposure of sensitive information to an unauthorized actor in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access.
|
|||||
| CVE-2023-24587 | 1 Intel | 10 Optane Memory H20 With Solid State Storage, Optane Memory H20 With Solid State Storage Firmware, Optane Ssd 900p and 7 more | 2024-11-21 | N/A | 6.9 MEDIUM |
|
Insufficient control flow management in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable denial of service via local access.
|
|||||
| CVE-2023-24575 | 1 Dell | 1 Multifunction Printer E525w Driver And Software Suite | 2024-11-21 | N/A | 7.8 HIGH |
|
Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system
|
|||||
| CVE-2023-24573 | 1 Dell | 1 Command \| Monitor | 2024-11-21 | N/A | 4.7 MEDIUM |
|
Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.
|
|||||
| CVE-2023-24509 | 1 Arista | 21 704x3, 7304x, 7304x3 and 18 more | 2024-11-21 | N/A | 9.3 CRITICAL |
|
On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.
|
|||||
| CVE-2023-24504 | 1 Electra-air | 2 Central Ac Unit, Central Ac Unit Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
Electra Central AC unit – Adjacent attacker may cause the unit to connect to unauthorized update server.
|
|||||
| CVE-2023-24499 | 1 Butterfly-button Project | 1 Butterfly-button | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Butterfly Button plugin may leave traces of its use on user's device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its use.
|
|||||
| CVE-2023-24491 | 2 Citrix, Microsoft | 2 Secure Access Client, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
A vulnerability has been discovered in the Citrix Secure Access client for Windows
which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM.
|
|||||
| CVE-2023-24487 | 1 Citrix | 2 Application Delivery Controller, Gateway | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Arbitrary file read in Citrix ADC and Citrix Gateway
|
|||||
| CVE-2023-24481 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-24476 | 1 Ptc | 1 Vuforia Studio | 2024-11-21 | N/A | 1.8 LOW |
|
An attacker with local access to the machine could record the traffic,
which could allow them to resend requests without the server
authenticating that the user or session are valid.
|
|||||
| CVE-2023-24463 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
|
|||||
| CVE-2023-24069 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2024-11-21 | N/A | 3.3 LOW |
|
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the produc ...
Show More |
|||||
| CVE-2023-24068 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change ...
Show More |
|||||
| CVE-2023-24052 | 1 Connectize | 2 Ac21000 G6, Ac21000 G6 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password.
|
|||||
| CVE-2023-24023 | 2 Bluetooth, Microsoft | 10 Bluetooth Core Specification, Windows 10 1809, Windows 10 21h2 and 7 more | 2024-11-21 | N/A | 6.8 MEDIUM |
|
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
|
|||||
| CVE-2023-24015 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.
The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.
|
|||||
| CVE-2023-23978 | 1 Switchwp | 1 Wp Client Reports | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SwitchWP WP Client Reports plugin <= 1.0.16 versions.
|
|||||
| CVE-2023-23958 | 1 Symantec | 1 Protection Engine | 2024-11-21 | N/A | 6.8 MEDIUM |
|
Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability.
|
|||||
| CVE-2023-23941 | 1 Shopware | 1 Swagpaypal | 2024-11-21 | N/A | 7.5 HIGH |
|
SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used (PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card), the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has been fixed with version 5.4.4. As a workaround, disable the aforementioned payment methods or use the Security Plugin in version >= 1.0.21.
|
|||||