Search Results (364870 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-41123 1 Microsoft 1 Exchange Server 2025-01-02 7.8 High
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2022-41078 1 Microsoft 1 Exchange Server 2025-01-02 8 High
Microsoft Exchange Server Spoofing Vulnerability
CVE-2022-41122 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2025-01-02 6.5 Medium
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2022-41120 1 Microsoft 1 Windows Sysmon 2025-01-02 7.8 High
Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability
CVE-2022-41102 1 Microsoft 14 Windows 10, Windows 10 1507, Windows 10 1607 and 11 more 2025-01-02 7.8 High
Windows Overlay Filter Elevation of Privilege Vulnerability
CVE-2022-41101 1 Microsoft 14 Windows 10, Windows 10 1507, Windows 10 1607 and 11 more 2025-01-02 7.8 High
Windows Overlay Filter Elevation of Privilege Vulnerability
CVE-2022-41058 1 Microsoft 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more 2025-01-02 7.5 High
Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2022-41100 1 Microsoft 17 Windows 10, Windows 10 1507, Windows 10 1607 and 14 more 2025-01-02 7.8 High
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
CVE-2022-41085 1 Microsoft 1 Azure Cyclecloud 2025-01-02 7.5 High
Azure CycleCloud Elevation of Privilege Vulnerability
CVE-2022-37992 1 Microsoft 22 Windows 10, Windows 10 1507, Windows 10 1607 and 19 more 2025-01-02 7.8 High
Windows Group Policy Elevation of Privilege Vulnerability
CVE-2022-38014 1 Microsoft 3 Azure Eflow, Azure Iot Edge For Linux, Windows Subsystem For Linux 2025-01-02 7 High
Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
CVE-2024-32461 1 Librenms 1 Librenms 2025-01-02 7.1 High
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an attacker can exploit a SQL injection time based vulnerability to extract all data from the database, such as administrator credentials. Version 24.4.0 contains a patch for the vulnerability.
CVE-2022-44684 1 Microsoft 14 Windows 10 20h2, Windows 10 20h2, Windows 10 21h1 and 11 more 2025-01-02 6.5 Medium
Windows Local Session Manager (LSM) Denial of Service Vulnerability
CVE-2023-35142 1 Jenkins 1 Checkmarx 2025-01-02 8.1 High
Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default.
CVE-2023-35110 1 Jjson Project 1 Jjson 2025-01-02 7.5 High
An issue was discovered jjson thru 0.1.7 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
CVE-2023-34878 1 Ujcms 1 Ujcms 2025-01-02 7.5 High
An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip.
CVE-2023-34868 1 Jerryscript 1 Jerryscript 2025-01-02 7.5 High
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core/parser/js/js-parser-statm.c.
CVE-2022-48506 1 Dominionvoting 1 Democracy Suite 2025-01-02 2.4 Low
A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios. This issue was observed for use of the following versions of Democracy Suite: 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, 5.15. NOTE: the Democracy Suite 5.17 EAC Certificate of Conformance mentions "Improved pseudo random number algorithm," which may be relevant.
CVE-2023-34250 1 Discourse 1 Discourse 2025-01-02 4.8 Medium
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created (but not the actual content thereof) in categories they didn't have access to. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds.
CVE-2023-32301 1 Discourse 1 Discourse 2025-01-02 3.1 Low
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. As a workaround, disable topic embedding if it has been enabled.