Total
11827 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38293 | 2024-08-02 | 7.3 High | ||
| Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus (versionCode='31', versionName='12') that allows local third-party apps to execute arbitrary AT commands in its context (radio user) via AT command injection due to inadequate access control and inadequate input filtering. No permissions or special privileges are necessary to exploit the vulnerability in the com.tracfone.tfstatus app. No user interaction is required beyond installing and running a third-party app. The software build fingerprints for each confirmed vulnerable device are as follows: Nokia C200 (Nokia/Drake_02US/DRK:12/SP1A.210812.016/02US_1_080:user/release-keys and Nokia/Drake_02US/DRK:12/SP1A.210812.016/02US_1_040:user/release-keys) and Nokia C100 (Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_270:user/release-keys, Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_190:user/release-keys, Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_130:user/release-keys, Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_110:user/release-keys, Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_080:user/release-keys, and Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_050:user/release-keys). This malicious app sends a broadcast Intent to the receiver component named com.tracfone.tfstatus/.TFStatus. This broadcast receiver extracts a string from the Intent and uses it as an extra when it starts the com.tracfone.tfstatus/.TFStatusActivity activity component which uses the externally controlled string as an input to execute an AT command. There are two different injection techniques to successfully inject arbitrary AT commands to execute. | ||||
| CVE-2023-38156 | 1 Microsoft | 1 Azure Hdinsights | 2024-08-02 | 7.2 High |
| Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability | ||||
| CVE-2023-37241 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 7.5 High |
| Input verification vulnerability in the WMS API. Successful exploitation of this vulnerability may cause the device to restart. | ||||
| CVE-2023-36912 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-08-02 | 7.5 High |
| Microsoft Message Queuing Denial of Service Vulnerability | ||||
| CVE-2023-36899 | 1 Microsoft | 11 .net, .net Framework, Windows 10 1809 and 8 more | 2024-08-02 | 8.8 High |
| ASP.NET Elevation of Privilege Vulnerability | ||||
| CVE-2023-36893 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-08-02 | 6.5 Medium |
| Microsoft Outlook Spoofing Vulnerability | ||||
| CVE-2023-36872 | 1 Microsoft | 1 Vp9 Video Extensions | 2024-08-02 | 5.5 Medium |
| VP9 Video Extensions Information Disclosure Vulnerability | ||||
| CVE-2023-36873 | 1 Microsoft | 13 .net, .net Framework, Windows 10 1607 and 10 more | 2024-08-02 | 7.4 High |
| .NET Framework Spoofing Vulnerability | ||||
| CVE-2023-36767 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-08-02 | 4.3 Medium |
| Microsoft Office Security Feature Bypass Vulnerability | ||||
| CVE-2023-36761 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-08-02 | 6.5 Medium |
| Microsoft Word Information Disclosure Vulnerability | ||||
| CVE-2023-36762 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2024-08-02 | 7.3 High |
| Microsoft Word Remote Code Execution Vulnerability | ||||
| CVE-2023-36706 | 1 Microsoft | 8 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 5 more | 2024-08-02 | 6.5 Medium |
| Windows Deployment Services Information Disclosure Vulnerability | ||||
| CVE-2023-36731 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-08-02 | 7.8 High |
| Win32k Elevation of Privilege Vulnerability | ||||
| CVE-2023-36707 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 2 more | 2024-08-02 | 6.5 Medium |
| Windows Deployment Services Denial of Service Vulnerability | ||||
| CVE-2023-36697 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-08-02 | 6.8 Medium |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | ||||
| CVE-2023-36719 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2024-08-02 | 7.8 High |
| Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability | ||||
| CVE-2023-36566 | 1 Microsoft | 5 Common Data Model Sdk, Common Data Model Sdk For Csharp, Common Data Model Sdk For Java and 2 more | 2024-08-02 | 6.5 Medium |
| Microsoft Common Data Model SDK Denial of Service Vulnerability | ||||
| CVE-2023-36585 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-08-02 | 7.5 High |
| Windows upnphost.dll Denial of Service Vulnerability | ||||
| CVE-2023-36407 | 1 Microsoft | 9 Windows 11 21h2, Windows 11 21h2, Windows 11 22h2 and 6 more | 2024-08-02 | 7.8 High |
| Windows Hyper-V Elevation of Privilege Vulnerability | ||||
| CVE-2023-36505 | 2024-08-02 | 6.8 Medium | ||
| Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24. | ||||