Total
11827 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36406 | 1 Microsoft | 9 Windows 11 21h2, Windows 11 21h2, Windows 11 22h2 and 6 more | 2024-08-02 | 5.5 Medium |
| Windows Hyper-V Information Disclosure Vulnerability | ||||
| CVE-2023-36049 | 2 Microsoft, Redhat | 19 .net, .net Framework, Visual Studio and 16 more | 2024-08-02 | 7.6 High |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | ||||
| CVE-2023-36021 | 1 Microsoft | 2 Azure Onprem Data Gateway, On-prem Data Gateway | 2024-08-02 | 8 High |
| Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability | ||||
| CVE-2023-35936 | 2 Debian, Pandoc | 2 Debian Linux, Pandoc | 2024-08-02 | 6 Medium |
| Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files using the `--extract-media` option or outputting to PDF format. This vulnerability allows an attacker to create or overwrite arbitrary files on the system ,depending on the privileges of the process running pandoc. It only affects systems that pass untrusted user input to pandoc and allow pandoc to be used to produce a PDF or with the `--extract-media` option. The fix is to unescape the percent-encoding prior to checking that the resource is not above the working directory, and prior to extracting the extension. Some code for checking that the path is below the working directory was flawed in a similar way and has also been fixed. Note that the `--sandbox` option, which only affects IO done by readers and writers themselves, does not block this vulnerability. The vulnerability is patched in pandoc 3.1.4. As a workaround, audit the pandoc command and disallow PDF output and the `--extract-media` option. | ||||
| CVE-2024-25656 | 1 Avsystem | 1 Unified Management Platform | 2024-08-02 | 5.9 Medium |
| Improper input validation in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS can result in unauthenticated CPE (Customer Premises Equipment) devices storing arbitrarily large amounts of data during registration. This can potentially lead to DDoS attacks on the application database and, ultimately, affect the entire product. | ||||
| CVE-2023-35365 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-08-02 | 9.8 Critical |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2023-35336 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2024-08-02 | 6.5 Medium |
| Windows MSHTML Platform Security Feature Bypass Vulnerability | ||||
| CVE-2023-35367 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-08-02 | 9.8 Critical |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2023-35377 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-08-02 | 6.5 Medium |
| Microsoft Message Queuing Denial of Service Vulnerability | ||||
| CVE-2023-35619 | 1 Microsoft | 1 Office Long Term Servicing Channel | 2024-08-02 | 5.3 Medium |
| Microsoft Outlook for Mac Spoofing Vulnerability | ||||
| CVE-2023-35366 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-08-02 | 9.8 Critical |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2023-35368 | 1 Microsoft | 1 Exchange Server | 2024-08-02 | 8.8 High |
| Microsoft Exchange Remote Code Execution Vulnerability | ||||
| CVE-2023-35303 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-08-02 | 8.8 High |
| USB Audio Class System Driver Remote Code Execution Vulnerability | ||||
| CVE-2023-35376 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-08-02 | 6.5 Medium |
| Microsoft Message Queuing Denial of Service Vulnerability | ||||
| CVE-2023-35306 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2024-08-02 | 5.5 Medium |
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | ||||
| CVE-2023-35349 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-08-02 | 9.8 Critical |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | ||||
| CVE-2023-35136 | 1 Zyxel | 20 Atp100, Atp100w, Atp200 and 17 more | 2024-08-02 | 5.5 Medium |
| An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to access configuration files on an affected device. | ||||
| CVE-2023-34872 | 1 Freedesktop | 1 Poppler | 2024-08-02 | 5.5 Medium |
| A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. | ||||
| CVE-2023-34610 | 1 Json-io Project | 1 Json-io | 2024-08-02 | 7.5 High |
| An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | ||||
| CVE-2023-34150 | 1 Apache | 1 Any23 | 2024-08-02 | 6.5 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage. | ||||