Total
11823 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-24975 | 1 Ibm | 1 Spectrum Symphony | 2024-08-02 | 5.4 Medium |
IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 247030. | ||||
CVE-2023-24937 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 8 more | 2024-08-02 | 6.5 Medium |
Windows CryptoAPI Denial of Service Vulnerability | ||||
CVE-2023-24866 | 1 Microsoft | 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more | 2024-08-02 | 6.5 Medium |
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | ||||
CVE-2023-24856 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2024-08-02 | 7.5 High |
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | ||||
CVE-2023-24865 | 1 Microsoft | 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more | 2024-08-02 | 6.5 Medium |
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | ||||
CVE-2023-24807 | 2 Nodejs, Redhat | 3 Undici, Enterprise Linux, Rhel Eus | 2024-08-02 | 7.5 High |
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available. | ||||
CVE-2023-24853 | 1 Qualcomm | 226 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 223 more | 2024-08-02 | 8.4 High |
Memory Corruption in HLOS while registering for key provisioning notify. | ||||
CVE-2023-24569 | 1 Dell | 1 Alienware Command Center | 2024-08-02 | 7.8 High |
Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system. | ||||
CVE-2023-24571 | 1 Dell | 2 Embedded Box Pc 3000, Embedded Box Pc 3000 Firmware | 2024-08-02 | 7.5 High |
Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution. | ||||
CVE-2023-24493 | 1 Tenable | 1 Tenable.sc | 2024-08-02 | 5.7 Medium |
A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host. | ||||
CVE-2023-24422 | 2 Jenkins, Redhat | 3 Script Security, Ocp Tools, Openshift | 2024-08-02 | 8.8 High |
A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | ||||
CVE-2023-24329 | 4 Fedoraproject, Netapp, Python and 1 more | 14 Fedora, Active Iq Unified Manager, Management Services For Element Software and 11 more | 2024-08-02 | 7.5 High |
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | ||||
CVE-2023-24304 | 1 Irfanview | 1 Irfanview | 2024-08-02 | 7.8 High |
Improper input validation in the PDF.dll plugin of IrfanView v4.60 allows attackers to execute arbitrary code via opening a crafted PDF file. | ||||
CVE-2023-23934 | 2 Palletsprojects, Redhat | 2 Werkzeug, Openstack | 2024-08-02 | 2.6 Low |
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3. | ||||
CVE-2023-23416 | 1 Microsoft | 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more | 2024-08-02 | 7.8 High |
Windows Cryptographic Services Remote Code Execution Vulnerability | ||||
CVE-2023-23409 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2024-08-02 | 5.5 Medium |
Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | ||||
CVE-2023-23375 | 1 Microsoft | 6 Odbc, Odbc Driver 17 For Sql Server, Odbc Driver 18 For Sql Server and 3 more | 2024-08-02 | 7.8 High |
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability | ||||
CVE-2023-23419 | 1 Microsoft | 2 Windows 11 22h2, Windows 11 22h2 | 2024-08-02 | 7.8 High |
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | ||||
CVE-2023-23009 | 3 Debian, Libreswan, Redhat | 3 Debian Linux, Libreswan, Enterprise Linux | 2024-08-02 | 6.5 Medium |
Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length. | ||||
CVE-2023-22916 | 1 Zyxel | 36 Atp100, Atp100 Firmware, Atp100w and 33 more | 2024-08-02 | 8.1 High |
The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails to properly sanitize user input. A remote unauthenticated attacker could leverage the vulnerability to modify device configuration data, resulting in DoS conditions on an affected device if the attacker could trick an authorized administrator to switch the management mode to the cloud mode. |