Total
1660 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28320 | 3 Apple, Haxx, Netapp | 12 Macos, Curl, Clustered Data Ontap and 9 more | 2024-08-02 | 5.9 Medium |
| A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. | ||||
| CVE-2023-28308 | 1 Microsoft | 8 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 5 more | 2024-08-02 | 6.6 Medium |
| Windows DNS Server Remote Code Execution Vulnerability | ||||
| CVE-2023-28307 | 1 Microsoft | 8 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 5 more | 2024-08-02 | 6.6 Medium |
| Windows DNS Server Remote Code Execution Vulnerability | ||||
| CVE-2023-28306 | 1 Microsoft | 8 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 5 more | 2024-08-02 | 6.6 Medium |
| Windows DNS Server Remote Code Execution Vulnerability | ||||
| CVE-2023-28305 | 1 Microsoft | 8 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 5 more | 2024-08-02 | 6.6 Medium |
| Windows DNS Server Remote Code Execution Vulnerability | ||||
| CVE-2023-28278 | 1 Microsoft | 8 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 5 more | 2024-08-02 | 6.6 Medium |
| Windows DNS Server Remote Code Execution Vulnerability | ||||
| CVE-2023-28232 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2024-08-02 | 7.5 High |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | ||||
| CVE-2023-28273 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 11 more | 2024-08-02 | 7 High |
| Windows Clip Service Elevation of Privilege Vulnerability | ||||
| CVE-2023-28142 | 1 Qualys | 1 Cloud Agent | 2024-08-02 | 6.7 Medium |
| A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on that asset to run arbitrary commands. At the time of this disclosure, versions before 4.0 are classified as End of Life. | ||||
| CVE-2023-28126 | 1 Ivanti | 1 Avalanche | 2024-08-02 | 5.9 Medium |
| An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message. | ||||
| CVE-2023-28144 | 1 Kdab | 1 Hotspot | 2024-08-02 | 7.0 High |
| KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls. | ||||
| CVE-2023-28125 | 1 Ivanti | 1 Avalanche | 2024-08-02 | 5.9 Medium |
| An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass. | ||||
| CVE-2023-27952 | 1 Apple | 1 Macos | 2024-08-02 | 4.7 Medium |
| A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks. | ||||
| CVE-2023-26980 | 1 Pax | 2 A920 Pro, Paydroid | 2024-08-02 | 7.0 High |
| PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process. NOTE: the vendor disputes this because the attack is not feasible: the home launcher will be loaded before any user applications. | ||||
| CVE-2023-24903 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-08-02 | 8.1 High |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | ||||
| CVE-2023-24899 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 21h2, Windows 11 22h2 and 2 more | 2024-08-02 | 7 High |
| Windows Graphics Component Elevation of Privilege Vulnerability | ||||
| CVE-2023-24861 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2024-08-02 | 7 High |
| Windows Graphics Component Elevation of Privilege Vulnerability | ||||
| CVE-2023-24042 | 1 Lightftp Project | 1 Lightftp | 2024-08-02 | 7.5 High |
| A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. A handler thread can use an overwritten context->FileName. | ||||
| CVE-2023-23404 | 1 Microsoft | 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more | 2024-08-02 | 8.1 High |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | ||||
| CVE-2023-23393 | 1 Microsoft | 13 Windows 10 1809, Windows 10 20h2, Windows 10 20h2 and 10 more | 2024-08-02 | 7 High |
| Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability | ||||