Total
756 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35374 | 1 Microsoft | 1 Paint 3d | 2024-11-21 | N/A | 7.8 HIGH |
| Paint 3D Remote Code Execution Vulnerability | |||||
| CVE-2023-35363 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-35350 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-11-21 | N/A | 7.2 HIGH |
| Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability | |||||
| CVE-2023-35337 | 1 Microsoft | 5 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 2 more | 2024-11-21 | N/A | 7.8 HIGH |
| Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2023-35305 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-35304 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-35302 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | |||||
| CVE-2023-34299 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-17910. | |||||
| CVE-2023-34289 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Ashlar-Vellum Cobalt Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-17985. | |||||
| CVE-2023-33152 | 1 Microsoft | 2 365 Apps, Office | 2024-11-21 | N/A | 7.0 HIGH |
| Microsoft ActiveX Remote Code Execution Vulnerability | |||||
| CVE-2023-33146 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2023-33133 | 1 Microsoft | 4 365 Apps, Excel, Office Long Term Servicing Channel and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2023-33129 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| Microsoft SharePoint Denial of Service Vulnerability | |||||
| CVE-2023-32461 | 1 Dell | 104 Emc Xc Core Xc450, Emc Xc Core Xc450 Firmware, Emc Xc Core Xc650 and 101 more | 2024-11-21 | N/A | 5.0 MEDIUM |
| Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges. | |||||
| CVE-2023-32307 | 2 Debian, Signalwire | 2 Debian Linux, Sofia-sip | 2024-11-21 | N/A | 7.5 HIGH |
| Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade. | |||||
| CVE-2023-32157 | 2024-11-21 | N/A | 4.6 MEDIUM | ||
| Tesla Model 3 bsa_server BIP Heap-based Buffer Overflow Arbitrary Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the bsa_server process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of an unprivileged user in a sandboxed process. . Was ZDI-CAN-20737. | |||||
| CVE-2023-32140 | 2024-11-21 | N/A | 7.5 HIGH | ||
| D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing the var:sys_Token parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18418. | |||||
| CVE-2023-32138 | 2024-11-21 | N/A | 7.5 HIGH | ||
| D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18416. | |||||
| CVE-2023-32083 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2024-11-21 | N/A | 6.5 MEDIUM |
| Microsoft Failover Cluster Information Disclosure Vulnerability | |||||
| CVE-2023-32047 | 1 Microsoft | 1 Paint 3d | 2024-11-21 | N/A | 7.8 HIGH |
| Paint 3D Remote Code Execution Vulnerability | |||||