Total
11774 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36697 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 6.8 MEDIUM |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | |||||
| CVE-2023-36674 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 5.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax. | |||||
| CVE-2023-36619 | 1 Unify | 1 Session Border Controller | 2024-11-21 | N/A | 9.8 CRITICAL |
| Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users. | |||||
| CVE-2023-36585 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1809, Windows 10 21h1 and 8 more | 2024-11-21 | N/A | 7.5 HIGH |
| Windows upnphost.dll Denial of Service Vulnerability | |||||
| CVE-2023-36566 | 1 Microsoft | 1 Common Data Model Sdk | 2024-11-21 | N/A | 6.5 MEDIUM |
| Microsoft Common Data Model SDK Denial of Service Vulnerability | |||||
| CVE-2023-36466 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 3.5 LOW |
| Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passed version of Discourse. | |||||
| CVE-2023-36462 | 1 Joinmastodon | 1 Mastodon | 2024-11-21 | N/A | 5.4 MEDIUM |
| Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 2.6.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker can craft a verified profile link using specific formatting to conceal arbitrary parts of the link, enabling it to appear to link to a different URL altogether. The link is visually misleading, but clicking on it will reveal the actual link. This can still be used for phishing, though, similar to IDN homograph attacks. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue. | |||||
| CVE-2023-36407 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 2 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Hyper-V Elevation of Privilege Vulnerability | |||||
| CVE-2023-36406 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 2 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Windows Hyper-V Information Disclosure Vulnerability | |||||
| CVE-2023-36049 | 1 Microsoft | 16 .net, .net Framework, Visual Studio 2022 and 13 more | 2024-11-21 | N/A | 7.6 HIGH |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2023-36021 | 1 Microsoft | 1 On-prem Data Gateway | 2024-11-21 | N/A | 8.0 HIGH |
| Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability | |||||
| CVE-2023-35944 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | N/A | 8.2 HIGH |
| Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, this can lead to the rejection of requests with mixed-case schemes such as `htTp` or `htTps`, or the bypassing of some requests such as `https` in unencrypted connections. With a fix in versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, Envoy will now lowercase scheme values by default, and change the internal scheme checks that were case-sensitive to be case-insensitive. There are no known workarounds for this issue. | |||||
| CVE-2023-35798 | 1 Apache | 2 Apache-airflow-providers-microsoft-mssql, Apache-airflow-providers-odbc | 2024-11-21 | N/A | 4.3 MEDIUM |
| Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connection resources specifically updating the connection to exploit it. This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1. It is recommended to upgrade to a version that is not affected | |||||
| CVE-2023-35619 | 1 Microsoft | 1 Office Long Term Servicing Channel | 2024-11-21 | N/A | 5.3 MEDIUM |
| Microsoft Outlook for Mac Spoofing Vulnerability | |||||
| CVE-2023-35368 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft Exchange Remote Code Execution Vulnerability | |||||
| CVE-2023-35367 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||
| CVE-2023-35366 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||
| CVE-2023-35365 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||
| CVE-2023-35349 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | |||||
| CVE-2023-35336 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Windows MSHTML Platform Security Feature Bypass Vulnerability | |||||