Total
11506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36466 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 3.5 LOW |
| Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passed version of Discourse. | |||||
| CVE-2023-36462 | 1 Joinmastodon | 1 Mastodon | 2024-11-21 | N/A | 5.4 MEDIUM |
| Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 2.6.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker can craft a verified profile link using specific formatting to conceal arbitrary parts of the link, enabling it to appear to link to a different URL altogether. The link is visually misleading, but clicking on it will reveal the actual link. This can still be used for phishing, though, similar to IDN homograph attacks. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue. | |||||
| CVE-2023-36407 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 2 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Hyper-V Elevation of Privilege Vulnerability | |||||
| CVE-2023-36406 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 2 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Windows Hyper-V Information Disclosure Vulnerability | |||||
| CVE-2023-36049 | 1 Microsoft | 16 .net, .net Framework, Visual Studio 2022 and 13 more | 2024-11-21 | N/A | 7.6 HIGH |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2023-36021 | 1 Microsoft | 1 On-prem Data Gateway | 2024-11-21 | N/A | 8.0 HIGH |
| Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability | |||||
| CVE-2023-35944 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | N/A | 8.2 HIGH |
| Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, this can lead to the rejection of requests with mixed-case schemes such as `htTp` or `htTps`, or the bypassing of some requests such as `https` in unencrypted connections. With a fix in versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, Envoy will now lowercase scheme values by default, and change the internal scheme checks that were case-sensitive to be case-insensitive. There are no known workarounds for this issue. | |||||
| CVE-2023-35798 | 1 Apache | 2 Apache-airflow-providers-microsoft-mssql, Apache-airflow-providers-odbc | 2024-11-21 | N/A | 4.3 MEDIUM |
| Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connection resources specifically updating the connection to exploit it. This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1. It is recommended to upgrade to a version that is not affected | |||||
| CVE-2023-35619 | 1 Microsoft | 1 Office Long Term Servicing Channel | 2024-11-21 | N/A | 5.3 MEDIUM |
| Microsoft Outlook for Mac Spoofing Vulnerability | |||||
| CVE-2023-35368 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft Exchange Remote Code Execution Vulnerability | |||||
| CVE-2023-35367 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||
| CVE-2023-35366 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||
| CVE-2023-35365 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||
| CVE-2023-35349 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | |||||
| CVE-2023-35336 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Windows MSHTML Platform Security Feature Bypass Vulnerability | |||||
| CVE-2023-35306 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | |||||
| CVE-2023-35303 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 8.8 HIGH |
| USB Audio Class System Driver Remote Code Execution Vulnerability | |||||
| CVE-2023-35163 | 1 Gobalsky | 1 Vega | 2024-11-21 | N/A | 6.0 MEDIUM |
| Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a party’s general account on Vega, can be re-processed 50 times resulting in 5000USDT in that party’s general account. This is without depositing any more than the original 100USDT on the bridge. Despite this exploit requiring access to a validator's Vega key, a validator key can be obtained at the small cost of 3000VEGA, the amount needed to announce a new node onto the network. A patch is available in version 0.71.6. No known workarounds are available, however there are mitigations in place should this vulnerability be exploited. There are monitoring alerts for `mainnet1` in place to identify any issues of this nature including this vulnerability being exploited. The validators have the ability to stop the bridge thus stopping any withdrawals should this vulnerability be exploited. | |||||
| CVE-2023-35136 | 1 Zyxel | 20 Atp100, Atp100w, Atp200 and 17 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to access configuration files on an affected device. | |||||
| CVE-2023-34983 | 1 Intel | 10 Killer, Killer Wi-fi 6 Ax1650, Killer Wi-fi 6e Ax1675 and 7 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||