Total
333 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23389 | 1 Microsoft | 1 Malware Protection Engine | 2024-05-29 | N/A | 6.3 MEDIUM |
| Microsoft Defender Elevation of Privilege Vulnerability | |||||
| CVE-2023-38146 | 1 Microsoft | 2 Windows 11 21h2, Windows 11 22h2 | 2024-05-29 | N/A | 8.8 HIGH |
| Windows Themes Remote Code Execution Vulnerability | |||||
| CVE-2023-38141 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-05-29 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-35311 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-05-29 | N/A | 8.8 HIGH |
| Microsoft Outlook Security Feature Bypass Vulnerability | |||||
| CVE-2023-33156 | 1 Microsoft | 1 Malware Protection Engine | 2024-05-29 | N/A | 7.0 HIGH |
| Microsoft Defender Elevation of Privilege Vulnerability | |||||
| CVE-2023-33154 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-05-29 | N/A | 9.8 CRITICAL |
| Windows Partition Management Driver Elevation of Privilege Vulnerability | |||||
| CVE-2023-21555 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more | 2024-05-29 | N/A | 8.1 HIGH |
| Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | |||||
| CVE-2023-21537 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more | 2024-05-29 | N/A | 7.8 HIGH |
| Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | |||||
| CVE-2023-35378 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-05-29 | N/A | 7.0 HIGH |
| Windows Projected File System Elevation of Privilege Vulnerability | |||||
| CVE-2023-29337 | 1 Microsoft | 1 Nuget | 2024-05-29 | N/A | 7.1 HIGH |
| NuGet Client Remote Code Execution Vulnerability | |||||
| CVE-2024-21371 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-05-29 | N/A | 7.0 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-21362 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-05-29 | N/A | 5.5 MEDIUM |
| Windows Kernel Security Feature Bypass Vulnerability | |||||
| CVE-2024-21792 | 2024-05-17 | N/A | 4.7 MEDIUM | ||
| Time-of-check Time-of-use race condition in Intel(R) Neural Compressor software before version 2.5.0 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2024-3292 | 2024-05-17 | N/A | 8.2 HIGH | ||
| A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus Agent host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host. - CVE-2024-3292 | |||||
| CVE-2024-3290 | 2024-05-17 | N/A | 8.2 HIGH | ||
| A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host | |||||
| CVE-2024-28137 | 2024-05-14 | N/A | 7.8 HIGH | ||
| A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability. | |||||
| CVE-2024-2913 | 2024-05-07 | N/A | 6.5 MEDIUM | ||
| A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user accounts from a single invite link intended for only one user. This bypasses the intended security mechanism that restricts invite acceptance to a single user, leading to unauthorized user creation without detection in the invite tab. The issue is due to the lack of validation for concurrent requests in the backend. | |||||
| CVE-2023-33119 | 2024-05-06 | N/A | 8.4 HIGH | ||
| Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache. | |||||
| CVE-2023-32156 | 2024-05-03 | N/A | 9.0 CRITICAL | ||
| Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute privileged code on the Tesla infotainment system in order to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from improper error-handling during the update process. An attacker can leverage this vulnerability to execute code in the context of Tesla's Gateway ECU. Was ZDI-CAN-20734. | |||||
| CVE-2023-27323 | 2024-05-03 | N/A | 7.8 HIGH | ||
| Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater service. By creating a symbolic link, an attacker can abuse the service to execute a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-18150. | |||||