Total
27847 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38407 | 1 Frrouting | 1 Frrouting | 2024-07-03 | N/A | 7.5 HIGH |
| bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing. | |||||
| CVE-2023-28330 | 1 Moodle | 1 Moodle | 2024-07-03 | N/A | 6.5 MEDIUM |
| Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default. | |||||
| CVE-2023-24069 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2024-07-03 | N/A | 3.3 LOW |
| Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access. | |||||
| CVE-2023-23923 | 1 Moodle | 1 Moodle | 2024-07-03 | N/A | 8.2 HIGH |
| The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality. | |||||
| CVE-2023-22934 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-07-03 | N/A | 8.0 HIGH |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser. | |||||
| CVE-2023-21267 | 1 Google | 1 Android | 2024-07-03 | N/A | 5.5 MEDIUM |
| In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-20598 | 1 Amd | 107 Radeon Pro W5500, Radeon Pro W5700, Radeon Pro W6300 and 104 more | 2024-07-03 | N/A | 7.8 HIGH |
| An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution. | |||||
| CVE-2022-3080 | 2 Fedoraproject, Isc | 2 Fedora, Bind | 2024-07-03 | N/A | 7.5 HIGH |
| By sending specific queries to the resolver, an attacker can cause named to crash. | |||||
| CVE-2022-38164 | 1 F-secure | 1 Safe | 2024-07-03 | N/A | 6.5 MEDIUM |
| A vulnerability affecting F-Secure SAFE browser for Android and iOS was discovered. A maliciously crafted website could make a phishing attack with URL spoofing as the browser only display certain part of the entire URL. | |||||
| CVE-2022-32742 | 1 Samba | 1 Samba | 2024-07-03 | N/A | 4.3 MEDIUM |
| A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). | |||||
| CVE-2022-28657 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-07-03 | N/A | 7.8 HIGH |
| Apport does not disable python crash handler before entering chroot | |||||
| CVE-2022-27948 | 1 Tesla | 6 Model 3, Model 3 Firmware, Model S and 3 more | 2024-07-03 | 3.3 LOW | 4.3 MEDIUM |
| Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of approximately one hundred symbols. NOTE: the vendor's perspective is that the behavior is as intended | |||||
| CVE-2021-35559 | 4 Debian, Fedoraproject, Netapp and 1 more | 14 Debian Linux, Fedora, Active Iq Unified Manager and 11 more | 2024-07-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2021-31970 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-07-03 | 2.1 LOW | 5.5 MEDIUM |
| Windows TCP/IP Driver Security Feature Bypass Vulnerability | |||||
| CVE-2021-30496 | 1 Telegram | 1 Telegram | 2024-07-03 | 3.5 LOW | 5.7 MEDIUM |
| The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. The crash occurs in MtProtoKitFramework. NOTE: the vendor's perspective is that "this behavior can't be considered a vulnerability." | |||||
| CVE-2020-35587 | 1 Mersive | 2 Solstice, Solstice Firmware | 2024-07-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Solstice Pod before 3.0.3, the firmware can easily be decompiled/disassembled. The decompiled/disassembled files contain non-obfuscated code. NOTE: it is unclear whether lack of obfuscation is directly associated with a negative impact, or instead only facilitates an attack technique | |||||
| CVE-2020-1493 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2024-07-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting. The security update addresses the vulnerability by correcting how Outlook handles file attachment links. | |||||
| CVE-2019-1205 | 1 Microsoft | 4 Office, Office 365 Proplus, Office Online Server and 1 more | 2024-07-03 | 9.3 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could then take actions on behalf of the logged-on user with the same permissions as the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. Two possible email attack scenarios exist for this vulnerability: With the first email attack scenario, an attacker could send a specially crafted email message to the user and wait for the user to click on the message. When the message renders via Microsoft Word in the Outlook Preview Pane, an attack could be triggered. With the second scenario, an attacker could attach a specially crafted file to an email, send it to a user, and convince them to open it. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or other message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Word handles files in memory. For users who view their emails in Outlook, the Preview Pane attack vector can be mitigated by disabling this feature. The following registry keys can be set to disable the Preview Pane in Outlook on Windows, either via manual editing of the registry or by modifying Group Policy. Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Outlook 2010: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Options DWORD: DisableReadingPane Value: 1 Outlook 2013: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Options DWORD: DisableReadingPane Value: 1 Outlook 2016, Outlook 2019, and Office 365 ProPlus: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Options DWORD: DisableReadingPane Value: 1 | |||||
| CVE-2019-1185 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-07-03 | 4.6 MEDIUM | 7.3 HIGH |
| An elevation of privilege vulnerability exists due to a stack corruption in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory. | |||||
| CVE-2019-1177 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-07-03 | 4.6 MEDIUM | 7.0 HIGH |
| An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the rpcss.dll properly handles objects in memory. | |||||