Total
7347 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47043 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2023-11-22 | N/A | 7.8 HIGH |
| Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-26368 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2023-11-22 | N/A | 7.8 HIGH |
| Adobe InCopy versions 18.5 (and earlier) and 17.4.2 (and earlier) are affected by are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-35080 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2023-11-22 | N/A | 7.8 HIGH |
| A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure. | |||||
| CVE-2023-41718 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2023-11-22 | N/A | 7.8 HIGH |
| When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. | |||||
| CVE-2023-6006 | 2 Microsoft, Papercut | 3 Windows, Papercut Mf, Papercut Ng | 2023-11-21 | N/A | 6.7 MEDIUM |
| This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must be able to write into the local C Drive. In addition, the attacker must have admin privileges to enable Print Archiving or encounter a misconfigured system. This vulnerability does not apply to PaperCut NG installs that have Print Archiving enabled and configured as per the recommended set up procedure. This specific flaw exists within the pc-pdl-to-image process. The process loads an executable from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM | |||||
| CVE-2023-28723 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 5.5 MEDIUM |
| Exposure of sensitive information to an unauthorized actor in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2023-28737 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 7.8 HIGH |
| Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36374 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 6.7 MEDIUM |
| Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmi Windows 5.27.03.0003 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36396 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 6.7 MEDIUM |
| Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmiEdit-Linux-5.27.06.0017 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-22305 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 5.5 MEDIUM |
| Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-22310 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 4.7 MEDIUM |
| Race condition in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-25949 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 5.5 MEDIUM |
| Uncontrolled resource consumption in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-26589 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 5.5 MEDIUM |
| Use after free in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allowed an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-28397 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 7.8 HIGH |
| Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated to potentially enable escalation of privileges via local access. | |||||
| CVE-2023-44331 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2023-11-20 | N/A | 5.5 MEDIUM |
| Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-44332 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2023-11-20 | N/A | 5.5 MEDIUM |
| Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-44333 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2023-11-20 | N/A | 5.5 MEDIUM |
| Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-40752 | 3 Ibm, Linux, Microsoft | 5 Aix, Infosphere Information Server, Infosphere Information Server On Cloud and 2 more | 2023-11-18 | N/A | 9.8 CRITICAL |
| IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID: 236687. | |||||
| CVE-2022-28148 | 2 Jenkins, Microsoft | 2 Continuous Integration With Toad Edge, Windows | 2023-11-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers. | |||||
| CVE-2023-45284 | 2 Golang, Microsoft | 2 Go, Windows | 2023-11-17 | N/A | 5.3 MEDIUM |
| On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local. | |||||