VYPR

CVEs

1,630 total · page 10 of 33

  • CVE-2023-6345KEVNov 29, 2023
    risk 0.12cvss epss 0.20

    Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

  • CVE-2023-49103KEVNov 21, 2023
    risk 0.23cvss epss 0.78

    An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo).…

  • CVE-2023-48365KEVNov 15, 2023
    risk 0.22cvss epss 0.25

    Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP…

  • CVE-2023-36424HigKEVNov 14, 2023
    risk 0.63cvss 7.8epss 0.12

    Windows Common Log File System Driver Elevation of Privilege Vulnerability

  • CVE-2023-36025KEVNov 14, 2023
    risk 0.19cvss epss 0.88

    Windows SmartScreen Security Feature Bypass Vulnerability

  • CVE-2023-36033KEVNov 14, 2023
    risk 0.12cvss epss 0.12

    Windows DWM Core Library Elevation of Privilege Vulnerability

  • CVE-2023-36036KEVNov 14, 2023
    risk 0.12cvss epss 0.17

    Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

  • CVE-2023-47246KEVNov 10, 2023
    risk 0.26cvss epss 0.99

    In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.

  • CVE-2023-22518KEVOct 31, 2023
    risk 0.29cvss epss 1.00

    All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an…

  • CVE-2023-46604KEVOct 27, 2023
    risk 0.22cvss epss 1.00

    The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the…

  • CVE-2023-46748KEVOct 26, 2023
    risk 0.12cvss epss 0.04

    An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. …

  • CVE-2023-46747KEVOct 26, 2023
    risk 0.29cvss epss 0.97

    Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of…

  • CVE-2023-43208KEVOct 26, 2023
    risk 0.29cvss epss 0.83

    NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.

  • CVE-2023-34048KEVOct 25, 2023
    risk 0.19cvss epss 0.99

    vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.

  • CVE-2023-20273KEVOct 24, 2023
    risk 0.22cvss epss 0.90

    A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending…

  • CVE-2023-5631KEVOct 18, 2023
    risk 0.18cvss epss 0.73

    Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.

  • CVE-2023-45727KEVOct 18, 2023
    risk 0.14cvss epss 0.04

    Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted…

  • CVE-2023-20198KEVOct 16, 2023
    risk 0.23cvss epss 1.00

    Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two…

  • CVE-2023-36563KEVOct 10, 2023
    risk 0.12cvss epss 0.21

    Microsoft WordPad Information Disclosure Vulnerability

  • CVE-2023-36584KEVOct 10, 2023
    risk 0.13cvss epss 0.03

    Windows Mark of the Web Security Feature Bypass Vulnerability

  • CVE-2023-41763KEVOct 10, 2023
    risk 0.13cvss epss 0.90

    Skype for Business Elevation of Privilege Vulnerability

  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2023-4966KEVOct 10, 2023
    risk 0.29cvss epss 1.00

    Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

  • CVE-2023-42824KEVOct 4, 2023
    risk 0.12cvss epss 0.01

    The issue was addressed with improved checks. This issue is fixed in iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.

  • CVE-2023-22515KEVOct 4, 2023
    risk 0.29cvss epss 0.99

    Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts…

  • CVE-2023-4911HigKEVOct 3, 2023
    risk 0.71cvss 7.8epss 0.81

    A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID…

  • CVE-2023-4211KEVOct 1, 2023
    risk 0.12cvss epss 0.01

    A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.

  • CVE-2023-5217KEVSep 28, 2023
    risk 0.08cvss epss 0.34

    Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-20109KEVSep 27, 2023
    risk 0.12cvss epss 0.02

    A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an…

  • CVE-2023-40044KEVSep 27, 2023
    risk 0.29cvss epss 0.90

    In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.

  • CVE-2023-36851KEVSep 26, 2023
    risk 0.13cvss epss 0.01

    A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't…

  • CVE-2023-43770KEVSep 22, 2023
    risk 0.17cvss epss 0.58

    Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.

  • CVE-2023-41993KEVSep 21, 2023
    risk 0.14cvss epss 0.29

    The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

  • CVE-2023-41992KEVSep 21, 2023
    risk 0.12cvss epss 0.03

    The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against…

  • CVE-2023-41991KEVSep 21, 2023
    risk 0.12cvss epss 0.05

    A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS…

  • CVE-2023-42793KEVSep 19, 2023
    risk 0.28cvss epss 1.00

    In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

  • CVE-2023-41179KEVSep 19, 2023
    risk 0.12cvss epss 0.05

    A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected…

  • CVE-2023-38205KEVSep 14, 2023
    risk 0.20cvss epss 1.00

    Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM…

  • CVE-2023-26369KEVSep 13, 2023
    risk 0.12cvss epss 0.07

    Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue…

  • CVE-2023-36761KEVSep 12, 2023
    risk 0.12cvss epss 0.19

    Microsoft Word Information Disclosure Vulnerability

  • CVE-2023-36802KEVSep 12, 2023
    risk 0.18cvss epss 0.26

    Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

  • CVE-2023-4863KEVSep 12, 2023
    risk 0.13cvss epss 1.00

    Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2023-41990KEVSep 11, 2023
    risk 0.12cvss epss 0.01

    The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code…

  • CVE-2023-35674KEVSep 11, 2023
    risk 0.12cvss epss 0.02

    In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-39780KEVSep 11, 2023
    risk 0.16cvss epss 0.32

    On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the similar "token-refresh module" issue, see…

  • CVE-2023-41064KEVSep 7, 2023
    risk 0.19cvss epss 0.15

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to…

  • CVE-2023-41061KEVSep 7, 2023
    risk 0.12cvss epss 0.03

    A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

  • CVE-2023-20269KEVSep 6, 2023
    risk 0.18cvss epss 0.22

    A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and…

  • CVE-2023-4762KEVSep 5, 2023
    risk 0.16cvss epss 0.38

    Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-41265KEVAug 29, 2023
    risk 0.25cvss epss 0.85

    An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their…