Skip to main content
CVE-2023-21700 HIGH PATCH This Week

Windows iSCSI Discovery Service Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Microsoft Windows 10 Windows 10 1607 +11
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-21691 HIGH PATCH This Week

Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-25567 HIGH PATCH This Week

GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Gss Ntlmssp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-25566 HIGH PATCH This Week

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Gss Ntlmssp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-25565 HIGH PATCH This Week

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Gss Ntlmssp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-25563 HIGH PATCH This Week

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Gss Ntlmssp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-22941 HIGH This Week

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk Denial Of Service Splunk Cloud Platform
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-25576 HIGH PATCH This Week

@fastify/multipart is a Fastify plugin to parse the multipart content-type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Fastify Multipart
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-25141 HIGH PATCH This Week

Apache Sling JCR Base < 3.1.12 has a critical injection vulnerability when running on old JDK versions (JDK 1.8.191 or earlier) through utility functions in RepositoryAccessor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Code Injection Sling Jcr Base
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-23835 HIGH This Week

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.34), Mendix Applications using Mendix 8 (All versions < V8.18.23), Mendix Applications using Mendix 9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mendix
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-21820 HIGH PATCH This Week

Windows Distributed File System (DFS) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity.

Buffer Overflow RCE Microsoft Windows 10 Windows 10 1607 +11
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2023-22743 HIGH PATCH This Week

Git for Windows is the Windows port of the revision control system Git. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Microsoft Git For Windows
NVD GitHub
CVSS 3.1
7.3
EPSS
0.4%
CVE-2023-21715 HIGH KEV PATCH THREAT This Week

Microsoft Publisher Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Microsoft Authentication Bypass 365 Apps
NVD
CVSS 3.1
7.3
EPSS
12.1%
CVE-2023-21568 HIGH PATCH This Week

Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Sql Server 2019 Integration Services Sql Server 2022 Integration Services
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2023-21710 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
7.2
EPSS
7.9%
CVE-2023-21703 HIGH PATCH This Week

Azure Data Box Gateway Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Azure Data Box Gateway Azure Stack Edge
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-21564 HIGH PATCH This Week

Azure DevOps Server Cross-Site Scripting Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Azure Devops Server
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2023-0020 HIGH This Week

SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
7.1
EPSS
0.5%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy