Skip to main content
CVE-2023-28232 HIGH PATCH This Week

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Race Condition RCE Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-28227 HIGH PATCH This Week

Windows Bluetooth Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +12
NVD
CVSS 3.1
7.5
EPSS
6.6%
CVE-2023-28217 HIGH PATCH This Week

Windows Network Address Translation (NAT) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2023-24931 HIGH PATCH This Week

Windows Secure Channel Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2023-24860 HIGH PATCH This Week

Microsoft Defender Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Malware Protection Engine
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2023-21769 HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Windows 10 1607 +11
NVD
CVSS 3.1
7.5
EPSS
91.5%
CVE-2023-28766 HIGH This Week

A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >=. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Siprotec 5 6Md85 Firmware Siprotec 5 6Md86 Firmware Siprotec 5 6Md89 Firmware +36
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-26588 HIGH PATCH This Week

Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Bs Gsl2024 Firmware Bs Gsl2016P Firmware Bs Gsl2016 Firmware Bs Gs2008 Firmware +12
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-29054 HIGH This Week

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Siemens Scalance X200 4P Irt Firmware Scalance X201 3P Irt Firmware Scalance X201 3P Irt Pro Firmware +10
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2023-23384 HIGH PATCH This Week

Microsoft SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Sql Server
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2023-26293 HIGH PATCH This Week

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions < V16 Update 7),. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity.

RCE Path Traversal Tia Portal
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-25950 HIGH This Week

HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling Haproxy
NVD
CVSS 3.1
7.3
EPSS
2.9%
CVE-2023-22282 HIGH This Week

WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Wab Mat
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-28254 HIGH PATCH This Week

Windows DNS Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows Server 2008 +4
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2023-27389 HIGH This Week

Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cps Mg341 Adsc1 111 Firmware Cps Mg341 Adsc1 931 Firmware Cps Mg341G Adsc1 111 Firmware Cps Mg341G Adsc1 930 Firmware +15
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-28224 HIGH PATCH This Week

Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-28222 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2023-28273 HIGH PATCH This Week

Windows Clip Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 20H2 +6
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-28221 HIGH PATCH This Week

Windows Error Reporting Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +8
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2023-28218 HIGH PATCH This Week

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Buffer Overflow Microsoft Heap Overflow Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
7.0
EPSS
12.3%
CVE-2023-28216 HIGH PATCH This Week

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2023-24914 HIGH PATCH This Week

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Windows 11 22h2
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2023-1989 HIGH PATCH This Week

A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Linux Memory Corruption Linux Kernel +6
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2023-28270 MEDIUM PATCH This Month

Windows Lock Screen Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Microsoft Authentication Bypass Windows 10 1809 Windows 10 20H2 Windows 10 21h2 +5
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-28269 MEDIUM PATCH This Month

Windows Boot Manager Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Microsoft Heap Overflow Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2023-28249 MEDIUM PATCH This Month

Windows Boot Manager Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2023-28235 MEDIUM PATCH This Month

Windows Lock Screen Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 1809 Windows 10 20H2 Windows 10 21h2 +2
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-29187 MEDIUM This Month

A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup (Software Installation Program) - version 9.0, resulting in a privilege escalation running code as. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Microsoft Sapsetup
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-28308 MEDIUM PATCH This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows Server 2008 +4
NVD
CVSS 3.1
6.6
EPSS
0.9%
CVE-2023-28307 MEDIUM PATCH This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows Server 2008 +4
NVD
CVSS 3.1
6.6
EPSS
0.9%
CVE-2023-28306 MEDIUM PATCH This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows Server 2008 +4
NVD
CVSS 3.1
6.6
EPSS
0.9%
CVE-2023-28305 MEDIUM PATCH This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows Server 2008 +4
NVD
CVSS 3.1
6.6
EPSS
0.9%
CVE-2023-28278 MEDIUM PATCH This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

RCE Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.6
EPSS
0.9%
CVE-2023-28256 MEDIUM PATCH This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

RCE Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.6
EPSS
0.8%
CVE-2023-28255 MEDIUM PATCH This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

RCE Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.6
EPSS
0.8%
CVE-2023-28223 MEDIUM PATCH This Month

Windows Domain Name Service Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows Server 2008 +3
NVD
CVSS 3.1
6.6
EPSS
1.1%
CVE-2023-28312 MEDIUM PATCH This Month

Azure Machine Learning Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Authentication Bypass Azure Machine Learning
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2023-28267 MEDIUM PATCH This Month

Remote Desktop Protocol Client Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Remote Desktop Client Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2023-24883 MEDIUM PATCH This Month

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-1980 MEDIUM This Month

Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Remote Desktop Manager
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-27520 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Lp 9200Ps2 Firmware Lp 9200Ps3 Firmware Lp 8200C Firmware Lp 9600 Firmware +116
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-29186 MEDIUM This Month

In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Path Traversal Netweaver
NVD
CVSS 3.1
6.5
EPSS
23.0%
CVE-2023-29185 MEDIUM This Month

SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Denial Of Service Netweaver As Abap Business Server Pages
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-28763 MEDIUM This Month

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Denial Of Service Netweaver Application Server Abap
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-28761 MEDIUM This Month

In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Enterprise Portal
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-28340 MEDIUM PATCH This Month

Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Zoho Manageengine Applications Manager
NVD
CVSS 3.1
6.5
EPSS
3.2%
CVE-2023-26555 MEDIUM This Month

praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Ntp
NVD GitHub
CVSS 3.1
6.4
EPSS
0.5%
CVE-2023-23588 MEDIUM This Month

A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC. Rated medium severity (CVSS 6.3). No vendor patch available.

Information Disclosure Microsoft Simatic Ipc647D Firmware Simatic Ipc847D Firmware Simatic Ipc1047 Firmware +1
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-27897 MEDIUM This Month

In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP RCE Code Injection Customer Relationship Management
NVD
CVSS 3.1
6.3
EPSS
0.7%
CVE-2023-28314 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
6.1
EPSS
0.7%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy