Skip to main content
CVE-2023-29371 HIGH PATCH This Week

Windows GDI Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
7.8
EPSS
5.8%
CVE-2023-29370 HIGH PATCH This Week

Windows Media Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +9
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-29367 HIGH PATCH This Week

iSCSI Target WMI Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

RCE Windows Server 2012 Windows Server 2016 Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-29366 HIGH PATCH This Week

Windows Geolocation Service Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 21h2 Windows 10 22h2 Windows 11 21H2 +2
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-29365 HIGH PATCH This Week

Windows Media Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows 10 1507 +11
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-29359 HIGH PATCH This Week

GDI Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +8
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-29358 HIGH PATCH This Week

Windows GDI Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Microsoft Windows 10 1507 +11
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2023-29346 HIGH PATCH This Week

NTFS Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +8
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-32022 HIGH PATCH This Week

Windows Server Service Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
7.6
EPSS
0.8%
CVE-2023-32030 HIGH PATCH This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Net Framework
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2023-29331 HIGH PATCH This Week

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Framework Net
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2023-24936 HIGH PATCH This Week

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Net Framework Net
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-3040 HIGH PATCH This Week

A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14) contained an out of bounds access bug that could have allowed an attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Lua Resty Json
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-3036 HIGH PATCH This Week

An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Cfnts
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2023-34396 HIGH PATCH This Week

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.5.30, through 6.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Struts
NVD
CVSS 3.1
7.5
EPSS
5.5%
CVE-2023-33933 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.0.0 through 9.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-30631 HIGH This Week

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2023-32011 HIGH PATCH This Week

Windows iSCSI Discovery Service Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Windows 10 1507 +11
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2023-33135 HIGH PATCH This Week

.NET and Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Net Visual Studio 2022
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-33130 HIGH PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Server
NVD
CVSS 3.1
7.3
EPSS
1.2%
CVE-2023-33128 HIGH PATCH This Week

.NET and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Net Visual Studio 2022
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-33126 HIGH PATCH This Week

.NET and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

RCE Net Visual Studio 2022
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-2976 HIGH PATCH This Week

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Google Path Traversal Microsoft Java Information Disclosure +1
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-29337 HIGH PATCH This Week

NuGet Client Remote Code Execution Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

RCE Nuget
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2023-32021 HIGH PATCH This Week

Windows SMB Witness Service Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
7.1
EPSS
1.2%
CVE-2023-21565 HIGH PATCH This Week

Azure DevOps Server Spoofing Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Azure Devops Server
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2023-32010 HIGH PATCH This Week

Windows Bus Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Information Disclosure Microsoft Windows 11 22h2
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2023-29368 HIGH PATCH This Week

Windows Filtering Platform Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2023-29364 HIGH PATCH This Week

Windows Authentication Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2023-29361 HIGH PATCH This Week

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Microsoft Windows 10 21h2 +4
NVD
CVSS 3.1
7.0
EPSS
3.9%
CVE-2023-2820 MEDIUM This Month

An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Threat Response Auto Pull
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2023-33144 MEDIUM PATCH This Month

Visual Studio Code Spoofing Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Information Disclosure Visual Studio Code
NVD
CVSS 3.1
6.6
EPSS
1.3%
CVE-2023-35149 MEDIUM This Month

A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Digital Ai App Management Publisher
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-35148 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Digital Ai App Management Publisher
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-35147 MEDIUM This Month

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jenkins Aws Codecommit Trigger
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-34149 MEDIUM PATCH This Month

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.5.30, through 6.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Denial Of Service Struts
NVD
CVSS 3.1
6.5
EPSS
5.4%
CVE-2023-24937 MEDIUM PATCH This Month

Windows CryptoAPI Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +4
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2023-33142 MEDIUM PATCH This Month

Microsoft SharePoint Server Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-33129 MEDIUM PATCH This Month

Microsoft SharePoint Server Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Microsoft Denial Of Service Heap Overflow Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2023-32032 MEDIUM PATCH This Month

.NET and Visual Studio Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5).

Information Disclosure Net Visual Studio 2022
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-29369 MEDIUM PATCH This Month

Remote Procedure Call Runtime Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2023-29352 MEDIUM This Month

Windows Remote Desktop Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Remote Desktop Client Windows 10 1809 Windows 10 21h2 +5
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-24938 MEDIUM PATCH This Month

Windows CryptoAPI Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Microsoft Windows 10 1809 Windows 10 21h2 +5
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2023-33132 MEDIUM PATCH This Month

Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Server
NVD
CVSS 3.1
6.3
EPSS
0.9%
CVE-2023-32020 MEDIUM PATCH This Month

Windows DNS Spoofing Vulnerability. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
5.6
EPSS
0.7%
CVE-2023-0837 MEDIUM This Month

An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Apple Authentication Bypass Remote
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-33139 MEDIUM PATCH This Month

Visual Studio Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Visual Studio Visual Studio 2017 Visual Studio 2019 +1
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-32016 MEDIUM PATCH This Month

Windows Installer Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2023-29353 MEDIUM PATCH This Month

Sysinternals Process Monitor for Windows Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Microsoft Sysinternals Sysinternals Process Monitor
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-21569 MEDIUM PATCH This Month

Azure DevOps Server Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Azure Devops Server
NVD
CVSS 3.1
5.5
EPSS
0.7%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy