Skip to main content
CVE-2023-36596 HIGH PATCH This Week

Remote Procedure Call Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Windows 10 1507 Windows 10 1809 Windows 10 21H1 Windows 10 22h2 +6
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2023-36585 HIGH PATCH This Week

Windows upnphost.dll Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1809 Windows 10 21H1 +8
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2023-36581 HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Microsoft Windows 10 Windows 10 1607 +10
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2023-36579 HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2023-36567 HIGH PATCH This Week

Windows Deployment Services Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1809 Windows 10 21H1 +8
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2023-36438 HIGH PATCH This Week

Windows TCP/IP Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-36435 HIGH PATCH This Week

Microsoft QUIC Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Net Windows 11 21H2 Windows 11 22h2 +1
NVD
CVSS 3.1
7.5
EPSS
5.5%
CVE-2023-36431 HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2023-29348 HIGH PATCH This Week

Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2023-40718 HIGH This Week

A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortios Ips Engine
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-37935 HIGH This Week

A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-5499 HIGH This Week

Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Reachfar Gps Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-41085 HIGH This Week

When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +15
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-40542 HIGH This Week

When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +15
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-40534 HIGH This Week

When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +16
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-42189 HIGH This Week

Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mini Smart Wi Fi Plug Firmware Lightstrip Firmware Led Strip Firmware Hub2 Firmware +5
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-40310 HIGH This Week

SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Powerdesigner
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-45226 HIGH This Week

The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Big Ip Next Service Proxy For Kubernetes
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2023-36593 HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft Windows 10 Windows 10 1607 +10
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-36592 HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Windows 10 Windows 10 1607 +10
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-36591 HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Windows 10 Windows 10 1607 +10
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2023-36590 HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-36589 HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Windows 10 Windows 10 1607 +10
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-36583 HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows 10 +11
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-36582 HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft Windows 10 Windows 10 1607 +10
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-36578 HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-36575 HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-36574 HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-36573 HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-36572 HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-36571 HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-36570 HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-36561 HIGH PATCH This Week

Azure DevOps Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Azure Devops Server
NVD
CVSS 3.1
7.3
EPSS
0.8%
CVE-2023-36789 HIGH PATCH This Week

Skype for Business Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Skype For Business Server
NVD
CVSS 3.1
7.2
EPSS
2.4%
CVE-2023-36786 HIGH PATCH This Week

Skype for Business Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Skype For Business Server
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2023-36780 HIGH PATCH This Week

Skype for Business Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Skype For Business Server
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2023-42768 HIGH This Week

When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +15
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-41838 HIGH This Week

An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortianalyzer Fortimanager
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-36565 HIGH PATCH This Week

Microsoft Office Graphics Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Microsoft Information Disclosure Office +1
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2023-38159 HIGH PATCH This Week

Windows Graphics Component Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +7
NVD
CVSS 3.1
7.0
EPSS
5.6%
CVE-2023-36902 HIGH PATCH This Week

Windows Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows 10 1607 +8
NVD
CVSS 3.1
7.0
EPSS
0.6%
CVE-2023-36776 HIGH PATCH This Week

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
7.0
EPSS
2.4%
CVE-2023-36721 HIGH PATCH This Week

Windows Error Reporting Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +4
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2023-36568 HIGH PATCH This Week

Microsoft Office Click-To-Run Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Information Disclosure Microsoft 365 Apps Office Office Long Term Servicing Channel
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2023-37194 MEDIUM This Month

A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Authentication Bypass Simatic Cp 1604 Firmware Simatic Cp 1616 Firmware Simatic Cp 1623 Firmware +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-36717 MEDIUM PATCH This Month

Windows Virtual Trusted Platform Module Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +7
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-36706 MEDIUM PATCH This Month

Windows Deployment Services Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2023-36566 MEDIUM PATCH This Month

Microsoft Common Data Model SDK Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Microsoft Common Data Model Sdk
NVD
CVSS 3.1
6.5
EPSS
2.8%
CVE-2023-36564 MEDIUM PATCH This Month

Windows Search Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +8
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-36433 MEDIUM PATCH This Month

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Dynamics 365
NVD
CVSS 3.1
6.5
EPSS
1.9%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy