Skip to main content
CVE-2023-39206 HIGH This Week

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Meetings Rooms Video Software Development Kit +2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-39204 HIGH This Week

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Meetings Rooms Video Software Development Kit +2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-39203 HIGH This Week

Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to conduct a disclosure of information via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-36038 HIGH PATCH This Week

ASP.NET Core Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Visual Studio 2022 Asp Net Core
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2023-39228 HIGH This Week

Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Intel Authentication Bypass Unison Software
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-32279 HIGH This Week

Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intel Authentication Bypass Connectivity Performance Suite
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-31320 HIGH This Week

Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Amd Denial Of Service Radeon Software Radeon Rx Vega 56 Firmware Radeon Rx Vega 64 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-31203 HIGH This Week

Improper input validation in some OpenVINO Model Server software before version 2022.3 for Intel Distribution of OpenVINO toolkit may allow an unauthenticated user to potentially enable denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Intel Openvino Model Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22337 HIGH This Week

Improper input validation for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Intel Unison Software
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-22285 HIGH This Week

Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Intel Authentication Bypass Unison Software
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-20566 HIGH This Week

Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Epyc 7763 Firmware Epyc 7713P Firmware Epyc 7713 Firmware Epyc 7663P Firmware +61
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-20533 HIGH This Week

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Epyc 7232P Firmware Epyc 7252 Firmware Epyc 7262 Firmware Epyc 7272 Firmware +81
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-42783 HIGH This Week

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortiwlm
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-36395 HIGH PATCH This Week

Windows Deployment Services Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Microsoft Windows Server 2008 Windows Server 2012 +3
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2023-36392 HIGH PATCH This Week

DHCP Server Service Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2023-45684 HIGH This Week

Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cfengine
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-46601 HIGH This Week

A vulnerability has been identified in COMOS (All versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Comos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-46590 HIGH PATCH This Week

A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2.8). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Siemens Siemens Opc Ua Modeling Editor
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-43503 HIGH This Week

A vulnerability has been identified in COMOS (All versions < V10.4.4). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Comos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-33874 HIGH PATCH This Week

Uncontrolled search path in some Intel(R) NUC 12 Pro Kits & Mini PCs - NUC12WS Intel(R) HID Event Filter Driver installation software before version 2.2.2.1 for Windows may allow an authenticated. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Intel Microsoft Hid Event Filter Driver
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-32660 HIGH PATCH This Week

Uncontrolled search path in some Intel(R) NUC Kit NUC6i7KYK Thunderbolt(TM) 3 Firmware Update Tool installation software before version 46 may allow an authenticated user to potentially enable. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Intel Thunderbolt 3 Controller Firmware
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-32658 HIGH PATCH This Week

Unquoted search path in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Intel Hdmi Firmware
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-32655 HIGH PATCH This Week

Path transversal in some Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installatio software before version 1.0.10.3 for Windows may allow an authenticated. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Intel Microsoft Usb Type C Power Delivery Controller
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-32278 HIGH PATCH This Week

Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software before version 1.0.1.7 for Intel(R). Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Intel Nuc Uniwill Service Driver
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-29165 HIGH This Week

Unquoted search path or element in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Iris Xe Graphics Arc A Graphics
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-45582 HIGH This Week

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortimail
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2023-45626 HIGH This Week

An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Arubaos Instantos
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-45625 HIGH This Week

Multiple authenticated command injection vulnerabilities exist in the command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Instantos
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2023-22448 HIGH This Week

Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Intel Authentication Bypass Unison Software
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-36401 HIGH PATCH This Week

Microsoft Remote Registry Service Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2023-47517 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brewlabs SendPress Newsletters sendpress allows DOM-Based XSS.23.11.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-47550 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy - Smart Donations allows Stored XSS.0.12. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Donations Made Easy Smart Donations
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-47630 HIGH PATCH This Week

Kyverno is a policy engine designed for Kubernetes. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Kubernetes Kyverno
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-32701 HIGH This Week

Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-36399 HIGH PATCH This Week

Windows Storage Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 11 21H2 Windows 11 22h2 Windows 11 23h2 +1
NVD
CVSS 3.1
7.1
EPSS
8.3%
CVE-2023-36046 HIGH PATCH This Week

Windows Authentication Denial of Service Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 11 21H2 Windows 11 22h2 Windows 11 23h2 +1
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2023-44374 HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Siemens 6Gk5205 3Bb00 2Ab2 Firmware 6Gk5205 3Bb00 2Tb2 Firmware 6Gk5205 3Bd00 2Tb2 Firmware +68
NVD
CVSS 4.0
7.1
EPSS
0.7%
CVE-2023-36427 HIGH PATCH This Week

Windows Hyper-V Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
7.0
EPSS
1.5%
CVE-2023-36405 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Race Condition Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2023-36403 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2023-36394 HIGH PATCH This Week

Windows Search Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +6
NVD
CVSS 3.1
7.0
EPSS
6.7%
CVE-2023-44319 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens 6Gk5205 3Bb00 2Ab2 Firmware 6Gk5205 3Bb00 2Tb2 Firmware 6Gk5205 3Bd00 2Tb2 Firmware +68
NVD
CVSS 4.0
6.9
EPSS
0.4%
CVE-2023-44318 MEDIUM This Month

Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 6Gk5205 3Bb00 2Ab2 Firmware 6Gk5205 3Bb00 2Tb2 Firmware 6Gk5205 3Bd00 2Tb2 Firmware 6Gk5205 3Bd00 2Ab2 Firmware +67
NVD
CVSS 4.0
6.9
EPSS
0.7%
CVE-2023-27383 MEDIUM PATCH This Month

Protection mechanism failure in some Intel(R) oneAPI HPC Toolkit 2023.1 and Intel(R)MPI Library software before version 2021.9 may allow a privileged user to potentially enable escalation of. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Advisor Inspector Mpi Library +2
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-38177 MEDIUM PATCH This Month

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
6.8
EPSS
3.4%
CVE-2023-46446 MEDIUM PATCH This Month

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack.". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Asyncssh
NVD GitHub
CVSS 3.1
6.8
EPSS
0.9%
CVE-2023-34431 MEDIUM PATCH This Month

Improper input validation in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Intel Server Board M70Klp2Sb Firmware Server System M70Klp4S2Uhh Firmware Server Board M20Ntp2Sb Firmware +30
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-32662 MEDIUM This Month

Improper authorization in some Intel Battery Life Diagnostic Tool installation software before version 2.2.1 may allow a privilaged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Authentication Bypass Battery Life Diagnostic Tool
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-29177 MEDIUM This Month

Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Fortiadc Fortiddos F
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-20568 MEDIUM This Month

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Jwt Attack Microsoft Radeon Rx Vega M Firmware Radeon Software +4
NVD
CVSS 3.1
6.7
EPSS
0.2%
Prev Page 4 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy