Skip to main content
CVE-2023-42886 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42882 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-40446 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42478 HIGH This Week

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Business Objects Business Intelligence Platform
NVD
CVSS 3.1
7.6
EPSS
0.6%
CVE-2023-5379 HIGH This Week

A flaw was found in Undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jboss Enterprise Application Platform Single Sign On Undertow
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-50247 HIGH PATCH This Week

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service H2O
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-36010 HIGH PATCH This Week

Microsoft Defender Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Malware Protection Platform
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2023-36004 HIGH PATCH This Week

Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-35643 HIGH PATCH This Week

DHCP Server Service Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2023-35638 HIGH PATCH This Week

DHCP Server Service Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2023-35622 HIGH PATCH This Week

Windows DNS Spoofing Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Windows Server 2008 Windows Server 2012 Windows Server 2016 +3
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-35621 HIGH PATCH This Week

Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Dynamics 365
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2023-28465 HIGH PATCH This Week

The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Hl7 Fhir Core
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-46285 HIGH PATCH This Week

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions <. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opcenter Quality Simatic Pcs Neo Sinumerik Integrate Runmyhmi Automotive Totally Integrated Automation Portal
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-46284 HIGH PATCH This Week

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions <. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Opcenter Quality Simatic Pcs Neo Sinumerik Integrate Runmyhmi Automotive Totally Integrated Automation Portal
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-46283 HIGH PATCH This Week

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions <. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Opcenter Quality Simatic Pcs Neo Sinumerik Integrate Runmyhmi Automotive Totally Integrated Automation Portal
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-46156 HIGH This Week

Affected devices improperly handle specially crafted packets sent to port 102/tcp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Simatic Drive Controller Cpu 1504D Tf Firmware Simatic Drive Controller Cpu 1507D Tf Firmware +71
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-49713 HIGH This Week

Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gc A22W Cw Firmware Gc A24W C W Firmware Gc A26W C W Firmware Gc A24 Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-49143 HIGH This Week

Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gc A22W Cw Firmware Gc A24W C W Firmware Gc A26W C W Firmware Gc A24 Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-49140 HIGH This Week

Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gc A22W Cw Firmware Gc A24W C W Firmware Gc A26W C W Firmware Gc A24 Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-41963 HIGH This Week

Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gc A22W Cw Firmware Gc A24W C W Firmware Gc A26W C W Firmware Gc A24 Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-49607 HIGH This Week

Mattermost fails to validate the type of the "reminder" body request parameter allowing an attacker to crash the Playbook Plugin when updating the status dialog. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-45847 HIGH This Week

Mattermost fails to to check the length when setting the title in a run checklist in Playbooks, allowing an attacker to send a specially crafted request and crash the Playbooks plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-36019 HIGH PATCH This Week

Microsoft Power Platform Connector Spoofing Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Azure Logic Apps Power Platform
NVD
CVSS 3.1
7.4
EPSS
16.2%
CVE-2023-36003 HIGH PATCH This Week

XAML Diagnostics Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +7
NVD
CVSS 3.1
7.3
EPSS
2.8%
CVE-2023-35624 HIGH PATCH This Week

Azure Connected Machine Agent Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Microsoft Azure Connected Machine Agent
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2023-49580 HIGH This Week

SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Information Disclosure Microsoft Graphical User Interface
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2023-48428 HIGH PATCH This Week

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Sinec Ins
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-6542 HIGH This Week

Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Emarsys Sdk
NVD
CVSS 3.1
7.1
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy