Export limit exceeded: 348022 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 20208 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25200 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25200 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-22449 | 1 Intel | 311 Bios, Nuc 11 Compute Element Cm11ebc4w, Nuc 11 Compute Element Cm11ebc4w Firmware and 308 more | 2024-11-21 | 7.5 High |
| Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-22439 | 1 Gallagher | 4 Command Centre, Controller 6000, Controller 6000 Firmware and 1 more | 2024-11-21 | 3.1 Low |
| Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior. | ||||
| CVE-2023-22359 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 4.3 Medium |
| User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames. | ||||
| CVE-2023-22337 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | 7.5 High |
| Improper input validation for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access. | ||||
| CVE-2023-22272 | 2 Adobe, Microsoft | 2 Robohelp Server, Windows | 2024-11-21 | 7.5 High |
| Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction. | ||||
| CVE-2023-22239 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-11-21 | 7.8 High |
| After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-22086 | 1 Oracle | 1 Weblogic Server | 2024-11-21 | 7.5 High |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
| CVE-2023-22019 | 1 Oracle | 1 Http Server | 2024-11-21 | 7.5 High |
| Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
| CVE-2023-21657 | 1 Qualcomm | 252 Csra6620, Csra6620 Firmware, Csra6640 and 249 more | 2024-11-21 | 7.8 High |
| Memoru corruption in Audio when ADSP sends input during record use case. | ||||
| CVE-2023-21656 | 1 Qualcomm | 256 Ar8035, Ar8035 Firmware, Csra6620 and 253 more | 2024-11-21 | 7.8 High |
| Memory corruption in WLAN HOST while receiving an WMI event from firmware. | ||||
| CVE-2023-21647 | 1 Qualcomm | 86 Qca6390, Qca6390 Firmware, Qca6391 and 83 more | 2024-11-21 | 6.5 Medium |
| Information disclosure in Bluetooth when an GATT packet is received due to improper input validation. | ||||
| CVE-2023-21627 | 1 Qualcomm | 96 Aqt1000, Aqt1000 Firmware, Qca6390 and 93 more | 2024-11-21 | 6.7 Medium |
| Memory corruption in Trusted Execution Environment while calling service API with invalid address. | ||||
| CVE-2023-21624 | 1 Qualcomm | 134 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6800 and 131 more | 2024-11-21 | 6.2 Medium |
| Information disclosure in DSP Services while loading dynamic module. | ||||
| CVE-2023-21621 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2024-11-21 | 7.8 High |
| FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-21574 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-11-21 | 7.8 High |
| Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-21391 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| In Messaging, there is a possible way to disable the messaging application due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21354 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21350 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In Media Projection, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21349 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21348 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| In Window Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||