Total
1003 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35305 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-35304 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-35302 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | |||||
| CVE-2023-34299 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-17910. | |||||
| CVE-2023-34289 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Ashlar-Vellum Cobalt Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-17985. | |||||
| CVE-2023-33152 | 1 Microsoft | 2 365 Apps, Office | 2024-11-21 | N/A | 7.0 HIGH |
| Microsoft ActiveX Remote Code Execution Vulnerability | |||||
| CVE-2023-33146 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2023-33133 | 1 Microsoft | 4 365 Apps, Excel, Office Long Term Servicing Channel and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2023-32461 | 1 Dell | 104 Emc Xc Core Xc450, Emc Xc Core Xc450 Firmware, Emc Xc Core Xc650 and 101 more | 2024-11-21 | N/A | 5.0 MEDIUM |
| Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges. | |||||
| CVE-2023-32157 | 2024-11-21 | N/A | 4.6 MEDIUM | ||
| Tesla Model 3 bsa_server BIP Heap-based Buffer Overflow Arbitrary Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the bsa_server process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of an unprivileged user in a sandboxed process. . Was ZDI-CAN-20737. | |||||
| CVE-2023-32138 | 2024-11-21 | N/A | 7.5 HIGH | ||
| D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18416. | |||||
| CVE-2023-32083 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2024-11-21 | N/A | 6.5 MEDIUM |
| Microsoft Failover Cluster Information Disclosure Vulnerability | |||||
| CVE-2023-32047 | 1 Microsoft | 1 Paint 3d | 2024-11-21 | N/A | 7.8 HIGH |
| Paint 3D Remote Code Execution Vulnerability | |||||
| CVE-2023-32028 | 1 Microsoft | 2 Ole Db Driver For Sql Server, Sql Server | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft SQL OLE DB Remote Code Execution Vulnerability | |||||
| CVE-2023-32027 | 1 Microsoft | 2 Odbc Driver For Sql Server, Sql Server | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2023-32026 | 1 Microsoft | 2 Odbc Driver For Sql Server, Sql Server | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2023-32025 | 1 Microsoft | 2 Odbc Driver For Sql Server, Sql Server | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2023-2763 | 1 3ds | 1 3dexperience Solidworks | 2024-11-21 | N/A | 7.8 HIGH |
| Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file. | |||||
| CVE-2023-29344 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2023-29341 | 1 Microsoft | 1 Av1 Video Extension | 2024-11-21 | N/A | 7.8 HIGH |
| AV1 Video Extension Remote Code Execution Vulnerability | |||||