Total
1245 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36705 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2023-36568 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-21 | N/A | 7.0 HIGH |
| Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | |||||
| CVE-2023-36399 | 1 Microsoft | 4 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 1 more | 2024-11-21 | N/A | 7.1 HIGH |
| Windows Storage Elevation of Privilege Vulnerability | |||||
| CVE-2023-36394 | 1 Microsoft | 9 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 6 more | 2024-11-21 | N/A | 7.0 HIGH |
| Windows Search Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-36391 | 1 Microsoft | 1 Windows 11 23h2 | 2024-11-21 | N/A | 7.8 HIGH |
| Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-36047 | 1 Microsoft | 8 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 5 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Authentication Elevation of Privilege Vulnerability | |||||
| CVE-2023-36046 | 1 Microsoft | 4 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 1 more | 2024-11-21 | N/A | 7.1 HIGH |
| Windows Authentication Denial of Service Vulnerability | |||||
| CVE-2023-35624 | 1 Microsoft | 1 Azure Connected Machine Agent | 2024-11-21 | N/A | 7.3 HIGH |
| Azure Connected Machine Agent Elevation of Privilege Vulnerability | |||||
| CVE-2023-35379 | 1 Microsoft | 1 Windows Server 2008 | 2024-11-21 | N/A | 7.8 HIGH |
| Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability | |||||
| CVE-2023-35353 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2024-11-21 | N/A | 7.8 HIGH |
| Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | |||||
| CVE-2023-35347 | 1 Microsoft | 5 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 2 more | 2024-11-21 | N/A | 7.1 HIGH |
| Microsoft Install Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-35342 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Image Acquisition Elevation of Privilege Vulnerability | |||||
| CVE-2023-35320 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2024-11-21 | N/A | 7.8 HIGH |
| Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | |||||
| CVE-2023-34723 | 1 Jaycar | 2 La5570, La5570 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf. | |||||
| CVE-2023-32556 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 5.5 MEDIUM |
| A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2023-32474 | 1 Dell | 1 Display Manager | 2024-11-21 | N/A | 6.6 MEDIUM |
| Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion | |||||
| CVE-2023-32454 | 1 Dell | 1 Update Package Framework | 2024-11-21 | N/A | 6.3 MEDIUM |
| DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service | |||||
| CVE-2023-32182 | 2 Opensuse, Suse | 3 Leap, Linux Enterprise High Performance Computing, Suse Linux Enterprise Desktop | 2024-11-21 | N/A | 5.9 MEDIUM |
| A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1. | |||||
| CVE-2023-32179 | 2024-11-21 | N/A | 7.8 HIGH | ||
| VIPRE Antivirus Plus FPQuarTransfer Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the FPQuarTransfer method. By creating a symbolic link, an attacker can abuse the method to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. . Was ZDI-CAN-19397. | |||||
| CVE-2023-32178 | 2024-11-21 | N/A | 7.8 HIGH | ||
| VIPRE Antivirus Plus TelFileTransfer Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TelFileTransfer method. By creating a symbolic link, an attacker can abuse the method to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. . Was ZDI-CAN-19396. | |||||