Export limit exceeded: 366885 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 19854 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366885 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12261 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-21964 | 1 Microsoft | 2 Windows 10, Windows 10 1607 | 2025-01-02 | 5.5 Medium |
| Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability | ||||
| CVE-2023-35642 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2025-01-01 | 6.5 Medium |
| Internet Connection Sharing (ICS) Denial of Service Vulnerability | ||||
| CVE-2023-35641 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2025-01-01 | 8.8 High |
| Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | ||||
| CVE-2023-35352 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 2 more | 2025-01-01 | 7.5 High |
| Windows Remote Desktop Security Feature Bypass Vulnerability | ||||
| CVE-2023-29355 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 2 more | 2025-01-01 | 5.3 Medium |
| DHCP Server Service Information Disclosure Vulnerability | ||||
| CVE-2023-23409 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2025-01-01 | 5.5 Medium |
| Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | ||||
| CVE-2023-23401 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2025-01-01 | 7.8 High |
| Windows Media Remote Code Execution Vulnerability | ||||
| CVE-2023-24922 | 1 Microsoft | 1 Dynamics 365 | 2025-01-01 | 6.5 Medium |
| Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | ||||
| CVE-2023-23394 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2025-01-01 | 5.5 Medium |
| Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | ||||
| CVE-2023-23388 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-01-01 | 8.8 High |
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | ||||
| CVE-2023-21714 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-01-01 | 5.5 Medium |
| Microsoft Office Information Disclosure Vulnerability | ||||
| CVE-2023-21687 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 21h2, Windows 11 22h2 and 2 more | 2025-01-01 | 5.5 Medium |
| HTTP.sys Information Disclosure Vulnerability | ||||
| CVE-2023-21536 | 1 Microsoft | 13 Windows 10 1809, Windows 10 20h2, Windows 10 20h2 and 10 more | 2025-01-01 | 4.7 Medium |
| Event Tracing for Windows Information Disclosure Vulnerability | ||||
| CVE-2023-21736 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-01-01 | 7.8 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||
| CVE-2024-43487 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-12-31 | 6.5 Medium |
| Windows Mark of the Web Security Feature Bypass Vulnerability | ||||
| CVE-2023-32465 | 1 Dell | 1 Powerprotect Cyber Recovery | 2024-12-30 | 8.8 High |
| Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker. | ||||
| CVE-2023-2820 | 1 Proofpoint | 1 Threat Response Auto Pull | 2024-12-27 | 6.1 Medium |
| An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic. An attacker could use these credentials to impersonate PTR/TRAP to these services. All versions prior to 5.10.0 are affected. | ||||
| CVE-2024-0101 | 1 Nvidia | 13 Mellanox Os Firmware, Metro-3 Xc Firmware, Metrox-2 Firmware and 10 more | 2024-12-26 | 7.5 High |
| NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2024-12667 | 1 Invoiceplane | 1 Invoiceplane | 2024-12-19 | 3.7 Low |
| A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /invoices/view. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | ||||
| CVE-2024-25619 | 1 Joinmastodon | 1 Mastodon | 2024-12-18 | 3.1 Low |
| Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the Access Tokens had also been destroyed, this could have posed security risks to users by allowing an application to continue listening to streaming after the application had been destroyed. Essentially this comes down to the fact that when Doorkeeper sets up the relationship between Applications and Access Tokens, it uses a `dependent: delete_all` configuration, which means the `after_commit` callback setup on `AccessTokenExtension` didn't actually fire, since `delete_all` doesn't trigger ActiveRecord callbacks. To mitigate, we need to add a `before_destroy` callback to `ApplicationExtension` which announces to streaming that all the Application's Access Tokens are being "killed". Impact should be negligible given the affected application had to be owned by the user. None the less this issue has been addressed in versions 4.2.6, 4.1.14, 4.0.14, and 3.5.18. Users are advised to upgrade. There are no known workaround for this vulnerability. | ||||