Total
737 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-5766 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2023-12-10 | N/A | 9.8 CRITICAL |
A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet. | |||||
CVE-2022-4146 | 4 Hitachi, Linux, Microsoft and 1 more | 4 Replication Manager, Linux Kernel, Windows and 1 more | 2023-12-10 | N/A | 9.8 CRITICAL |
Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02. | |||||
CVE-2023-4601 | 2 Microsoft, Ni | 2 Windows, System Configuration | 2023-12-10 | N/A | 9.8 CRITICAL |
A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. Successful exploitation requires that an attacker can provide a specially crafted response. This affects NI System Configuration 2023 Q3 and all previous versions. | |||||
CVE-2023-32336 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-12-10 | N/A | 9.8 CRITICAL |
IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285. | |||||
CVE-2023-27497 | 2 Microsoft, Sap | 2 Windows, Diagnostics Agent | 2023-12-10 | N/A | 9.8 CRITICAL |
Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system. | |||||
CVE-2022-47984 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-12-10 | N/A | 9.8 CRITICAL |
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163. | |||||
CVE-2023-30268 | 2 Cltphp, Microsoft | 2 Cltphp, Windows | 2023-12-10 | N/A | 9.8 CRITICAL |
CLTPHP <=6.0 is vulnerable to Improper Input Validation. | |||||
CVE-2022-4126 | 4 Abb, Apple, Linux and 1 more | 4 Rccmd, Macos, Linux Kernel and 1 more | 2023-12-10 | N/A | 9.8 CRITICAL |
Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207. | |||||
CVE-2023-32557 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 9.8 CRITICAL |
A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges. | |||||
CVE-2023-35174 | 2 Livebook, Microsoft | 2 Livebook, Windows | 2023-12-10 | N/A | 9.8 CRITICAL |
Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser. This vulnerability has been fixed in version 0.8.2 and 0.9.3. | |||||
CVE-2023-29542 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2023-12-10 | N/A | 9.8 CRITICAL |
A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. | |||||
CVE-2023-28347 | 2 Faronics, Microsoft | 2 Insight, Windows | 2023-12-10 | N/A | 9.6 CRITICAL |
An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a proof-of-concept script that functions similarly to a Student Console, providing unauthenticated attackers with the ability to exploit XSS vulnerabilities within the Teacher Console application and achieve remote code execution as NT AUTHORITY/SYSTEM on all connected Student Consoles and the Teacher Console in a Zero Click manner. | |||||
CVE-2021-26642 | 2 Microsoft, Xpressengine | 2 Windows, Xpressengine | 2023-12-10 | N/A | 9.8 CRITICAL |
When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running. | |||||
CVE-2023-25143 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 9.8 CRITICAL |
An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products. | |||||
CVE-2023-23477 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2023-12-10 | N/A | 9.8 CRITICAL |
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513. | |||||
CVE-2022-3229 | 2 Microsoft, Unifiedremote | 2 Windows, Unified Remote | 2023-12-10 | N/A | 9.8 CRITICAL |
Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing. | |||||
CVE-2022-41157 | 2 Microsoft, Webcash | 2 Windows, Serp Server 2.0 | 2023-12-10 | N/A | 9.8 CRITICAL |
A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands. | |||||
CVE-2021-26644 | 2 Mangboard, Microsoft | 2 Mangboard Wp, Windows | 2023-12-10 | N/A | 9.8 CRITICAL |
SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running. | |||||
CVE-2022-46764 | 2 Microsoft, Trueconf | 2 Windows, Server | 2023-12-10 | N/A | 9.8 CRITICAL |
A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution. | |||||
CVE-2023-0575 | 4 Apple, Linux, Microsoft and 1 more | 5 Iphone Os, Macos, Linux Kernel and 2 more | 2023-12-10 | N/A | 9.8 CRITICAL |
External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.0.0 |