31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 501–550 of 1,619 in KEV · page 11 of 33
| ID | Title | Summary |
|---|---|---|
| CVE-2023-33107 | Qualcomm Multiple Chipsets Integer Overflow Vulnerability KEVQualcomm | Multiple Qualcomm chipsets contain an integer overflow vulnerability due to memory corruption in Graphics Linux while assigning shared virtual memory region du… |
| CVE-2023-33106 | Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability KEVQualcomm | Multiple Qualcomm chipsets contain a use of out-of-range pointer offset vulnerability due to memory corruption in Graphics while submitting a large list of syn… |
| CVE-2023-33063 | Qualcomm Multiple Chipsets Use-After-Free Vulnerability KEVQualcomm | Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services during a remote call from HLOS to DSP. |
| CVE-2023-33010 | Zyxel Multiple Firewalls Buffer Overflow Vulnerability KEVZyxel | Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that cou… |
| CVE-2023-33009 | Zyxel Multiple Firewalls Buffer Overflow Vulnerability KEVZyxel | Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the notification function that coul… |
| CVE-2023-32439 | Apple Multiple Products WebKit Type Confusion Vulnerability KEVApple | Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content… |
| CVE-2023-32435 | Apple Multiple Products WebKit Memory Corruption Vulnerability KEVApple | Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web cont… |
| CVE-2023-32434 | Apple Multiple Products Integer Overflow Vulnerability KEVApple | Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges. |
| CVE-2023-32409 | Apple Multiple Products WebKit Sandbox Escape Vulnerability KEVApple | Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Conten… |
| CVE-2023-32373 | Apple Multiple Products WebKit Use-After-Free Vulnerability KEVApple | Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously craf… |
| CVE-2023-32315 | Ignite Realtime Openfire Path Traversal Vulnerability KEVIgnite Realtime | Ignite Realtime Openfire contains a path traversal vulnerability that allows an unauthenticated attacker to access restricted pages in the Openfire Admin Conso… |
| CVE-2023-32049 | Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability KEVMicrosoft | Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prom… |
| CVE-2023-32046 | Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2023-3079 | Google Chromium V8 Type Confusion Vulnerability KEVGoogle | Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.… |
| CVE-2023-29552 | Service Location Protocol (SLP) Denial-of-Service Vulnerability KEVIETF | The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services … |
| CVE-2023-29492 | Novi Survey Insecure Deserialization Vulnerability KEVNovi Survey | Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account. |
| CVE-2023-29360 | Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability KEVMicrosoft | Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYS… |
| CVE-2023-29357 | Microsoft SharePoint Server Privilege Escalation Vulnerability KEVMicrosoft | Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication … |
| CVE-2023-29336 | Microsoft Win32K Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges. |
| CVE-2023-29300 | Adobe ColdFusion Deserialization of Untrusted Data Vulnerability KEVAdobe | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. |
| CVE-2023-29298 | Adobe ColdFusion Improper Access Control Vulnerability KEVAdobe | Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. |
| CVE-2023-28771 | Zyxel Multiple Firewalls OS Command Injection Vulnerability KEVZyxel | Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS comman… |
| CVE-2023-2868 | Barracuda Networks ESG Appliance Improper Input Validation Vulnerability KEVBarracuda Networks | Barracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command in… |
| CVE-2023-28461 | Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability KEVArray Networks | Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute… |
| CVE-2023-28434 | MinIO Security Feature Bypass Vulnerability KEVMinIO | MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an objec… |
| CVE-2023-28432 | MinIO Information Disclosure Vulnerability KEVMinIO | MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure. |
| CVE-2023-28252 | Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2023-28229 | Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limi… |
| CVE-2023-28206 | Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability KEVApple | Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges. |
| CVE-2023-28205 | Apple Multiple Products WebKit Use-After-Free Vulnerability KEVApple | Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content… |
| CVE-2023-28204 | Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability KEVApple | Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing … |
| CVE-2023-27997 | Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability KEVFortinet | Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code … |
| CVE-2023-27992 | Zyxel Multiple NAS Devices Command Injection Vulnerability KEVZyxel | Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker… |
| CVE-2023-27532 | Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability KEVVeeam | Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user op… |
| CVE-2023-27524 | Apache Superset Insecure Default Initialization of Resource Vulnerability KEVApache | Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resourc… |
| CVE-2023-27351 | PaperCut NG/MF Improper Authentication Vulnerability KEVPaperCut | PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the S… |
| CVE-2023-27350 | PaperCut MF/NG Improper Access Control Vulnerability KEVPaperCut | PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the co… |
| CVE-2023-26369 | Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability KEVAdobe | Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution. |
| CVE-2023-26360 | Adobe ColdFusion Deserialization of Untrusted Data Vulnerability KEVAdobe | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution. |
| CVE-2023-26359 | Adobe ColdFusion Deserialization of Untrusted Data Vulnerability KEVAdobe | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user. |
| CVE-2023-26083 | Arm Mali GPU Kernel Driver Information Disclosure Vulnerability KEVArm | Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expo… |
| CVE-2023-25717 | CVE-2023-25717 KEVCVSS 9.8ruckuswireless | Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=adm… |
| CVE-2023-2533 | PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability KEVPaperCut | PaperCut NG/MF contains a cross-site request forgery (CSRF) vulnerability, which, under specific conditions, could potentially enable an attacker to alter secu… |
| CVE-2023-25280 | D-Link DIR-820 Router OS Command Injection Vulnerability KEVD-Link | D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafte… |
| CVE-2023-24955 | Microsoft SharePoint Server Code Injection Vulnerability KEVMicrosoft | Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely. |
| CVE-2023-24880 | Microsoft Windows SmartScreen Security Feature Bypass Vulnerability KEVMicrosoft | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a spec… |
| CVE-2023-24489 | Citrix Content Collaboration ShareFile Improper Access Control Vulnerability KEVCitrix | Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-man… |
| CVE-2023-23752 | CVE-2023-23752 KEVCVSS 5.3joomla | An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. |
| CVE-2023-23529 | CVE-2023-23529 KEVCVSS 8.8apple | A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.… |
| CVE-2023-23397 | Microsoft Office Outlook Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user. |