Lista CVE - 2023 / Novembre
Visualizzazione 1101 - 1200 di 2443 CVE per Novembre 2023 (Pagina 12 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-36399 | 2023-11-14 | Windows Storage Elevation of Privilege Vulnerability |
| CVE-2023-36398 | 2023-11-14 | Windows NTFS Information Disclosure Vulnerability |
| CVE-2023-36397 | 2023-11-14 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
| CVE-2023-36396 | 2023-11-14 | Windows Compressed Folder Remote Code Execution Vulnerability |
| CVE-2023-36395 | 2023-11-14 | Windows Deployment Services Denial of Service Vulnerability |
| CVE-2023-36394 | 2023-11-14 | Windows Search Service Elevation of Privilege Vulnerability |
| CVE-2023-36393 | 2023-11-14 | Windows User Interface Application Core Remote Code Execution Vulnerability |
| CVE-2023-36392 | 2023-11-14 | DHCP Server Service Denial of Service Vulnerability |
| CVE-2023-36046 | 2023-11-14 | Windows Authentication Denial of Service Vulnerability |
| CVE-2023-36047 | 2023-11-14 | Windows Authentication Elevation of Privilege Vulnerability |
| CVE-2023-36050 | 2023-11-14 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2023-36039 | 2023-11-14 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2023-36041 | 2023-11-14 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2023-36042 | 2023-11-14 | Visual Studio Denial of Service Vulnerability |
| CVE-2023-36045 | 2023-11-14 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| CVE-2023-36037 | 2023-11-14 | Microsoft Excel Security Feature Bypass Vulnerability |
| CVE-2023-36035 | 2023-11-14 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2023-36028 | 2023-11-14 | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability |
| CVE-2023-36030 | 2023-11-14 | Microsoft Dynamics 365 Sales Spoofing Vulnerability |
| CVE-2023-36031 | 2023-11-14 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-36033 | 2023-11-14 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2023-36021 | 2023-11-14 | Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability |
| CVE-2023-36025 | 2023-11-14 | Windows SmartScreen Security Feature Bypass Vulnerability |
| CVE-2023-36016 | 2023-11-14 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-36018 | 2023-11-14 | Visual Studio Code Jupyter Extension Spoofing Vulnerability |
| CVE-2023-42783 | 2023-11-14 | A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary... |
| CVE-2023-41840 | 2023-11-14 | A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path. |
| CVE-2023-36641 | 2023-11-14 | A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0... |
| CVE-2023-28002 | 2023-11-14 | An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and VMs may allow... |
| CVE-2023-36553 | 2023-11-14 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through... |
| CVE-2023-45582 | 2023-11-14 | An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated attacker to perform a... |
| CVE-2023-41676 | 2023-11-14 | An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the... |
| CVE-2023-45585 | 2023-11-14 | An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below,... |
| CVE-2023-26205 | 2023-11-14 | An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate... |
| CVE-2023-44248 | 2023-11-14 | An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in... |
| CVE-2023-33304 | 2023-11-14 | A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials. |
| CVE-2023-34991 | 2023-11-14 | A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0... |
| CVE-2023-36633 | 2023-11-14 | An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of... |
| CVE-2023-29177 | 2023-11-14 | Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged... |
| CVE-2023-40719 | 2023-11-14 | A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the... |
| CVE-2023-25603 | 2023-11-14 | A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged... |
| CVE-2022-40681 | 2023-11-14 | A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to cause denial of service via sending... |
| CVE-2023-32701 | 2023-11-14 | Vulnerability in Networking Stack Impacts QNX Software Development Platform (SDP) |
| CVE-2023-47658 | 2023-11-14 | WordPress Extra Product Options for WooCommerce Plugin <= 3.0.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47656 | 2023-11-14 | WordPress ANAC XML Bandi di Gara Plugin <= 7.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47654 | 2023-11-14 | WordPress BZScore – Live Score Plugin <= 1.03 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2021-46748 | 2023-11-14 | Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in... |
| CVE-2023-20567 | 2023-11-14 | Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to... |
| CVE-2023-20568 | 2023-11-14 | Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to... |
| CVE-2023-31320 | 2023-11-14 | Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service. |
| CVE-2021-46766 | 2023-11-14 | Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. |
| CVE-2021-46774 | 2023-11-14 | Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. |
| CVE-2022-23820 | 2023-11-14 | Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. |
| CVE-2023-20521 | 2023-11-14 | TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a... |
| CVE-2023-20526 | 2023-11-14 | Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. |
| CVE-2023-20533 | 2023-11-14 | Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. |
| CVE-2023-47653 | 2023-11-14 | WordPress TWB Woocommerce Reviews Plugin <= 1.7.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2021-26345 | 2023-11-14 | Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of... |
| CVE-2022-23830 | 2023-11-14 | SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity. |
| CVE-2023-20519 | 2023-11-14 | A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of... |
| CVE-2023-20566 | 2023-11-14 | Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. |
| CVE-2023-20592 | 2023-11-14 | Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading... |
| CVE-2021-46758 | 2023-11-14 | Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential... |
| CVE-2022-23821 | 2023-11-14 | Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution. |
| CVE-2023-20563 | 2023-11-14 | Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. |
| CVE-2023-20565 | 2023-11-14 | Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. |
| CVE-2023-20571 | 2023-11-14 | A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation. |
| CVE-2023-20596 | 2023-11-14 | Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution. |
| CVE-2023-39230 | 2023-11-14 | Insecure inherited permissions in some Intel Rapid Storage Technology software before version 16.8.5.1014.9 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-32638 | 2023-11-14 | Incorrect default permissions in some Intel Arc RGB Controller software before version 1.06 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-34314 | 2023-11-14 | Insecure inherited permissions in some Intel(R) Simics Simulator software before version 1.7.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-34350 | 2023-11-14 | Uncontrolled search path element in some Intel(R) XTU software before version 7.12.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-29165 | 2023-11-14 | Unquoted search path or element in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-27305 | 2023-11-14 | Incorrect default permissions in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-25952 | 2023-11-14 | Out-of-bounds write in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2022-42879 | 2023-11-14 | NULL pointer dereference in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2023-25071 | 2023-11-14 | NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows Drviers before version 31.0.101.4255 may allow authenticated user to potentially enable denial of service via... |
| CVE-2023-28401 | 2023-11-14 | Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow authenticated user to potentially enable escalation of privilege via local... |
| CVE-2023-28404 | 2023-11-14 | Out-of-bounds read in the Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable information disclosure via local... |
| CVE-2023-23583 | 2023-11-14 | Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service... |
| CVE-2022-41689 | 2023-11-14 | Improper access control in some Intel In-Band Manageability software before version 3.0.14 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-36860 | 2023-11-14 | Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. |
| CVE-2023-22337 | 2023-11-14 | Improper input validation for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access. |
| CVE-2023-22285 | 2023-11-14 | Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access. |
| CVE-2023-22292 | 2023-11-14 | Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-22290 | 2023-11-14 | Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access. |
| CVE-2023-38131 | 2023-11-14 | Improper input validationation for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access. |
| CVE-2023-22448 | 2023-11-14 | Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access. |
| CVE-2023-22663 | 2023-11-14 | Improper authentication for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. |
| CVE-2023-39221 | 2023-11-14 | Improper access control for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. |
| CVE-2023-39412 | 2023-11-14 | Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. |
| CVE-2023-38570 | 2023-11-14 | Access of memory location after end of buffer for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-39228 | 2023-11-14 | Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access. |
| CVE-2023-39411 | 2023-11-14 | Improper input validationation for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. |
| CVE-2022-45109 | 2023-11-14 | Improper initialization for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2022-43666 | 2023-11-14 | Exposure of sensitive system information due to uncleared debug information for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2022-43477 | 2023-11-14 | Incomplete cleanup for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2022-46299 | 2023-11-14 | Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2022-46647 | 2023-11-14 | Insertion of sensitive information into log file for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2022-45469 | 2023-11-14 | Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access. |