The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
-
CVE-2023-47063 - Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user in... read CVE-2023-47063
Published: December 13, 2023; 5:15:08 AM -0500V3.1: 7.8 HIGH
-
CVE-2023-47074 - Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could lev... read CVE-2023-47074
Published: December 13, 2023; 5:15:08 AM -0500V3.1: 7.8 HIGH
-
CVE-2023-47075 - Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact... read CVE-2023-47075
Published: December 13, 2023; 5:15:09 AM -0500V3.1: 7.8 HIGH
-
CVE-2023-47076 - Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context ... read CVE-2023-47076
Published: December 13, 2023; 5:15:09 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2023-47077 - Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ... read CVE-2023-47077
Published: December 13, 2023; 5:15:09 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2023-46456 - In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality.
Published: December 12, 2023; 10:15:07 AM -0500V3.1: 9.8 CRITICAL
-
CVE-2022-1049 - A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied ac... read CVE-2022-1049
Published: March 25, 2022; 3:15:10 PM -0400V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
-
CVE-2023-36391 - Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
Published: December 12, 2023; 1:15:22 PM -0500V3.1: 7.8 HIGH
-
CVE-2023-36020 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Published: December 12, 2023; 1:15:22 PM -0500V3.1: 5.4 MEDIUM
-
CVE-2023-35638 - DHCP Server Service Denial of Service Vulnerability
Published: December 12, 2023; 1:15:19 PM -0500V3.1: 7.5 HIGH
-
CVE-2023-35625 - Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability
Published: December 12, 2023; 1:15:17 PM -0500V3.1: 4.7 MEDIUM
-
CVE-2023-35622 - Windows DNS Spoofing Vulnerability
Published: December 12, 2023; 1:15:17 PM -0500V3.1: 7.5 HIGH
-
CVE-2023-35624 - Azure Connected Machine Agent Elevation of Privilege Vulnerability
Published: December 12, 2023; 1:15:17 PM -0500V3.1: 7.3 HIGH
-
CVE-2023-49274 - Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a user enumeration attack is possible when SMTP is not set up correctly, but reset password is enabled. Versions 8.... read CVE-2023-49274
Published: December 12, 2023; 3:15:07 PM -0500V3.1: 5.3 MEDIUM
-
CVE-2023-43364 - main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.
Published: December 12, 2023; 1:15:22 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2023-49089 - Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expect... read CVE-2023-49089
Published: December 12, 2023; 2:15:07 PM -0500V3.1: 6.5 MEDIUM
-
CVE-2023-48313 - Umbraco is an ASP.NET content management system (CMS). Starting in 10.0.0 and prior to versions 10.8.1 and 12.3.4, Umbraco contains a cross-site scripting (XSS) vulnerability enabling attackers to bring malicious content into a website or applica... read CVE-2023-48313
Published: December 12, 2023; 1:15:22 PM -0500V3.1: 6.1 MEDIUM
-
CVE-2023-49140 - Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
Published: December 12, 2023; 5:15:10 AM -0500V3.1: 7.5 HIGH
-
CVE-2023-35628 - Windows MSHTML Platform Remote Code Execution Vulnerability
Published: December 12, 2023; 1:15:17 PM -0500V3.1: 8.1 HIGH
-
CVE-2023-35629 - Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability
Published: December 12, 2023; 1:15:17 PM -0500V3.1: 6.8 MEDIUM
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.