NVD

2022-23 Change Timeline

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2023-47063 - Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user in... read CVE-2023-47063
Published: December 13, 2023; 5:15:08 AM -0500

V3.1: 7.8 HIGH
CVE-2023-47074 - Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could lev... read CVE-2023-47074
Published: December 13, 2023; 5:15:08 AM -0500

V3.1: 7.8 HIGH
CVE-2023-47075 - Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact... read CVE-2023-47075
Published: December 13, 2023; 5:15:09 AM -0500

V3.1: 7.8 HIGH
CVE-2023-47076 - Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context ... read CVE-2023-47076
Published: December 13, 2023; 5:15:09 AM -0500

V3.1: 5.5 MEDIUM
CVE-2023-47077 - Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ... read CVE-2023-47077
Published: December 13, 2023; 5:15:09 AM -0500

V3.1: 5.5 MEDIUM
CVE-2023-46456 - In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality.
Published: December 12, 2023; 10:15:07 AM -0500

V3.1: 9.8 CRITICAL
CVE-2022-1049 - A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied ac... read CVE-2022-1049
Published: March 25, 2022; 3:15:10 PM -0400

V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2023-36391 - Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
Published: December 12, 2023; 1:15:22 PM -0500

V3.1: 7.8 HIGH
CVE-2023-36020 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Published: December 12, 2023; 1:15:22 PM -0500

V3.1: 5.4 MEDIUM
CVE-2023-35638 - DHCP Server Service Denial of Service Vulnerability
Published: December 12, 2023; 1:15:19 PM -0500

V3.1: 7.5 HIGH
CVE-2023-35625 - Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability
Published: December 12, 2023; 1:15:17 PM -0500

V3.1: 4.7 MEDIUM
CVE-2023-35622 - Windows DNS Spoofing Vulnerability
Published: December 12, 2023; 1:15:17 PM -0500

V3.1: 7.5 HIGH
CVE-2023-35624 - Azure Connected Machine Agent Elevation of Privilege Vulnerability
Published: December 12, 2023; 1:15:17 PM -0500

V3.1: 7.3 HIGH
CVE-2023-49274 - Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a user enumeration attack is possible when SMTP is not set up correctly, but reset password is enabled. Versions 8.... read CVE-2023-49274
Published: December 12, 2023; 3:15:07 PM -0500

V3.1: 5.3 MEDIUM
CVE-2023-43364 - main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.
Published: December 12, 2023; 1:15:22 PM -0500

V3.1: 9.8 CRITICAL
CVE-2023-49089 - Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expect... read CVE-2023-49089
Published: December 12, 2023; 2:15:07 PM -0500

V3.1: 6.5 MEDIUM
CVE-2023-48313 - Umbraco is an ASP.NET content management system (CMS). Starting in 10.0.0 and prior to versions 10.8.1 and 12.3.4, Umbraco contains a cross-site scripting (XSS) vulnerability enabling attackers to bring malicious content into a website or applica... read CVE-2023-48313
Published: December 12, 2023; 1:15:22 PM -0500

V3.1: 6.1 MEDIUM
CVE-2023-49140 - Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
Published: December 12, 2023; 5:15:10 AM -0500

V3.1: 7.5 HIGH
CVE-2023-35628 - Windows MSHTML Platform Remote Code Execution Vulnerability
Published: December 12, 2023; 1:15:17 PM -0500

V3.1: 8.1 HIGH
CVE-2023-35629 - Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability
Published: December 12, 2023; 1:15:17 PM -0500

V3.1: 6.8 MEDIUM

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: