Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): windows server
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-47152 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730. Published: January 22, 2024; 3:15:46 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-50308 |
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393. Published: January 22, 2024; 2:15:09 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-47746 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644. Published: January 22, 2024; 2:15:08 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-45193 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759. Published: January 22, 2024; 2:15:08 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2024-23331 |
Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems. Since `picomatch` defaults to case-sensitive glob matching, but the file server doesn't discriminate; a blacklist bypass is possible. By requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. This issue has been addressed in vite@5.0.12, vite@4.5.2, vite@3.2.8, and vite@2.9.17. Users are advised to upgrade. Users unable to upgrade should restrict access to dev servers. Published: January 19, 2024; 3:15:14 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-6457 |
Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Windows (Hitachi Tuning Manager server component) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-04. Published: January 15, 2024; 8:15:34 PM -0500 |
V4.0:(not available) V3.1: 7.1 HIGH V2.0:(not available) |
CVE-2023-31036 |
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Published: January 12, 2024; 12:15:09 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-21316 |
Windows Server Key Distribution Service Security Feature Bypass Published: January 09, 2024; 1:15:55 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-51438 |
A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish® server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access. Published: January 09, 2024; 5:15:21 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-47145 |
IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402. Published: January 07, 2024; 2:15:08 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-41151 |
An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing. Published: December 14, 2023; 2:15:16 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-36005 |
Windows Telephony Server Elevation of Privilege Vulnerability Published: December 12, 2023; 1:15:21 PM -0500 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0:(not available) |
CVE-2023-43742 |
An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication failure, the server sends a login failure message prompting the client to disconnect. However, if the client ignores the failure message instead and attempts to continue, the server does not forcibly close the connection and processes all subsequent requests from the client as if authentication had been successful. Published: December 07, 2023; 8:15:07 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-40687 |
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809. Published: December 03, 2023; 9:15:07 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-38727 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257. Published: December 03, 2023; 9:15:06 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-29258 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048. Published: December 03, 2023; 9:15:06 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-47701 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166. Published: December 03, 2023; 8:15:12 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-46167 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367. Published: December 03, 2023; 8:15:12 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-38003 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214. Published: December 03, 2023; 8:15:08 PM -0500 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-40692 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions. IBM X-Force ID: 264807. Published: December 03, 2023; 7:15:07 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |