Uncategorized CVEs — 2023 (Page 23/24)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2023-01-23

Medium

CVE-2022-4485

The Page-list WordPress plugin before 5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contribu…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4475

The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4474

The Easy Social Feed WordPress plugin before 6.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4467

The Search & Filter WordPress plugin before 1.2.16 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4443

The BruteBank WordPress plugin before 1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.

CVSS: 6.5CWE: N/A

Critical

CVE-2022-4383

The CBX Petition for WordPress plugin through 1.0.3 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading…

CVSS: 9.8CWE: N/A

Medium

CVE-2022-4346

The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email address.

CVSS: 5.3CWE: N/A

High

CVE-2022-4323

The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable…

CVSS: 7.2CWE: N/A

Medium

CVE-2022-4307

The پلاگین پرداخت دلخواه WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered wh…

CVSS: 6.1CWE: N/A

Critical

CVE-2022-4305

The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a…

CVSS: 9.8CWE: N/A

High

CVE-2022-4017

The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed C…

CVSS: 8.8CWE: N/A

Medium

CVE-2022-3811

The EU Cookie Law for GDPR/CCPA WordPress plugin through 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scr…

CVSS: 4.8CWE: N/A

High

CVE-2022-3425

The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable…

CVSS: 7.2CWE: N/A

Critical

CVE-2022-0316

The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress…

CVSS: 9.8CWE: N/A

High

CVE-2021-24881

The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by…

CVSS: 7.5CWE: N/A

Medium

CVE-2021-24837

The Passster WordPress plugin before 3.5.5.8 does not escape the area parameter of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.

CVSS: 5.4CWE: N/A

High

CVE-2023-24068

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modificatio…

CVSS: 7.8CWE: N/A

2023-01-19

Medium

CVE-2023-0403

The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several AJAX actio…

CVSS: 5.4CWE: N/A

Medium

CVE-2023-0402

The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible…

CVSS: 5.4CWE: N/A

2023-01-18

Medium

CVE-2023-0385

The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom_404_pro…

CVSS: 4.3CWE: N/A

Medium

CVE-2023-21900

Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged at…

CVSS: 4.0CWE: N/A

Medium

CVE-2023-21899

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnera…

CVSS: 5.5CWE: N/A

Medium

CVE-2023-21898

CVSS: 5.5CWE: N/A

Medium

CVE-2023-21892

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0…

CVSS: 5.4CWE: N/A

Medium

CVE-2023-21891

CVSS: 5.4CWE: N/A

Low

CVE-2023-21889

CVSS: 3.8CWE: N/A

Medium

CVE-2023-21888

Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: WebUI). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10…

CVSS: 5.4CWE: N/A

Medium

CVE-2023-21887

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged…

CVSS: 4.9CWE: N/A

Low

CVE-2023-21885

CVSS: 3.8CWE: N/A

Medium

CVE-2023-21884

CVSS: 4.4CWE: N/A

Medium

CVE-2023-21883

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high priv…

CVSS: 4.9CWE: N/A

Low

CVE-2023-21882

CVSS: 2.7CWE: N/A

Medium

CVE-2023-21881

CVSS: 4.9CWE: N/A

Medium

CVE-2023-21880

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged atta…

CVSS: 5.5CWE: N/A

Medium

CVE-2023-21879

CVSS: 4.9CWE: N/A

Medium

CVE-2023-21878

CVSS: 4.9CWE: N/A

Medium

CVE-2023-21877

CVSS: 5.5CWE: N/A

Medium

CVE-2023-21876

CVSS: 4.9CWE: N/A

Medium

CVE-2023-21875

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.31 and prior. Difficult to exploit vulnerability all…

CVSS: 5.9CWE: N/A

Low

CVE-2023-21874

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high…

CVSS: 2.7CWE: N/A

Medium

CVE-2023-21873

CVSS: 4.9CWE: N/A

Medium

CVE-2023-21872

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high priv…

CVSS: 5.5CWE: N/A

Medium

CVE-2023-21871

CVSS: 4.9CWE: N/A

Medium

CVE-2023-21870

CVSS: 4.9CWE: N/A

Medium

CVE-2023-21869

CVSS: 5.5CWE: N/A

Medium

CVE-2023-21868

CVSS: 6.5CWE: N/A

Medium

CVE-2023-21867

CVSS: 4.9CWE: N/A

Medium

CVE-2023-21866

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high priv…

CVSS: 4.9CWE: N/A

Medium

CVE-2023-21865

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high priv…

CVSS: 4.9CWE: N/A

Medium

CVE-2023-21864

CVSS: 4.9CWE: N/A

Medium

CVE-2023-21863

CVSS: 4.9CWE: N/A

Medium

CVE-2023-21861

CVSS: 5.4CWE: N/A

Medium

CVE-2023-21859

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerabi…

CVSS: 4.4CWE: N/A

High

CVE-2023-21858

Vulnerability in the Oracle Collaborative Planning product of Oracle E-Business Suite (component: Installation). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerabi…

CVSS: 7.5CWE: N/A

Medium

CVE-2023-21847

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Download). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable…

CVSS: 5.4CWE: N/A

Medium

CVE-2023-21845

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). The supported version that is affected is 8.60. Easily exploitable vulnerability al…

CVSS: 5.4CWE: N/A

Medium

CVE-2023-21844

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerabi…

CVSS: 5.4CWE: N/A

Low

CVE-2023-21843

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.…

CVSS: 3.7CWE: N/A

Medium

CVE-2023-21840

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.40 and prior. Easily exploitable vulnerability allows high privileged…

CVSS: 4.9CWE: N/A

Medium

CVE-2023-21836

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged…

CVSS: 4.9CWE: N/A

Medium

CVE-2023-21835

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1;…

CVSS: 5.3CWE: N/A

Medium

CVE-2023-21834

Vulnerability in the Oracle Self-Service Human Resources product of Oracle E-Business Suite (component: Workflow, Approval, Work Force Management). Supported versions that are affected are 12.2.3-12…

CVSS: 4.3CWE: N/A

Medium

CVE-2023-21831

Vulnerability in the PeopleSoft Enterprise CS Academic Advisement product of Oracle PeopleSoft (component: Advising Notes). The supported version that is affected is 9.2. Easily exploitable vulnera…

CVSS: 5.3CWE: N/A

Medium

CVE-2023-21830

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-per…

CVSS: 5.3CWE: N/A

Medium

CVE-2023-21829

Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged…

CVSS: 6.3CWE: N/A

Medium

CVE-2023-21827

Vulnerability in the Oracle Database Data Redaction component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged…

CVSS: 4.3CWE: N/A

High

CVE-2023-21826

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting). The supported version that is affected is 9.1.0. Easily expl…

CVSS: 7.6CWE: N/A

Medium

CVE-2023-21825

Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Supplier Management). Supported versions that are affected are 12.2.6-12.2.8. Easily exploitable vulnerabi…

CVSS: 5.3CWE: N/A

Medium

CVE-2023-21824

Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Customer, Config, Pricing Manager). Supported versions that are aff…

CVSS: 4.4CWE: N/A

Medium

CVE-2022-39429

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create…

CVSS: 4.3CWE: N/A

2023-01-16

Medium

CVE-2022-4658

The RSSImport WordPress plugin through 4.6.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scrip…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4655

The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cro…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4653

The Greenshift WordPress plugin before 4.8.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scrip…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4648

The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low a…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4578

The Video Conferencing with Zoom WordPress plugin before 4.0.10 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a r…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4571

The Seriously Simple Podcasting WordPress plugin before 2.19.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a ro…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4549

The Tickera WordPress plugin before 3.5.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.

CVSS: 4.3CWE: N/A

Medium

CVE-2022-4544

The MashShare WordPress plugin before 3.8.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contri…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4508

The ConvertKit WordPress plugin before 2.0.5 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a co…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4507

The Real Cookie Banner WordPress plugin before 3.4.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as lo…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4487

The Easy Accordion WordPress plugin before 2.2.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as c…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4486

The Meteor Slides WordPress plugin before 1.5.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as co…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4484

The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.44 does not validate and escape some of its shortcode attributes before outputting them back in the page, which…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4483

The Insert Pages WordPress plugin before 3.7.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as con…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4482

The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow use…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4481

The Mesmerize Companion WordPress plugin before 1.6.135 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as l…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4478

The Font Awesome WordPress plugin before 4.3.2 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4477

The Smash Balloon Social Post Feed WordPress plugin before 4.1.6 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4476

The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4469

The Simple Membership WordPress plugin before 4.2.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low a…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4465

The WP Video Lightbox WordPress plugin before 1.9.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low a…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4464

Themify Portfolio Post WordPress plugin before 1.2.1 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4460

The Sidebar Widgets by CodeLights WordPress plugin through 1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a ro…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4451

The Social Sharing WordPress plugin before 3.3.45 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4449

The Page scroll to id WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low a…

CVSS: 5.4CWE: N/A

Critical

CVE-2022-4447

The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL…

CVSS: 9.8CWE: N/A

Medium

CVE-2022-4442

The Custom Post Types and Custom Fields creator WordPress plugin before 2.3.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored…

CVSS: 4.8CWE: N/A

Medium

CVE-2022-4431

The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contribu…

CVSS: 5.4CWE: N/A

Medium

CVE-2022-4320

The WordPress Events Calendar WordPress plugin before 1.4.5 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be…

CVSS: 6.1CWE: N/A

Low

CVE-2022-4309

The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CS…

CVSS: 3.1CWE: N/A

Medium

CVE-2022-4299

The Metricool WordPress plugin before 1.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even…

CVSS: 4.8CWE: N/A

Medium

CVE-2022-4295

The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used aga…

CVSS: 6.1CWE: N/A

Medium

CVE-2022-4199

The Link Library WordPress plugin before 7.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks e…

CVSS: 4.8CWE: N/A

Critical

CVE-2022-4101

The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbi…

CVSS: 9.1CWE: N/A

Critical

CVE-2022-4060

The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it.

CVSS: 9.8CWE: N/A

Medium

CVE-2022-2658

The WP Spell Check WordPress plugin before 9.13 does not escape ignored words, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilt…

CVSS: 4.8CWE: N/A

2023-01-13

Medium

CVE-2023-0295

The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its settings parameters in versions up to, and including, 1.0.13 due to insufficient input sanitization…

CVSS: 5.5CWE: N/A

High

CVE-2023-0294

The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation o…

CVSS: 8.8CWE: N/A

Medium

CVE-2023-0293

The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. This m…

CVSS: 4.3CWE: N/A

2023-01-12

High

CVE-2023-0254

The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in versions up to, and including, 1.7 due to insufficient escaping on the user sup…

CVSS: 7.2CWE: N/A

Medium

CVE-2022-4342

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A m…

CVSS: 5.5CWE: N/A

2023-01-10

High

CVE-2023-21788

3D Builder Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

Low

CVE-2023-21759

Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability

CVSS: 3.3CWE: N/A

High

CVE-2023-21748

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2023-21746

Windows NTLM Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2023-21676

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A

Medium

CVE-2023-21563

BitLocker Security Feature Bypass Vulnerability

CVSS: 6.8CWE: N/A

High

CVE-2023-21541

Windows Task Scheduler Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2023-21525

Remote Procedure Call Runtime Denial of Service Vulnerability

CVSS: 5.3CWE: N/A

Medium

CVE-2023-0140

Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium s…

CVSS: 6.5CWE: N/A