Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22941 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-02-23 | N/A | 7.5 HIGH |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) crashes the Splunk daemon (splunkd). | |||||
| CVE-2023-21717 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-02-23 | N/A | 8.8 HIGH |
| Microsoft SharePoint Server Elevation of Privilege Vulnerability | |||||
| CVE-2023-21718 | 1 Microsoft | 1 Sql Server | 2023-02-23 | N/A | 7.8 HIGH |
| Microsoft SQL ODBC Driver Remote Code Execution Vulnerability | |||||
| CVE-2023-22940 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-02-23 | N/A | 5.7 MEDIUM |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled. | |||||
| CVE-2023-21720 | 1 Microsoft | 1 Edge Chromium | 2023-02-23 | N/A | 5.3 MEDIUM |
| Microsoft Edge (Chromium-based) Tampering Vulnerability | |||||
| CVE-2023-21706 | 1 Microsoft | 1 Exchange Server | 2023-02-23 | N/A | 8.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2023-21705 | 1 Microsoft | 1 Sql Server | 2023-02-23 | N/A | 8.8 HIGH |
| Microsoft SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2023-21528 | 1 Microsoft | 1 Sql Server | 2023-02-23 | N/A | 7.8 HIGH |
| Microsoft SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2023-22939 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-02-23 | N/A | 8.8 HIGH |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search [bypass SPL safeguards for risky commands](https://docs.splunk.com/Documentation/Splunk/latest/Security/SPLsafeguards). The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. | |||||
| CVE-2023-21713 | 1 Microsoft | 1 Sql Server | 2023-02-23 | N/A | 8.8 HIGH |
| Microsoft SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2023-21716 | 1 Microsoft | 8 Office, Office Long Term Servicing Channel, Office Online Server and 5 more | 2023-02-23 | N/A | 9.8 CRITICAL |
| Microsoft Word Remote Code Execution Vulnerability | |||||
| CVE-2023-21822 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2023-02-23 | N/A | 7.8 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||
| CVE-2023-21819 | 1 Microsoft | 7 Windows 10 1809, Windows 10 20h2, Windows 10 21h2 and 4 more | 2023-02-23 | N/A | 7.5 HIGH |
| Windows Secure Channel Denial of Service Vulnerability | |||||
| CVE-2023-21820 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2023-02-23 | N/A | 7.4 HIGH |
| Windows Distributed File System (DFS) Remote Code Execution Vulnerability | |||||
| CVE-2023-21818 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2023-02-23 | N/A | 7.5 HIGH |
| Windows Secure Channel Denial of Service Vulnerability | |||||
| CVE-2023-21817 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2023-02-23 | N/A | 7.8 HIGH |
| Windows Kerberos Elevation of Privilege Vulnerability | |||||
| CVE-2023-21813 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2023-02-23 | N/A | 7.5 HIGH |
| Windows Secure Channel Denial of Service Vulnerability | |||||
| CVE-2023-22938 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-02-23 | N/A | 4.3 MEDIUM |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance. | |||||
| CVE-2023-21816 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2023-02-23 | N/A | 7.5 HIGH |
| Windows Active Directory Domain Services API Denial of Service Vulnerability | |||||
| CVE-2023-21812 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2023-02-23 | N/A | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||