Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
7334 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43766 | 4 Apple, F-secure, Linux and 1 more | 10 Macos, Atlant, Client Security and 7 more | 2023-09-26 | 7.8 High |
| Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | ||||
| CVE-2023-43767 | 4 Apple, F-secure, Linux and 1 more | 10 Macos, Atlant, Client Security and 7 more | 2023-09-26 | 7.5 High |
| Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | ||||
| CVE-2023-43761 | 4 Apple, F-secure, Linux and 1 more | 10 Macos, Atlant, Client Security and 7 more | 2023-09-26 | 7.5 High |
| Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | ||||
| CVE-2023-43760 | 4 Apple, F-secure, Linux and 1 more | 10 Macos, Atlant, Client Security and 7 more | 2023-09-26 | 7.5 High |
| Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | ||||
| CVE-2023-5042 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2023-09-25 | 7.5 High |
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713. | ||||
| CVE-2023-41179 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2023-09-22 | 7.2 High |
| A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. | ||||
| CVE-2023-42525 | 4 Apple, Linux, Microsoft and 1 more | 10 Macos, Linux Kernel, Windows and 7 more | 2023-09-22 | 7.5 High |
| Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | ||||
| CVE-2023-42524 | 4 Apple, Linux, Microsoft and 1 more | 10 Macos, Linux Kernel, Windows and 7 more | 2023-09-22 | 7.5 High |
| Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | ||||
| CVE-2023-42523 | 4 Apple, Linux, Microsoft and 1 more | 10 Macos, Linux Kernel, Windows and 7 more | 2023-09-22 | 7.5 High |
| Certain WithSecure products allow a remote crash of a scanning engine via unpacking of a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | ||||
| CVE-2023-42522 | 4 Apple, Linux, Microsoft and 1 more | 10 Macos, Linux Kernel, Windows and 7 more | 2023-09-22 | 7.5 High |
| Certain WithSecure products allow a remote crash of a scanning engine via processing of an import struct in a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | ||||
| CVE-2023-42521 | 4 Apple, Linux, Microsoft and 1 more | 10 Macos, Linux Kernel, Windows and 7 more | 2023-09-22 | 7.5 High |
| Certain WithSecure products allow a remote crash of a scanning engine via processing of a compressed file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | ||||
| CVE-2023-42526 | 4 Apple, Linux, Microsoft and 1 more | 10 Macos, Linux Kernel, Windows and 7 more | 2023-09-22 | 7.5 High |
| Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | ||||
| CVE-2023-43114 | 2 Microsoft, Qt | 2 Windows, Qt | 2023-09-22 | 5.5 Medium |
| An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. | ||||
| CVE-2023-42520 | 4 Apple, Linux, Microsoft and 1 more | 10 Macos, Linux Kernel, Windows and 7 more | 2023-09-21 | 7.5 High |
| Certain WithSecure products allow a remote crash of a scanning engine via unpacking of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | ||||
| CVE-2023-1409 | 3 Apple, Microsoft, Mongodb | 3 Macos, Windows, Mongodb | 2023-09-21 | 7.5 High |
| If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that client certificate validation may not be in effect, potentially allowing client to establish a TLS connection with the server that supplies any certificate. This issue affect all MongoDB Server v6.3 versions, MongoDB Server v5.0 versions v5.0.0 to v5.0.14 and all MongoDB Server v4.4 versions. | ||||
| CVE-2022-35637 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-09-21 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823. | ||||
| CVE-2022-22483 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-09-21 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979. | ||||
| CVE-2020-24089 | 2 Iobit, Microsoft | 2 Malware Fighter, Windows | 2023-09-21 | 5.5 Medium |
| An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS). | ||||
| CVE-2023-3280 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2023-09-19 | 5.5 Medium |
| A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent. | ||||
| CVE-2022-47632 | 2 Microsoft, Razer | 2 Windows, Synapse | 2023-09-18 | 6.8 Medium |
| Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if the malicious DLLs are unsigned, it suffices to use self-signed DLLs. The validity of the DLL signatures is not checked. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows. | ||||