Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x86:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-38213 |
Adobe Dimension version 3.4.9 is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: August 09, 2023; 5:15:14 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-38212 |
Adobe Dimension version 3.4.9 is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: August 09, 2023; 5:15:14 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-38211 |
Adobe Dimension version 3.4.9 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: August 09, 2023; 5:15:13 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-20562 |
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. Published: August 08, 2023; 2:15:11 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-20561 |
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service. Published: August 08, 2023; 2:15:11 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-20556 |
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service. Published: August 08, 2023; 2:15:11 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-32783 |
The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. NOTE: the vendor states "We do not consider this as a security bug and it's an expected behaviour." Published: August 07, 2023; 1:15:11 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-39143 |
PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration). Published: August 04, 2023; 1:15:11 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-32764 |
Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator. Published: August 03, 2023; 2:15:11 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-4136 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27. Published: August 03, 2023; 11:15:34 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-36858 |
An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Published: August 02, 2023; 12:15:10 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-4054 |
When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1. Published: August 01, 2023; 12:15:09 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-2313 |
Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a malicious file. (Chromium security severity: High) Published: July 28, 2023; 8:15:12 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-26077 |
Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions. Published: July 24, 2023; 2:15:23 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-26078 |
Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs. Published: July 24, 2023; 12:15:11 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-35077 |
An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above. Published: July 21, 2023; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-25841 |
There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 – 11.0 on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. Mitigation: Disable anonymous access to ArcGIS Feature services with edit capabilities. Published: July 21, 2023; 3:15:10 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-25840 |
There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser. The privileges required to execute this attack are high. Published: July 21, 2023; 3:15:10 PM -0400 |
V4.0:(not available) V3.1: 3.4 LOW V2.0:(not available) |
CVE-2021-39822 |
Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file. Published: July 20, 2023; 3:15:09 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-25839 |
There is SQL injection vulnerability in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 that may allow a local, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected. Published: July 19, 2023; 12:15:09 PM -0400 |
V4.0:(not available) V3.1: 7.0 HIGH V2.0:(not available) |