Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-20712 |
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: January 10, 2024; 8:15:49 AM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-20711 |
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: January 10, 2024; 8:15:49 AM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-20710 |
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: January 10, 2024; 8:15:48 AM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-0310 |
A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy configuration. Published: January 10, 2024; 6:15:10 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-0206 |
A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn't normally have permission to. After a scan, the Engine would follow the links and remove the files Published: January 09, 2024; 9:15:46 AM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-47145 |
IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402. Published: January 07, 2024; 2:15:08 PM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-47039 |
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations. Published: January 02, 2024; 1:15:13 AM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-45702 |
An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts.. Published: December 28, 2023; 3:15:35 AM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2021-38927 |
IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322. Published: December 24, 2023; 10:15:07 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-7047 |
Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources. Published: December 21, 2023; 10:15:14 AM -0500 |
V3.1: 4.4 MEDIUM V2.0:(not available) |
CVE-2023-29487 |
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. Published: December 20, 2023; 8:15:32 PM -0500 |
V3.1: 9.1 CRITICAL V2.0:(not available) |
CVE-2023-29486 |
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component. Published: December 20, 2023; 8:15:32 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-29485 |
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module. Published: December 20, 2023; 8:15:32 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-47707 |
IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271522. Published: December 19, 2023; 9:15:44 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-47705 |
IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. IBM X-Force ID: 271228. Published: December 19, 2023; 9:15:44 PM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-47703 |
IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 271197. Published: December 19, 2023; 9:15:44 PM -0500 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-47702 |
IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view modify files on the system. IBM X-Force ID: 271196. Published: December 19, 2023; 9:15:43 PM -0500 |
V3.1: 9.1 CRITICAL V2.0:(not available) |
CVE-2023-47706 |
IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X-Force ID: 271341. Published: December 19, 2023; 8:15:07 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-47704 |
IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220. Published: December 19, 2023; 8:15:07 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-46804 |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). Published: December 19, 2023; 11:15:12 AM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |