U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
There are 5,795 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2024-20711

Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: January 10, 2024; 8:15:49 AM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-20710

Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: January 10, 2024; 8:15:48 AM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-0310

A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy configuration.

Published: January 10, 2024; 6:15:10 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2024-0206

A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn't normally have permission to. After a scan, the Engine would follow the links and remove the files

Published: January 09, 2024; 9:15:46 AM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-47145

IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.

Published: January 07, 2024; 2:15:08 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-47039

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.

Published: January 02, 2024; 1:15:13 AM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-45702

An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts..

Published: December 28, 2023; 3:15:35 AM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2021-38927

IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322.

Published: December 24, 2023; 10:15:07 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-7047

Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources.

Published: December 21, 2023; 10:15:14 AM -0500
V3.1: 4.4 MEDIUM
V2.0:(not available)
CVE-2023-29487

An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module.

Published: December 20, 2023; 8:15:32 PM -0500
V3.1: 9.1 CRITICAL
V2.0:(not available)
CVE-2023-29486

An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component.

Published: December 20, 2023; 8:15:32 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-29485

An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module.

Published: December 20, 2023; 8:15:32 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-47707

IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271522.

Published: December 19, 2023; 9:15:44 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-47705

IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. IBM X-Force ID: 271228.

Published: December 19, 2023; 9:15:44 PM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-47703

IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 271197.

Published: December 19, 2023; 9:15:44 PM -0500
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-47702

IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view modify files on the system. IBM X-Force ID: 271196.

Published: December 19, 2023; 9:15:43 PM -0500
V3.1: 9.1 CRITICAL
V2.0:(not available)
CVE-2023-47706

IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X-Force ID: 271341.

Published: December 19, 2023; 8:15:07 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-47704

IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220.

Published: December 19, 2023; 8:15:07 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-46804

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).

Published: December 19, 2023; 11:15:12 AM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-46803

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).

Published: December 19, 2023; 11:15:11 AM -0500
V3.1: 7.5 HIGH
V2.0:(not available)