Lucene search

K

Email And Server Security Security Vulnerabilities

cve
cve

CVE-2024-23764

Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 and...

6.7CVSS

6.5AI Score

0.0004EPSS

2024-02-08 07:15 PM
12
cve
cve

CVE-2023-49321

Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17...

5.3CVSS

5.2AI Score

0.0005EPSS

2023-11-27 12:15 AM
11
cve
cve

CVE-2023-49322

Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17...

7.5CVSS

7.4AI Score

0.0005EPSS

2023-11-27 12:15 AM
14
cve
cve

CVE-2023-47172

Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, and WithSecure Elements Endpoint Protection 17 and...

7.8CVSS

7.5AI Score

0.0004EPSS

2023-11-20 09:15 PM
8
cve
cve

CVE-2023-47263

Certain WithSecure products allow a Denial of Service (DoS) in the antivirus engine when scanning a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure....

7.5CVSS

7.4AI Score

0.0005EPSS

2023-11-16 03:15 AM
15
cve
cve

CVE-2023-47264

Certain WithSecure products have a buffer over-read whereby processing certain fuzz file types may cause a denial of service (DoS). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and...

7.5CVSS

7.5AI Score

0.0005EPSS

2023-11-16 03:15 AM
9
cve
cve

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...

7.5CVSS

8AI Score

0.732EPSS

2023-10-10 02:15 PM
2905
In Wild
cve
cve

CVE-2023-43766

Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for.....

7.8CVSS

7.8AI Score

0.0004EPSS

2023-09-22 05:15 AM
19
cve
cve

CVE-2023-43767

Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac...

7.5CVSS

7.5AI Score

0.0005EPSS

2023-09-22 05:15 AM
19
cve
cve

CVE-2023-43761

Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements.....

7.5CVSS

7.5AI Score

0.0005EPSS

2023-09-22 05:15 AM
13
cve
cve

CVE-2023-43760

Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure...

7.5CVSS

7.4AI Score

0.0005EPSS

2023-09-22 05:15 AM
20
cve
cve

CVE-2023-43765

Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure...

7.5CVSS

7.5AI Score

0.0005EPSS

2023-09-22 05:15 AM
18
cve
cve

CVE-2023-42525

Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security...

7.5CVSS

7.4AI Score

0.0005EPSS

2023-09-18 07:15 AM
12
cve
cve

CVE-2023-42524

Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security...

7.5CVSS

7.4AI Score

0.0005EPSS

2023-09-18 07:15 AM
12
cve
cve

CVE-2023-42521

Certain WithSecure products allow a remote crash of a scanning engine via processing of a compressed file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client...

7.5CVSS

7.5AI Score

0.0005EPSS

2023-09-18 07:15 AM
15
cve
cve

CVE-2023-42522

Certain WithSecure products allow a remote crash of a scanning engine via processing of an import struct in a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later,...

7.5CVSS

7.4AI Score

0.0005EPSS

2023-09-18 07:15 AM
13
cve
cve

CVE-2023-42523

Certain WithSecure products allow a remote crash of a scanning engine via unpacking of a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for....

7.5CVSS

7.5AI Score

0.0005EPSS

2023-09-18 07:15 AM
14
cve
cve

CVE-2023-42526

Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client....

7.5CVSS

7.5AI Score

0.0005EPSS

2023-09-18 06:15 AM
15
cve
cve

CVE-2023-42520

Certain WithSecure products allow a remote crash of a scanning engine via unpacking of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client...

7.5CVSS

7.5AI Score

0.0005EPSS

2023-09-18 06:15 AM
13
cve
cve

CVE-2012-4581

McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions...

6.9AI Score

0.004EPSS

2022-10-03 04:15 PM
17
cve
cve

CVE-2013-7369

SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server Security and F-Secure...

8.7AI Score

0.001EPSS

2022-10-03 04:14 PM
17
cve
cve

CVE-2022-20664

A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access...

7.7CVSS

7.5AI Score

0.001EPSS

2022-06-15 06:15 PM
97
6
cve
cve

CVE-2021-44750

An arbitrary code execution vulnerability was found in the F-Secure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any...

7.3CVSS

7.5AI Score

0.0004EPSS

2022-03-10 05:44 PM
35
cve
cve

CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue...

5.9CVSS

7.5AI Score

0.966EPSS

2021-12-18 12:15 PM
752
In Wild
4
cve
cve

CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message....

10CVSS

9.8AI Score

0.976EPSS

2021-12-10 10:15 AM
3635
In Wild
399
cve
cve

CVE-2021-3450

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as...

7.4CVSS

7.4AI Score

0.002EPSS

2021-03-25 03:15 PM
445
73
cve
cve

CVE-2020-9342

The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and Internet...

5.5CVSS

5.5AI Score

0.001EPSS

2020-02-22 11:15 PM
86
cve
cve

CVE-2016-5309

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for...

5.5CVSS

5.1AI Score

0.004EPSS

2017-04-14 06:59 PM
31
20
cve
cve

CVE-2016-5310

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for...

5.5CVSS

5.1AI Score

0.006EPSS

2017-04-14 06:59 PM
26
16
cve
cve

CVE-2016-1411

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More...

5.9CVSS

5.8AI Score

0.001EPSS

2016-12-14 12:59 AM
25
cve
cve

CVE-2016-4025

Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email...

5.5CVSS

5.2AI Score

0.0004EPSS

2016-11-03 10:59 AM
16
cve
cve

CVE-2009-1348

The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an...

6.7AI Score

0.007EPSS

2009-04-30 08:30 PM
24