1850 matches found
CVE-2023-49322
Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 a...
WithSecure products Security breaches
WithSecure products are a range of security software from the Finnish company WithSecure. A security vulnerability exists in some WithSecure products. An attacker could exploit the vulnerability to cause a denial of service on the system. The following products and versions are affected: WithSecu...
CVE-2023-49321
Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 a...
PT-2023-31167 · Withsecure · Withsecure Linux Protection +7
Name of the Vulnerable Software and Affected Versions: WithSecure Client Security version 15 WithSecure Server Security version 15 WithSecure Email and Server Security version 15 WithSecure Elements Endpoint Protection versions 17 and later WithSecure Client Security for Mac version 15 WithSecure...
PT-2023-30775 · Unknown · Capsule-Proxy
Name of the Vulnerable Software and Affected Versions: capsule-proxy versions prior to 0.4.6 Description: The issue is a privilege escalation vulnerability based on a missing check if the user is authenticated based on the TokenReview result. This affects clusters running with the anonymous-auth...
Directory traversal
The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 7.4.2 via the maybeserveexport function. This makes it possible for authenticated attackers, with administrator or LMS manager access and above, to read t...
CVE-2023-47172
Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, and WithSecure Elements Endpoint Protection 17 and later...
Privilege escalation
Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, and WithSecure Elements Endpoint Protection 17 and later...
WithSecure products Security breaches
WithSecure products is a line of security software from the Finnish company WithSecure. A security vulnerability exists in WithSecure products that originates from a local elevation of privilege that allows an attacker with administrator privileges to corrupt kernel memory. Affected products and...
PT-2023-30341 · Withsecure · Withsecure Elements Endpoint Protection +3
Name of the Vulnerable Software and Affected Versions: WithSecure Client Security versions 15 WithSecure Server Security versions 15 WithSecure Email and Server Security versions 15 WithSecure Elements Endpoint Protection versions 17 and later Description: The issue allows for Local Privilege...
CVE-2023-47172
CVE-2023-47172 affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, and WithSecure Elements Endpoint Protection 17+. Described as a Local Privilege Escalation vulnerability. According to NVD, attack vector is LOCAL, complexity LOW, privile...
Design/Logic Flaw
An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature...
CVE-2023-6038
CVE-2023-6038 describes a Local File Inclusion in the h2o-3 REST API (ImportFiles and ParseSetup endpoints). An unauthenticated attacker can read arbitrary files on the server with the h2o-3 process’s user permissions. Affected version identified in sources is 3.40.0.4. The issue is severity high...
CVE-2023-6016
CVE-2023-6016 affects H2O Dashboard via POJO model import, enabling remote code execution on a server hosting the dashboard. The vulnerability is described as a high-severity, network-exploitable issue with no user interaction required, per the NVD metrics (CVSSv3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I...
CVE-2023-47264
Certain WithSecure products have a buffer over-read whereby processing certain fuzz file types may cause a denial of service DoS. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and late...
CVE-2023-47263
Certain WithSecure products allow a Denial of Service DoS in the antivirus engine when scanning a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure...
CVE-2023-47263
Certain WithSecure products allow a Denial of Service DoS in the antivirus engine when scanning a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure...
CVE-2023-47264
Certain WithSecure products have a buffer over-read whereby processing certain fuzz file types may cause a denial of service DoS. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and late...
PT-2023-30399 · Withsecure · Withsecure Linux Protection +7
Name of the Vulnerable Software and Affected Versions: WithSecure Client Security version 15 WithSecure Server Security version 15 WithSecure Email and Server Security version 15 WithSecure Elements Endpoint Protection versions 17 and later WithSecure Client Security for Mac version 15 WithSecure...
Remote code execution
An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server...