Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
7521 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-3279 | 3 Microsoft, Netapp, Oracle | 7 Windows, Oncommand Insight, Oncommand Unified Manager and 4 more | 2024-10-02 | 4.9 Medium |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
CVE-2018-3280 | 3 Microsoft, Netapp, Oracle | 7 Windows, Oncommand Insight, Oncommand Unified Manager and 4 more | 2024-10-02 | 4.9 Medium |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: JSON). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
CVE-2018-3283 | 5 Canonical, Microsoft, Netapp and 2 more | 9 Ubuntu Linux, Windows, Oncommand Insight and 6 more | 2024-10-02 | N/A |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Logging). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
CVE-2018-3285 | 3 Microsoft, Netapp, Oracle | 7 Windows, Oncommand Insight, Oncommand Unified Manager and 4 more | 2024-10-02 | 4.9 Medium |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Windows). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
CVE-2018-3286 | 3 Microsoft, Netapp, Oracle | 7 Windows, Oncommand Insight, Oncommand Unified Manager and 4 more | 2024-10-02 | 4.3 Medium |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). | ||||
CVE-2023-1409 | 3 Apple, Microsoft, Mongodb | 3 Macos, Windows, Mongodb | 2024-10-02 | 5.3 Medium |
If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that client certificate validation may not be in effect, potentially allowing client to establish a TLS connection with the server that supplies any certificate. This issue affect all MongoDB Server v6.3 versions, MongoDB Server v5.0 versions v5.0.0 to v5.0.14 and all MongoDB Server v4.4 versions. | ||||
CVE-2023-26512 | 4 Apache, Apple, Linux and 1 more | 4 Eventmesh, Macos, Linux Kernel and 1 more | 2024-10-02 | 9.8 Critical |
CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, we will release the new version as soon as possible. | ||||
CVE-2019-2502 | 4 Microsoft, Netapp, Oracle and 1 more | 8 Windows, Oncommand Insight, Oncommand Unified Manager and 5 more | 2024-10-02 | 4.9 Medium |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
CVE-2023-40370 | 3 Ibm, Microsoft, Redhat | 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more | 2024-10-02 | 3.7 Low |
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470. | ||||
CVE-2024-8996 | 2 Grafana, Microsoft | 3 Agent, Agent Flow Windows, Windows | 2024-10-01 | 7.3 High |
Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2 | ||||
CVE-2023-2737 | 2 Microsoft, Thalesgroup | 2 Windows, Safenet Authentication Service | 2024-10-01 | 5.7 Medium |
Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation. | ||||
CVE-2022-46868 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2024-10-01 | 7.8 High |
Local privilege escalation during recovery due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173. | ||||
CVE-2023-41743 | 2 Acronis, Microsoft | 4 Agent, Cyber Protect, Cyber Protect Home Office and 1 more | 2024-10-01 | 7.8 High |
Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979. | ||||
CVE-2023-31173 | 3 Microsoft, Schweitzer Engineering Laboratories, Selinc | 3 Windows, Sel-5033 Acselerator Rtac Software, Sel-5037 Sel Grid Configurator | 2024-10-01 | 7.7 High |
Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | ||||
CVE-2023-34391 | 3 Microsoft, Schweitzer Engineering Laboratories, Selinc | 3 Windows, Sel-5033 Acselerator Rtac Software, Sel-5033 Acselerator Real-time Automation Controller | 2024-10-01 | 7.4 High |
Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more details. This issue affects SEL-5033 AcSELerator RTAC Software: before 1.35.151.21000. | ||||
CVE-2023-41746 | 2 Acronis, Microsoft | 2 Cloud Manager, Windows | 2024-10-01 | 9.8 Critical |
Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | ||||
CVE-2023-41748 | 2 Acronis, Microsoft | 2 Cloud Manager, Windows | 2024-10-01 | 9.8 Critical |
Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | ||||
CVE-2022-46869 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2024-10-01 | 7.8 High |
Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278. | ||||
CVE-2023-41751 | 2 Acronis, Microsoft | 2 Agent, Windows | 2024-10-01 | 5.5 Medium |
Sensitive information disclosure due to improper token expiration validation. The following products are affected: Acronis Agent (Windows) before build 32047. | ||||
CVE-2023-38732 | 3 Ibm, Microsoft, Redhat | 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more | 2024-10-01 | 4.3 Medium |
IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289. |