Filtered by vendor Microsoft Subscriptions
Filtered by product Windows Subscriptions
Total 7521 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-46869 2 Acronis, Microsoft 2 Cyber Protect Home Office, Windows 2024-10-01 7.8 High
Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278.
CVE-2023-41751 2 Acronis, Microsoft 2 Agent, Windows 2024-10-01 5.5 Medium
Sensitive information disclosure due to improper token expiration validation. The following products are affected: Acronis Agent (Windows) before build 32047.
CVE-2023-38732 3 Ibm, Microsoft, Redhat 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more 2024-10-01 4.3 Medium
IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.
CVE-2023-38733 3 Ibm, Microsoft, Redhat 3 Robotic Process Automation, Windows, Openshift 2024-10-01 4.3 Medium
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293.
CVE-2023-4593 2 Microsoft, Seattlelab 2 Windows, Slmail 2024-10-01 6.5 Medium
Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the 'dodoc' parameter in the /MailAdmin_dll.htm file.
CVE-2023-40185 2 Microsoft, Shescape Project 2 Windows, Shescape 2024-09-30 6.5 Medium
shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4.
CVE-2023-1995 6 Hitachi, Hp, Ibm and 3 more 8 Hirdb Server, Hirdb Server With Additional Function, Hirdb Structured Data Access Facility and 5 more 2024-09-30 5.3 Medium
Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 09-66-17, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W , before 09-66-/Q ; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.
CVE-2022-43845 3 Ibm, Linux, Microsoft 3 Aspera Console, Linux Kernel, Windows 2024-09-30 3.7 Low
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.
CVE-2021-38963 3 Ibm, Linux, Microsoft 3 Aspera Console, Linux Kernel, Windows 2024-09-30 8 High
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-31167 2 Microsoft, Selinc 2 Windows, Sel-5036 Acselerator Bay Screen Builder 2024-09-27 5 Medium
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows Relative Path Traversal. SEL acSELerator Bay Screen Builder software is distributed by SEL-5033 SEL acSELerator RTAC, SEL-5030 Quickset, and SEL Compass. CVE-2023-31167 and was patched in the acSELerator Bay Screen Builder release available on 20230602. Please contact SEL for additional details. This issue affects SEL-5036 acSELerator Bay Screen Builder Software: before 1.0.49152.778.
CVE-2023-41742 4 Acronis, Apple, Linux and 1 more 5 Agent, Cyber Protect, Macos and 2 more 2024-09-27 7.5 High
Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.
CVE-2023-41745 4 Acronis, Apple, Linux and 1 more 5 Agent, Cyber Protect, Macos and 2 more 2024-09-27 5.5 Medium
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.
CVE-2023-47152 3 Ibm, Linux, Microsoft 5 Aix, Db2, Linux On Ibm Z and 2 more 2024-09-27 5.9 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions.
CVE-2023-28956 2 Ibm, Microsoft 2 Spectrum Protect Backup-archive Client, Windows 2024-09-27 8.4 High
IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls.
CVE-2023-41747 2 Acronis, Microsoft 2 Cloud Manager, Windows 2024-09-26 6.5 Medium
Sensitive information disclosure due to unauthenticated path traversal. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203.
CVE-2023-32162 2 Microsoft, Wacom 3 Windows, Driver, Drivers For Windows 2024-09-26 7.8 High
Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the WacomInstallI.txt file by the PrefUtil.exe utility. The issue results from incorrect permissions on the WacomInstallI.txt file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16318.
CVE-2023-41749 2 Acronis, Microsoft 3 Agent, Cyber Protect, Windows 2024-09-26 7.5 High
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 32047, Acronis Cyber Protect 15 (Windows) before build 35979.
CVE-2023-32163 2 Microsoft, Wacom 3 Windows, Driver, Drivers For Windows 2024-09-26 7.8 High
Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tablet Service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16857.
CVE-2023-41750 4 Acronis, Apple, Linux and 1 more 4 Agent, Macos, Linux Kernel and 1 more 2024-09-26 5.5 Medium
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 32047.
CVE-2023-4688 4 Acronis, Apple, Linux and 1 more 4 Agent, Macos, Linux Kernel and 1 more 2024-09-26 5.5 Medium
Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35433.