Total
8212 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29312 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2023-07-19 | N/A | 5.5 MEDIUM |
| Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-24491 | 2 Citrix, Microsoft | 2 Secure Access Client, Windows | 2023-07-19 | N/A | 7.8 HIGH |
| A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM. | |||||
| CVE-2023-29315 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2023-07-19 | N/A | 5.5 MEDIUM |
| Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-29316 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2023-07-19 | N/A | 5.5 MEDIUM |
| Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-29318 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2023-07-19 | N/A | 5.5 MEDIUM |
| Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-29317 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2023-07-19 | N/A | 5.5 MEDIUM |
| Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-29319 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2023-07-19 | N/A | 5.5 MEDIUM |
| Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-36868 | 1 Microsoft | 2 Azure Service Fabric, Windows | 2023-07-19 | N/A | 6.5 MEDIUM |
| Azure Service Fabric on Windows Information Disclosure Vulnerability | |||||
| CVE-2023-25523 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2023-07-10 | N/A | 3.3 LOW |
| NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service. | |||||
| CVE-2022-41261 | 2 Microsoft, Sap | 2 Windows, Solution Manager | 2023-07-10 | N/A | 5.5 MEDIUM |
| SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized. | |||||
| CVE-2023-28929 | 2 Microsoft, Trendmicro | 13 Windows, Antivirus\+ Security 2021, Antivirus\+ Security 2022 and 10 more | 2023-07-07 | N/A | 7.8 HIGH |
| Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started. | |||||
| CVE-2023-25515 | 2 Microsoft, Nvidia | 10 Windows, Cloud Gaming, Geforce and 7 more | 2023-07-04 | N/A | 7.6 HIGH |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure. | |||||
| CVE-2022-23714 | 2 Elastic, Microsoft | 2 Endpoint Security, Windows | 2023-07-03 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | |||||
| CVE-2023-28071 | 2 Dell, Microsoft | 4 Alienware Update, Command Update, Update and 1 more | 2023-06-30 | N/A | 7.1 HIGH |
| Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS). | |||||
| CVE-2023-28065 | 2 Dell, Microsoft | 4 Alienware Update, Command Update, Update and 1 more | 2023-06-30 | N/A | 7.3 HIGH |
| Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation. | |||||
| CVE-2023-32556 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-06-30 | N/A | 5.5 MEDIUM |
| A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2023-32555 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-06-30 | N/A | 7.0 HIGH |
| A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32554. | |||||
| CVE-2023-32557 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-06-30 | N/A | 9.8 CRITICAL |
| A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges. | |||||
| CVE-2023-34144 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-06-30 | N/A | 7.8 HIGH |
| An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34145. | |||||
| CVE-2023-34145 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-06-30 | N/A | 7.8 HIGH |
| An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34144. | |||||