Export limit exceeded: 23403 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23403 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6006 | 2 Microsoft, Papercut | 3 Windows, Papercut Mf, Papercut Ng | 2025-01-08 | 7.8 High |
| This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must have local write access to the C Drive. In addition, Print Archiving must be enabled or the attacker needs to encounter a misconfigured system. This vulnerability does not apply to PaperCut NG installs that have Print Archiving enabled and configured as per the recommended set up procedure. This specific flaw exists within the pc-pdl-to-image process. The process loads an executable from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM Note: This CVE has been rescored with a "Privileges Required (PR)" rating of low, and “Attack Complexity (AC)” rating of low, reflecting the worst-case scenario where an Administrator has granted local login access to standard network users on the host server. | ||||
| CVE-2024-25693 | 3 Esri, Linux, Microsoft | 3 Portal For Arcgis, Linux Kernel, Windows | 2025-01-08 | 9.9 Critical |
| There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. Successful exploitation may allow a remote, authenticated attacker to traverse the file system to access files or execute code outside of the intended directory. | ||||
| CVE-2023-41718 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | 7.8 High |
| When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. | ||||
| CVE-2023-38543 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | 7.8 High |
| A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine. | ||||
| CVE-2023-35080 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | 7.8 High |
| A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure. | ||||
| CVE-2022-31693 | 2 Microsoft, Vmware | 2 Windows, Tools | 2025-01-07 | 5.5 Medium |
| VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS. | ||||
| CVE-2024-37980 | 1 Microsoft | 5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more | 2025-01-07 | 8.8 High |
| Microsoft SQL Server Elevation of Privilege Vulnerability | ||||
| CVE-2024-43474 | 1 Microsoft | 3 Sql Server, Sql Server 2017, Sql Server 2019 | 2025-01-07 | 7.6 High |
| Microsoft SQL Server Information Disclosure Vulnerability | ||||
| CVE-2024-45073 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Websphere Application Server and 4 more | 2025-01-07 | 4.8 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2023-34367 | 1 Microsoft | 1 Windows 7 | 2025-01-06 | 6.5 Medium |
| Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in Windows 7 (any Windows until Windows 8) and in any implementation of TCP/IP, which is vulnerable to the Idle scan attack (including many IoT devices). NOTE: The vendor considers this a low severity issue. | ||||
| CVE-2019-16283 | 2 Hp, Microsoft | 2 Softpaq Installer, Windows | 2025-01-06 | 7.8 High |
| A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution. | ||||
| CVE-2024-12108 | 2 Microsoft, Progress | 2 Windows, Whatsup Gold | 2025-01-06 | 9.6 Critical |
| In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API. | ||||
| CVE-2022-41083 | 1 Microsoft | 1 Jupyter | 2025-01-02 | 7.8 High |
| Visual Studio Code Elevation of Privilege Vulnerability | ||||
| CVE-2022-41081 | 1 Microsoft | 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more | 2025-01-02 | 8.1 High |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | ||||
| CVE-2022-41064 | 1 Microsoft | 13 .net, .net Framework, Nuget and 10 more | 2025-01-02 | 5.8 Medium |
| .NET Framework Information Disclosure Vulnerability | ||||
| CVE-2022-41043 | 1 Microsoft | 2 Office, Office Long Term Servicing Channel | 2025-01-02 | 3.3 Low |
| Microsoft Office Information Disclosure Vulnerability | ||||
| CVE-2022-41042 | 1 Microsoft | 1 Visual Studio Code | 2025-01-02 | 7.4 High |
| Visual Studio Code Information Disclosure Vulnerability | ||||
| CVE-2022-41038 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-01-02 | 8.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2022-41037 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-01-02 | 8.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2022-41036 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-01-02 | 8.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||