CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2023-43761
https://notcve.org/view.php?id=CVE-2023-43761
Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. Ciertos productos WithSecure permiten la Denegación de Servicio (bucle infinito). Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1. • https://www.withsecure.com/en/support/security-advisories https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn5 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2023-43765
https://notcve.org/view.php?id=CVE-2023-43765
Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. Ciertos productos WithSecure permiten la Denegación de Servicio en el componente aeelf. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1. • https://www.withsecure.com/en/support/security-advisories https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn2 •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2023-43767
https://notcve.org/view.php?id=CVE-2023-43767
Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. Ciertos productos WithSecure permiten la Denegación de Servicio a través del controlador de descompresión del archivo aepack. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1. • https://www.withsecure.com/en/support/security-advisories https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn3 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5042
https://notcve.org/view.php?id=CVE-2023-5042
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713. Divulgación de información sensible debido a permisos de carpetas inseguros. Los siguientes productos se ven afectados: Acronis Cyber ??Protect Home Office (Windows) anterior a la compilación 40713. • https://security-advisory.acronis.com/advisories/SEC-5330 • CWE-276: Incorrect Default Permissions •
CVSS: 7.2EPSS: 1%CPEs: 5EXPL: 0CVE-2023-41179 – Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41179
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. Una vulnerabilidad en el módulo de desinstalación AV de terceros contenido en Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security y Worry-Free Business Security Services podría permitir a un atacante manipular el módulo para ejecutar comandos arbitrarios afectando la instalación. Tenga en cuenta que un atacante primero debe obtener acceso a la consola administrativa en el sistema de destino para poder aprovechar esta vulnerabilidad. Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the module to conduct remote code execution. An attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. • https://jvn.jp/en/vu/JVNVU90967486 https://success.trendmicro.com/jp/solution/000294706 https://success.trendmicro.com/solution/000294994 • CWE-94: Improper Control of Generation of Code ('Code Injection') •