CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27357
https://notcve.org/view.php?id=CVE-2024-27357
26 Jul 2024 — An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Local Privilege Escalation can occur during installations or updates by admins. • https://www.withsecure.com/en/support/security-advisories/cve-2024-27357 • CWE-269: Improper Privilege Management •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4454 – WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-4454
22 May 2024 — WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. • https://www.zerodayinitiative.com/advisories/ZDI-24-491 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27359
https://notcve.org/view.php?id=CVE-2024-27359
25 Feb 2024 — Certain WithSecure products allow a Denial of Service because the engine scanner can go into an infinite loop when processing an archive file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-... • https://www.withsecure.com/en/support/security-advisories/cve-2034-n1 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-23764
https://notcve.org/view.php?id=CVE-2024-23764
08 Feb 2024 — Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 and later. Ciertos productos WithSecure permiten la escalada de privilegios locales. Esto afecta a WithSecure Client Security 15 y posteriores, WithSecure Server Security 15 y posteriores, WithSecure Email and Server Security 15 y posteriores, y WithSecure ... • https://www.withsecure.com/en/support/security-advisories • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-47172
https://notcve.org/view.php?id=CVE-2023-47172
20 Nov 2023 — Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, and WithSecure Elements Endpoint Protection 17 and later. Ciertos productos WithSecure permiten la escalada de privilegios locales. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15 y WithSecure Elements Endpoint Protection 17 y posteriores. • https://www.withsecure.com/en/support/security-advisories/cve-2023-47172 •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-47263
https://notcve.org/view.php?id=CVE-2023-47263
16 Nov 2023 — Certain WithSecure products allow a Denial of Service (DoS) in the antivirus engine when scanning a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 an... • https://www.withsecure.com/en/support/security-advisories/cve-2023-47263 •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2023-47264
https://notcve.org/view.php?id=CVE-2023-47264
16 Nov 2023 — Certain WithSecure products have a buffer over-read whereby processing certain fuzz file types may cause a denial of service (DoS). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure... • https://www.withsecure.com/en/support/security-advisories/cve-2023-47264 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2023-43762
https://notcve.org/view.php?id=CVE-2023-43762
22 Sep 2023 — Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15. Ciertos productos WithSecure permiten la Ejecución Remota de Código No Autenticado a través del servidor web (backend). Esto afecta a WithSecure Policy Manager 15 y Policy Manager Proxy 15. • https://www.withsecure.com/en/support/security-advisories •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43763
https://notcve.org/view.php?id=CVE-2023-43763
22 Sep 2023 — Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. This affects WithSecure Policy Manager 15 on Windows and Linux. Ciertos productos WithSecure permiten XSS a través de un parámetro no validado en endpoint. Esto afecta a WithSecure Policy Manager 15 en Windows y Linux. • https://www.withsecure.com/en/support/security-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-42520
https://notcve.org/view.php?id=CVE-2023-42520
18 Sep 2023 — Certain WithSecure products allow a remote crash of a scanning engine via unpacking of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. Ciertos productos WithSecur... • https://www.withsecure.com/en/support/security-advisories • CWE-400: Uncontrolled Resource Consumption •