Lucene search

K

Windows Kernel Security Vulnerabilities

cve
cve

CVE-2022-34707

Windows Kernel Elevation of Privilege...

7.8CVSS

8.4AI Score

0.001EPSS

2022-08-09 08:15 PM
128
5
cve
cve

CVE-2022-30197

Windows Kernel Information Disclosure...

5.5CVSS

6.8AI Score

0.0004EPSS

2022-08-09 08:15 PM
110
2
cve
cve

CVE-2022-31656

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to...

9.8CVSS

9.1AI Score

0.641EPSS

2022-08-05 04:15 PM
264
11
cve
cve

CVE-2022-31665

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code...

7.2CVSS

8.5AI Score

0.002EPSS

2022-08-05 04:15 PM
117
4
cve
cve

CVE-2022-31661

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to...

7.8CVSS

8.7AI Score

0.0004EPSS

2022-08-05 04:15 PM
87
4
cve
cve

CVE-2022-31658

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code...

7.2CVSS

8.5AI Score

0.002EPSS

2022-08-05 04:15 PM
126
4
cve
cve

CVE-2022-31664

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to...

7.8CVSS

8.7AI Score

0.0004EPSS

2022-08-05 04:15 PM
96
4
cve
cve

CVE-2022-31662

VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary...

7.5CVSS

8.4AI Score

0.001EPSS

2022-08-05 04:15 PM
52
3
cve
cve

CVE-2022-31660

VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to...

7.8CVSS

8.6AI Score

0.001EPSS

2022-08-05 04:15 PM
59
4
cve
cve

CVE-2022-31659

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code...

7.2CVSS

8.5AI Score

0.002EPSS

2022-08-05 04:15 PM
132
4
cve
cve

CVE-2022-31657

VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary...

9.8CVSS

9.2AI Score

0.002EPSS

2022-08-05 04:15 PM
55
3
cve
cve

CVE-2022-31663

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's...

6.1CVSS

7.1AI Score

0.001EPSS

2022-08-05 04:15 PM
71
5
cve
cve

CVE-2022-30532

In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus...

5.3CVSS

5.3AI Score

0.001EPSS

2022-07-19 07:15 AM
32
6
cve
cve

CVE-2022-22473

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID:...

5.3CVSS

5.1AI Score

0.001EPSS

2022-07-14 05:15 PM
55
2
cve
cve

CVE-2021-39015

IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted.....

5.4CVSS

5.2AI Score

0.001EPSS

2022-07-14 05:15 PM
43
2
cve
cve

CVE-2021-39018

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID:...

4.3CVSS

4.5AI Score

0.001EPSS

2022-07-14 05:15 PM
36
3
cve
cve

CVE-2021-39019

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID:...

6.5CVSS

6AI Score

0.001EPSS

2022-07-14 05:15 PM
18
4
cve
cve

CVE-2021-39017

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID:...

6.5CVSS

6.3AI Score

0.001EPSS

2022-07-14 05:15 PM
38
2
cve
cve

CVE-2021-39016

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID:...

4.3CVSS

4.5AI Score

0.001EPSS

2022-07-14 05:15 PM
40
2
cve
cve

CVE-2021-39028

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site.....

5.4CVSS

5.2AI Score

0.001EPSS

2022-07-14 05:15 PM
34
4
cve
cve

CVE-2022-22477

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

6.1CVSS

5.8AI Score

0.001EPSS

2022-07-14 05:15 PM
39
4
cve
cve

CVE-2022-21845

Windows Kernel Information Disclosure...

4.7CVSS

5.2AI Score

0.001EPSS

2022-07-12 11:15 PM
133
9
cve
cve

CVE-2022-22373

An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces. IBM X-Force ID:...

5.4CVSS

5.2AI Score

0.001EPSS

2022-07-01 06:15 PM
54
9
cve
cve

CVE-2022-22478

IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID:...

5.5CVSS

5AI Score

0.0004EPSS

2022-06-30 05:15 PM
58
6
cve
cve

CVE-2022-22496

While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID:...

6.5CVSS

6.2AI Score

0.001EPSS

2022-06-30 05:15 PM
54
5
cve
cve

CVE-2022-22487

An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain...

9.8CVSS

9.1AI Score

0.002EPSS

2022-06-30 05:15 PM
52
5
cve
cve

CVE-2022-22494

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID:...

5.3CVSS

5.2AI Score

0.001EPSS

2022-06-30 05:15 PM
43
6
cve
cve

CVE-2021-38954

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could disclose sensitive version information that could aid in future attacks against the system. IBM X-Force ID:...

4.3CVSS

4.2AI Score

0.001EPSS

2022-06-30 05:15 PM
36
4
cve
cve

CVE-2021-38871

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

5.4CVSS

5.2AI Score

0.001EPSS

2022-06-24 05:15 PM
33
8
cve
cve

CVE-2021-29865

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch...

5.4CVSS

5.4AI Score

0.001EPSS

2022-06-24 05:15 PM
30
7
cve
cve

CVE-2021-20543

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID:...

5.4CVSS

5.6AI Score

0.001EPSS

2022-06-24 05:15 PM
38
3
cve
cve

CVE-2021-20544

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID:...

4.3CVSS

4.4AI Score

0.001EPSS

2022-06-24 05:15 PM
38
4
cve
cve

CVE-2021-42056

Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high...

6.7CVSS

6.7AI Score

0.0004EPSS

2022-06-24 05:15 PM
44
8
cve
cve

CVE-2021-20551

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID:...

3.3CVSS

3.4AI Score

0.0004EPSS

2022-06-24 05:15 PM
30
7
cve
cve

CVE-2022-22389

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID:...

6.5CVSS

6.4AI Score

0.001EPSS

2022-06-24 05:15 PM
82
6
cve
cve

CVE-2021-38879

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID:...

5.3CVSS

4.9AI Score

0.001EPSS

2022-06-24 05:15 PM
33
9
cve
cve

CVE-2022-22390

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID:...

7.5CVSS

7AI Score

0.001EPSS

2022-06-24 05:15 PM
98
6
cve
cve

CVE-2021-20355

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID:...

5.3CVSS

4.9AI Score

0.001EPSS

2022-06-24 05:15 PM
39
3
cve
cve

CVE-2021-20421

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other...

4.3CVSS

4.5AI Score

0.001EPSS

2022-06-24 05:15 PM
31
4
cve
cve

CVE-2022-22317

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID:...

9.8CVSS

8.8AI Score

0.001EPSS

2022-06-20 05:15 PM
47
7
cve
cve

CVE-2022-22318

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the...

9.8CVSS

9.2AI Score

0.001EPSS

2022-06-20 05:15 PM
48
7
cve
cve

CVE-2022-22485

In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force...

9.8CVSS

9AI Score

0.002EPSS

2022-06-17 04:15 PM
45
5
cve
cve

CVE-2022-30162

Windows Kernel Information Disclosure...

5.5CVSS

6.8AI Score

0.001EPSS

2022-06-15 10:15 PM
97
6
cve
cve

CVE-2022-30155

Windows Kernel Denial of Service...

5.5CVSS

6.5AI Score

0.001EPSS

2022-06-15 10:15 PM
77
4
cve
cve

CVE-2022-32230

Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most....

7.5CVSS

8.2AI Score

0.002EPSS

2022-06-14 10:15 PM
274
6
cve
cve

CVE-2022-2013

In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private...

7.5CVSS

7.5AI Score

0.002EPSS

2022-06-13 12:15 AM
27
7
cve
cve

CVE-2022-30703

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege...

7.8CVSS

7.4AI Score

0.001EPSS

2022-06-09 09:15 PM
38
4
cve
cve

CVE-2022-30990

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build...

7.5CVSS

7.2AI Score

0.002EPSS

2022-05-18 08:15 PM
48
7
cve
cve

CVE-2022-30993

Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build...

7.5CVSS

7.5AI Score

0.002EPSS

2022-05-18 08:15 PM
34
4
cve
cve

CVE-2022-30991

HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build...

6.1CVSS

6.4AI Score

0.001EPSS

2022-05-18 08:15 PM
42
4
Total number of security vulnerabilities2875