Lucene search

K

Windows Kernel Security Vulnerabilities

cve
cve

CVE-2022-30994

Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build...

7.5CVSS

7.5AI Score

0.002EPSS

2022-05-18 08:15 PM
37
4
cve
cve

CVE-2022-30992

Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build...

6.1CVSS

6.3AI Score

0.001EPSS

2022-05-18 08:15 PM
38
4
cve
cve

CVE-2022-28188

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely.....

5.5CVSS

6.3AI Score

0.0004EPSS

2022-05-17 08:15 PM
53
2
cve
cve

CVE-2022-28185

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data...

7.1CVSS

7.7AI Score

0.0004EPSS

2022-05-17 08:15 PM
50
3
cve
cve

CVE-2022-28186

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely.....

6.1CVSS

6.7AI Score

0.0004EPSS

2022-05-17 08:15 PM
45
4
cve
cve

CVE-2022-28181

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges,...

9.9CVSS

9AI Score

0.002EPSS

2022-05-17 08:15 PM
84
3
cve
cve

CVE-2022-22484

IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this...

5.5CVSS

5.2AI Score

0.0004EPSS

2022-05-17 04:15 PM
54
5
cve
cve

CVE-2022-29142

Windows Kernel Elevation of Privilege...

7CVSS

8AI Score

0.0004EPSS

2022-05-10 09:15 PM
175
5
cve
cve

CVE-2022-29133

Windows Kernel Elevation of Privilege...

8.8CVSS

8.1AI Score

0.0004EPSS

2022-05-10 09:15 PM
152
8
cve
cve

CVE-2022-29116

Windows Kernel Information Disclosure...

4.7CVSS

5.4AI Score

0.0004EPSS

2022-05-10 09:15 PM
223
5
cve
cve

CVE-2022-22454

IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted...

7.8CVSS

7.7AI Score

0.0004EPSS

2022-05-10 04:15 PM
50
6
cve
cve

CVE-2022-22368

IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID:...

7.5CVSS

7.2AI Score

0.001EPSS

2022-05-03 07:15 PM
55
2
cve
cve

CVE-2021-39033

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system....

6.5CVSS

6AI Score

0.001EPSS

2022-04-19 05:15 PM
50
cve
cve

CVE-2022-24483

Windows Kernel Information Disclosure...

5.5CVSS

5.9AI Score

0.0004EPSS

2022-04-15 07:15 PM
93
cve
cve

CVE-2022-24308

Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install...

5.5CVSS

5.2AI Score

0.0004EPSS

2022-04-13 01:15 PM
44
cve
cve

CVE-2022-21155

A specially crafted packet sent to the Fernhill SCADA Server Version 3.77 and earlier may cause an exception, causing the server process (FHSvrService.exe) to...

7.5CVSS

7.5AI Score

0.001EPSS

2022-04-12 05:15 PM
24
cve
cve

CVE-2020-4668

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID:...

8.8CVSS

8.3AI Score

0.001EPSS

2022-04-08 04:15 PM
22
cve
cve

CVE-2022-0803

Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML...

6.5CVSS

6.4AI Score

0.001EPSS

2022-04-05 01:15 AM
151
cve
cve

CVE-2022-0799

Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer...

8.8CVSS

8.2AI Score

0.001EPSS

2022-04-05 01:15 AM
232
2
cve
cve

CVE-2022-0802

Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML...

6.5CVSS

6.3AI Score

0.001EPSS

2022-04-05 01:15 AM
176
cve
cve

CVE-2022-0807

Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML...

6.5CVSS

6.5AI Score

0.002EPSS

2022-04-05 01:15 AM
209
cve
cve

CVE-2022-0804

Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML...

6.5CVSS

6.3AI Score

0.001EPSS

2022-04-05 01:15 AM
137
cve
cve

CVE-2022-0806

Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML...

6.5CVSS

6.5AI Score

0.002EPSS

2022-04-05 01:15 AM
178
cve
cve

CVE-2022-0805

Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user...

8.8CVSS

9.1AI Score

0.003EPSS

2022-04-05 01:15 AM
208
cve
cve

CVE-2022-0797

Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML...

8.8CVSS

8.3AI Score

0.002EPSS

2022-04-05 01:15 AM
107
2
cve
cve

CVE-2022-0798

Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome...

8.8CVSS

9AI Score

0.001EPSS

2022-04-05 01:15 AM
62
2
cve
cve

CVE-2022-0791

Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user...

8.8CVSS

9.1AI Score

0.003EPSS

2022-04-05 01:15 AM
126
cve
cve

CVE-2022-0796

Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...

8.8CVSS

9AI Score

0.003EPSS

2022-04-05 01:15 AM
215
2
cve
cve

CVE-2022-21821

NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against the file. Such an attack may lead to remote code...

7.8CVSS

7.9AI Score

0.001EPSS

2022-03-29 08:15 PM
137
cve
cve

CVE-2022-26629

An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker bypass the lock screen...

9.1CVSS

9.1AI Score

0.003EPSS

2022-03-24 04:15 PM
51
cve
cve

CVE-2022-22394

The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the...

8.8CVSS

8.6AI Score

0.002EPSS

2022-03-21 05:15 PM
77
2
cve
cve

CVE-2022-24960

A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on...

7.8CVSS

7.6AI Score

0.001EPSS

2022-03-10 05:46 PM
60
cve
cve

CVE-2022-23298

Windows NT OS Kernel Elevation of Privilege...

7CVSS

7.5AI Score

0.0004EPSS

2022-03-09 05:15 PM
102
cve
cve

CVE-2022-23278

Microsoft Defender for Endpoint Spoofing...

5.9CVSS

6.7AI Score

0.001EPSS

2022-03-09 05:15 PM
174
cve
cve

CVE-2022-25256

SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after...

6.1CVSS

5.9AI Score

0.001EPSS

2022-02-19 01:15 AM
65
cve
cve

CVE-2022-21989

Windows Kernel Elevation of Privilege...

7.8CVSS

8AI Score

0.0004EPSS

2022-02-09 05:15 PM
153
cve
cve

CVE-2022-21815

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system...

5.5CVSS

5.3AI Score

0.0004EPSS

2022-02-07 08:15 PM
49
4
cve
cve

CVE-2022-21817

NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire access tokens allowing them to access resources in other security domains, which may lead to code...

9.3CVSS

9.3AI Score

0.003EPSS

2022-02-02 01:15 PM
125
cve
cve

CVE-2022-22310

IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM X-Force ID:...

6.5CVSS

6.4AI Score

0.001EPSS

2022-01-19 05:15 PM
45
cve
cve

CVE-2022-21912

DirectX Graphics Kernel Remote Code Execution...

7.8CVSS

8.7AI Score

0.007EPSS

2022-01-11 09:15 PM
87
cve
cve

CVE-2022-21918

DirectX Graphics Kernel File Denial of Service...

6.5CVSS

6.8AI Score

0.0004EPSS

2022-01-11 09:15 PM
75
cve
cve

CVE-2022-21898

DirectX Graphics Kernel Remote Code Execution...

9.8CVSS

9.4AI Score

0.028EPSS

2022-01-11 09:15 PM
135
cve
cve

CVE-2022-21879

Windows Kernel Elevation of Privilege...

7.8CVSS

7.1AI Score

0.0004EPSS

2022-01-11 09:15 PM
66
2
cve
cve

CVE-2022-21881

Windows Kernel Elevation of Privilege...

7CVSS

7.1AI Score

0.001EPSS

2022-01-11 09:15 PM
82
2
cve
cve

CVE-2021-29701

IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID:...

4.3CVSS

4.1AI Score

0.001EPSS

2022-01-11 05:15 PM
29
cve
cve

CVE-2021-45884

In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure. NOTE: this issue...

7.5CVSS

5.6AI Score

0.002EPSS

2021-12-27 10:15 PM
27
cve
cve

CVE-2021-43244

Windows Kernel Information Disclosure...

6.5CVSS

5.3AI Score

0.0004EPSS

2021-12-15 03:15 PM
41
2
cve
cve

CVE-2021-43219

DirectX Graphics Kernel File Denial of Service...

7.5CVSS

7.7AI Score

0.001EPSS

2021-12-15 03:15 PM
44
cve
cve

CVE-2021-34425

The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat's "link preview" functionality. In versions prior to 5.7.3, if a user were to enable the chat's "link preview" feature, a malicio...

6.1CVSS

6.3AI Score

0.001EPSS

2021-12-14 08:15 PM
35
cve
cve

CVE-2021-29678

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID:...

8.7CVSS

8AI Score

0.001EPSS

2021-12-09 05:15 PM
52
Total number of security vulnerabilities2875