Windows Kernel Security Vulnerabilities
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from...
7.8CVSS
7.6AI Score
0.001EPSS
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from...
5.5CVSS
6.5AI Score
0.001EPSS
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343,...
6.5CVSS
7.4AI Score
0.059EPSS
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343,...
6.5CVSS
7.4AI Score
0.059EPSS
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1346,...
6.5CVSS
7.4AI Score
0.059EPSS
An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka 'Windows Code Integrity Module Information Disclosure...
5.5CVSS
6.7AI Score
0.0004EPSS
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from...
5.5CVSS
6.5AI Score
0.001EPSS
Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current...
7.5CVSS
7.9AI Score
0.002EPSS
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current...
9.8CVSS
9.2AI Score
0.012EPSS
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current...
9.8CVSS
9.5AI Score
0.011EPSS
An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory, aka 'Windows SMB Client Driver Information Disclosure...
5.5CVSS
6.1AI Score
0.001EPSS
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure...
5.5CVSS
5.9AI Score
0.0004EPSS
SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for...
7.5CVSS
7.5AI Score
0.001EPSS
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public...
8.1CVSS
7.5AI Score
0.033EPSS
IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a...
7.8CVSS
7.8AI Score
0.0004EPSS
IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This...
7.8CVSS
7.4AI Score
0.0004EPSS
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on...
5.5CVSS
5AI Score
0.001EPSS
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on...
5.5CVSS
5AI Score
0.001EPSS
An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a...
7.8CVSS
7.3AI Score
0.0004EPSS
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with...
7CVSS
7.5AI Score
0.0004EPSS
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new....
7.8CVSS
7.5AI Score
0.0004EPSS
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new....
7.8CVSS
7.5AI Score
0.0004EPSS
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...
7.8CVSS
7.5AI Score
0.002EPSS
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data structure in a way that relies on properties that are not always guaranteed to be valid, which may lead to.....
5.5CVSS
6.8AI Score
0.0004EPSS
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended...
7.1CVSS
7.8AI Score
0.0004EPSS
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current...
7.5CVSS
7.1AI Score
0.002EPSS
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current...
9.8CVSS
9.6AI Score
0.014EPSS
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper error handling vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current...
7.5CVSS
7.2AI Score
0.002EPSS
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Insufficient input validation vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current...
7.5CVSS
7.6AI Score
0.002EPSS
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Inadequate access control vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current...
7.5CVSS
7.1AI Score
0.002EPSS
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. Successful exploitation could lead to Arbitrary read access to the file system in the context of the current...
7.5CVSS
7.1AI Score
0.002EPSS
An elevation of privilege vulnerability exists in rpcss.dll when the RPC service Activation Kernel improperly handles an RPC request. To exploit this vulnerability, a low level authenticated attacker could run a specially crafted application. The security update addresses this vulnerability by...
7.8CVSS
7.5AI Score
0.001EPSS
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure...
5.5CVSS
5.6AI Score
0.001EPSS
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from...
5.5CVSS
5.8AI Score
0.001EPSS
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from...
5.5CVSS
5.8AI Score
0.001EPSS
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege...
7.8CVSS
7.5AI Score
0.0004EPSS
IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-force ID:...
7.5CVSS
7.1AI Score
0.002EPSS
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID:...
6.5CVSS
6.6AI Score
0.001EPSS
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID:...
7.8CVSS
7.6AI Score
0.0004EPSS
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID:...
5.5CVSS
6AI Score
0.0005EPSS
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID:...
7.8CVSS
7.6AI Score
0.0004EPSS
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID:...
5.9CVSS
6.1AI Score
0.002EPSS
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID:...
6.7CVSS
7.1AI Score
0.0004EPSS
IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID:...
4.3CVSS
4.2AI Score
0.001EPSS
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID:...
7.1CVSS
6.8AI Score
0.001EPSS
Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent...
7.4CVSS
8.1AI Score
0.001EPSS
Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code...
8.8CVSS
8.8AI Score
0.016EPSS
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from...
7.8CVSS
7.5AI Score
0.002EPSS
A security feature bypass vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system, aka 'Windows Secure Kernel Mode...
7.8CVSS
7.5AI Score
0.0004EPSS
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure...
5.5CVSS
5.5AI Score
0.0004EPSS