Lucene search

K

Windows Kernel Security Vulnerabilities

cve
cve

CVE-2023-28222

Windows Kernel Elevation of Privilege...

7.1CVSS

7.2AI Score

0.0004EPSS

2023-04-11 09:15 PM
93
cve
cve

CVE-2023-0977

A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming...

6.7CVSS

6.5AI Score

0.001EPSS

2023-04-03 04:15 PM
18
cve
cve

CVE-2023-26283

IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

5.4CVSS

5.1AI Score

0.0005EPSS

2023-04-02 09:15 PM
80
cve
cve

CVE-2023-0187

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of...

6.1CVSS

5.3AI Score

0.0004EPSS

2023-04-01 05:15 AM
48
cve
cve

CVE-2023-0188

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of...

5.5CVSS

5.4AI Score

0.0004EPSS

2023-04-01 05:15 AM
34
cve
cve

CVE-2023-0191

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data...

7.1CVSS

6.6AI Score

0.0004EPSS

2023-04-01 05:15 AM
31
cve
cve

CVE-2023-0195

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284, which may lead to hypothetical Information leak of unimportant data such as local variable data of the...

2.4CVSS

3.6AI Score

0.0005EPSS

2023-04-01 05:15 AM
39
cve
cve

CVE-2023-0194

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of...

4.6CVSS

4.7AI Score

0.001EPSS

2023-04-01 05:15 AM
35
cve
cve

CVE-2023-0182

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service, information disclosure, and data...

7.8CVSS

7.4AI Score

0.0004EPSS

2023-04-01 05:15 AM
32
cve
cve

CVE-2023-0186

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service and data...

7.1CVSS

6.9AI Score

0.0004EPSS

2023-04-01 05:15 AM
32
cve
cve

CVE-2023-0181

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data...

7.1CVSS

6.5AI Score

0.0004EPSS

2023-04-01 05:15 AM
40
cve
cve

CVE-2022-4126

Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40...

9.8CVSS

9.4AI Score

0.002EPSS

2023-03-27 05:15 AM
16
cve
cve

CVE-2023-27875

IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: ...

7.5CVSS

7.2AI Score

0.001EPSS

2023-03-16 01:15 PM
37
cve
cve

CVE-2023-23420

Windows Kernel Elevation of Privilege...

7.8CVSS

7.9AI Score

0.001EPSS

2023-03-14 05:15 PM
79
cve
cve

CVE-2023-23423

Windows Kernel Elevation of Privilege...

7.8CVSS

7.9AI Score

0.0004EPSS

2023-03-14 05:15 PM
83
cve
cve

CVE-2023-23422

Windows Kernel Elevation of Privilege...

7.8CVSS

7.9AI Score

0.0004EPSS

2023-03-14 05:15 PM
83
cve
cve

CVE-2023-23421

Windows Kernel Elevation of Privilege...

7.8CVSS

7.9AI Score

0.001EPSS

2023-03-14 05:15 PM
84
cve
cve

CVE-2023-0193

NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information...

4.4CVSS

4.5AI Score

0.0004EPSS

2023-03-10 09:15 PM
48
cve
cve

CVE-2023-0196

NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local user running the tool against an ill-formed binary may cause a null- pointer dereference, which may result in a limited denial of...

3.3CVSS

3.9AI Score

0.0004EPSS

2023-03-02 02:15 AM
32
cve
cve

CVE-2023-26281

IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: ...

7.5CVSS

7.2AI Score

0.001EPSS

2023-03-01 08:15 AM
43
cve
cve

CVE-2022-43578

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

5.4CVSS

5.2AI Score

0.0005EPSS

2023-02-22 06:15 PM
23
cve
cve

CVE-2023-25928

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

5.4CVSS

5.2AI Score

0.0005EPSS

2023-02-21 02:15 PM
31
cve
cve

CVE-2023-24960

IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: ...

7.5CVSS

7.2AI Score

0.001EPSS

2023-02-17 07:15 PM
34
cve
cve

CVE-2022-43579

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

5.4CVSS

5.2AI Score

0.0005EPSS

2023-02-17 07:15 PM
30
cve
cve

CVE-2022-40231

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: ...

8.8CVSS

8.1AI Score

0.001EPSS

2023-02-17 07:15 PM
16
cve
cve

CVE-2023-26020

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through...

7.2CVSS

7.3AI Score

0.001EPSS

2023-02-17 06:15 PM
17
cve
cve

CVE-2022-40232

IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID:...

8.8CVSS

8.1AI Score

0.001EPSS

2023-02-17 06:15 PM
22
cve
cve

CVE-2023-22868

IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

5.4CVSS

5.6AI Score

0.0005EPSS

2023-02-17 05:15 PM
38
cve
cve

CVE-2023-24964

IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: ...

6.2CVSS

5AI Score

0.0004EPSS

2023-02-17 05:15 PM
27
cve
cve

CVE-2022-43929

IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID:...

7.5CVSS

7.1AI Score

0.001EPSS

2023-02-17 05:15 PM
108
cve
cve

CVE-2022-43927

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: ...

7.5CVSS

7.1AI Score

0.001EPSS

2023-02-17 05:15 PM
103
cve
cve

CVE-2022-47986

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system....

9.8CVSS

8.3AI Score

0.959EPSS

2023-02-17 04:15 PM
692
In Wild
cve
cve

CVE-2022-26841

Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2.16.100.1 may allow an authenticated user to potentially enable information disclosure via local...

5.5CVSS

5.1AI Score

0.0004EPSS

2023-02-16 08:15 PM
19
cve
cve

CVE-2022-26509

Improper conditions check in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local...

5.5CVSS

5AI Score

0.0004EPSS

2023-02-16 08:15 PM
19
cve
cve

CVE-2023-21688

NT OS Kernel Elevation of Privilege...

7.8CVSS

7.9AI Score

0.001EPSS

2023-02-14 08:15 PM
69
cve
cve

CVE-2022-42436

IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: ...

4CVSS

3.3AI Score

0.0004EPSS

2023-02-12 04:15 AM
85
cve
cve

CVE-2022-42444

IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash. IBM X-Force ID: ...

6.5CVSS

6.5AI Score

0.001EPSS

2023-02-12 04:15 AM
25
cve
cve

CVE-2023-0575

External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This...

9.8CVSS

9.1AI Score

0.001EPSS

2023-02-09 05:15 PM
21
cve
cve

CVE-2023-23475

IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

4.6CVSS

4.4AI Score

0.0005EPSS

2023-02-08 07:15 PM
34
cve
cve

CVE-2022-35720

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: ...

5.5CVSS

5.2AI Score

0.0004EPSS

2023-02-08 07:15 PM
23
cve
cve

CVE-2022-34362

IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM...

4.6CVSS

4.5AI Score

0.0005EPSS

2023-02-08 07:15 PM
24
cve
cve

CVE-2022-42439

IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID:...

6.8CVSS

4.8AI Score

0.001EPSS

2023-02-06 09:15 PM
35
cve
cve

CVE-2023-23477

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: ...

9.8CVSS

9.2AI Score

0.004EPSS

2023-02-03 07:15 PM
260
cve
cve

CVE-2022-47983

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

5.4CVSS

5.2AI Score

0.0005EPSS

2023-02-01 06:15 PM
26
cve
cve

CVE-2022-43917

IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID:...

7.5CVSS

7.3AI Score

0.001EPSS

2023-01-26 09:17 PM
26
cve
cve

CVE-2023-24069

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can....

3.3CVSS

3.8AI Score

0.0004EPSS

2023-01-23 07:15 AM
28
cve
cve

CVE-2023-24068

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into...

7.8CVSS

7.3AI Score

0.0004EPSS

2023-01-23 07:15 AM
34
cve
cve

CVE-2022-41733

IBM InfoSphere Information Server 11.7 could allow a remote attacked to cause some of the components to be unusable until the process is restarted. IBM X-Force ID:...

5.3CVSS

5.1AI Score

0.001EPSS

2023-01-20 07:15 PM
30
cve
cve

CVE-2023-21774

Windows Kernel Elevation of Privilege...

7.8CVSS

7.5AI Score

0.001EPSS

2023-01-10 10:15 PM
78
cve
cve

CVE-2023-21776

Windows Kernel Information Disclosure...

5.5CVSS

5.8AI Score

0.0004EPSS

2023-01-10 10:15 PM
113
Total number of security vulnerabilities2875