Lucene search

K

Windows Kernel Security Vulnerabilities

cve
cve

CVE-2010-5157

Race condition in Comodo Internet Security before 4.1.149672.916 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes....

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
18
cve
cve

CVE-2010-5161

Race condition in F-Secure Internet Security 2010 10.00 build 246 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory...

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
25
cve
cve

CVE-2010-5166

Race condition in McAfee Total Protection 2010 10.0.580 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...

6.8AI Score

0.0004EPSS

2022-10-03 04:21 PM
18
cve
cve

CVE-2010-5169

Race condition in Online Armor Premium 4.0.0.35 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
14
cve
cve

CVE-2010-5183

Race condition in Webroot Internet Security Essentials 6.1.0.145 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes....

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
20
cve
cve

CVE-2010-5155

Race condition in Blink Professional 4.6.1 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler...

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
20
cve
cve

CVE-2010-5172

Race condition in Panda Internet Security 2010 15.01.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
16
cve
cve

CVE-2016-1715

The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service (memory corruption and system crash)....

6.6CVSS

6.6AI Score

0.001EPSS

2022-10-03 04:16 PM
24
cve
cve

CVE-2012-2014

HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated users to have an unspecified impact via unknown...

6.5AI Score

0.003EPSS

2022-10-03 04:15 PM
34
cve
cve

CVE-2012-2016

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via unknown...

5.8AI Score

0.0004EPSS

2022-10-03 04:15 PM
29
cve
cve

CVE-2012-2493

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows...

7.6AI Score

0.006EPSS

2022-10-03 04:15 PM
20
cve
cve

CVE-2012-2012

HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended...

6.8AI Score

0.006EPSS

2022-10-03 04:15 PM
74
cve
cve

CVE-2012-2013

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote attackers to cause a denial of service, or possibly obtain sensitive information or modify data, via unknown...

7.2AI Score

0.006EPSS

2022-10-03 04:15 PM
77
4
cve
cve

CVE-2012-2015

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenticated users to gain privileges and obtain sensitive information via unknown...

6.2AI Score

0.002EPSS

2022-10-03 04:15 PM
51
cve
cve

CVE-2012-4143

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than...

6.6AI Score

0.016EPSS

2022-10-03 04:15 PM
23
cve
cve

CVE-2012-4145

Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a "low severity...

6.3AI Score

0.002EPSS

2022-10-03 04:15 PM
29
cve
cve

CVE-2012-4144

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML...

5.4AI Score

0.004EPSS

2022-10-03 04:15 PM
24
cve
cve

CVE-2012-4142

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted...

5.4AI Score

0.003EPSS

2022-10-03 04:15 PM
26
cve
cve

CVE-2012-5429

The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID...

6.3AI Score

0.0004EPSS

2022-10-03 04:15 PM
18
cve
cve

CVE-2011-1503

The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:///...

6.2AI Score

0.002EPSS

2022-10-03 04:15 PM
21
cve
cve

CVE-2013-2553

Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than...

6.1AI Score

0.547EPSS

2022-10-03 04:15 PM
25
cve
cve

CVE-2013-4669

FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the.....

6.3AI Score

0.001EPSS

2022-10-03 04:14 PM
19
cve
cve

CVE-2013-3697

Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and...

6.9AI Score

0.001EPSS

2022-10-03 04:14 PM
23
cve
cve

CVE-2022-2778

In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null...

9.8CVSS

9.3AI Score

0.002EPSS

2022-09-30 04:15 AM
33
8
cve
cve

CVE-2022-40748

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

5.4CVSS

5.2AI Score

0.001EPSS

2022-09-23 06:15 PM
29
6
cve
cve

CVE-2022-35721

IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

5.4CVSS

5.2AI Score

0.001EPSS

2022-09-23 06:15 PM
26
5
cve
cve

CVE-2022-35637

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID:...

6.5CVSS

6.5AI Score

0.001EPSS

2022-09-13 09:15 PM
36
5
cve
cve

CVE-2022-34336

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

5.4CVSS

5.1AI Score

0.001EPSS

2022-09-13 09:15 PM
28
5
cve
cve

CVE-2022-22483

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID:...

6.5CVSS

6.3AI Score

0.001EPSS

2022-09-13 09:15 PM
32
6
cve
cve

CVE-2022-37964

Windows Kernel Elevation of Privilege...

7.8CVSS

8.5AI Score

0.0004EPSS

2022-09-13 07:15 PM
47
9
cve
cve

CVE-2022-37957

Windows Kernel Elevation of Privilege...

7.8CVSS

8.4AI Score

0.0004EPSS

2022-09-13 07:15 PM
56
8
cve
cve

CVE-2022-37956

Windows Kernel Elevation of Privilege...

7.8CVSS

8.4AI Score

0.0004EPSS

2022-09-13 07:15 PM
79
8
cve
cve

CVE-2022-37954

DirectX Graphics Kernel Elevation of Privilege...

7.8CVSS

7.5AI Score

0.001EPSS

2022-09-13 07:15 PM
57
6
cve
cve

CVE-2022-34165

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including...

5.4CVSS

5AI Score

0.001EPSS

2022-09-09 04:15 PM
99
7
cve
cve

CVE-2022-28199

NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and...

6.5CVSS

6.9AI Score

0.002EPSS

2022-09-01 05:15 PM
81
5
cve
cve

CVE-2022-31676

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual...

7.8CVSS

7.8AI Score

0.0004EPSS

2022-08-23 08:15 PM
888
19
cve
cve

CVE-2022-22489

IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID:...

9.1CVSS

8.7AI Score

0.002EPSS

2022-08-19 07:15 PM
87
10
cve
cve

CVE-2022-2074

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project...

7.5CVSS

7.4AI Score

0.001EPSS

2022-08-19 09:15 AM
35
3
cve
cve

CVE-2022-2075

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request...

7.5CVSS

7.3AI Score

0.001EPSS

2022-08-19 09:15 AM
30
5
cve
cve

CVE-2022-2049

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload...

7.5CVSS

7.5AI Score

0.001EPSS

2022-08-19 09:15 AM
37
3
cve
cve

CVE-2022-1901

In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable...

5.3CVSS

5.2AI Score

0.001EPSS

2022-08-19 08:15 AM
32
3
cve
cve

CVE-2021-39087

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID:...

6.5CVSS

6AI Score

0.001EPSS

2022-08-16 07:15 PM
39
5
cve
cve

CVE-2021-39035

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

5.4CVSS

5.2AI Score

0.001EPSS

2022-08-16 07:15 PM
34
5
cve
cve

CVE-2021-39086

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the...

5.3CVSS

4.9AI Score

0.001EPSS

2022-08-16 07:15 PM
43
5
cve
cve

CVE-2021-39085

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the....

9.8CVSS

9.3AI Score

0.001EPSS

2022-08-16 07:15 PM
38
5
cve
cve

CVE-2022-38221

A buffer overflow in the FTcpListener thread in The Isle Evrima (the dedicated server on Windows and Linux) 0.9.88.07 before 2022-08-12 allows a remote attacker to crash any server with an accessible RCON port, or possibly execute arbitrary...

9.8CVSS

9.9AI Score

0.004EPSS

2022-08-15 11:21 AM
29
4
cve
cve

CVE-2022-35715

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID:...

7.5CVSS

7AI Score

0.001EPSS

2022-08-10 05:15 PM
37
5
cve
cve

CVE-2022-35768

Windows Kernel Elevation of Privilege...

7.8CVSS

8.4AI Score

0.0004EPSS

2022-08-09 08:15 PM
108
7
cve
cve

CVE-2022-35761

Windows Kernel Elevation of Privilege...

7.8CVSS

8.4AI Score

0.0004EPSS

2022-08-09 08:15 PM
48
6
cve
cve

CVE-2022-34708

Windows Kernel Information Disclosure...

5.5CVSS

6.8AI Score

0.0004EPSS

2022-08-09 08:15 PM
112
5
Total number of security vulnerabilities2875