Total
7549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0181 | 6 Citrix, Linux, Microsoft and 3 more | 6 Hypervisor, Linux Kernel, Windows and 3 more | 2024-11-21 | N/A | 7.1 HIGH |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering. | |||||
| CVE-2023-0140 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-0139 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-0132 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-0012 | 2 Microsoft, Sap | 2 Windows, Host Agent | 2024-11-21 | N/A | 6.4 MEDIUM |
| In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised. | |||||
| CVE-2023-0002 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2024-11-21 | N/A | 5.5 MEDIUM |
| A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. | |||||
| CVE-2023-0001 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2024-11-21 | N/A | 6.0 MEDIUM |
| An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent. | |||||
| CVE-2022-4439 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High) | |||||
| CVE-2022-4418 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40208. | |||||
| CVE-2022-4326 | 2 Microsoft, Trellix | 2 Windows, Endpoint Security | 2024-11-21 | N/A | 5.5 MEDIUM |
| Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to V35.31.22 on Windows allows a local user with administrator privileges to bypass the product protection to uninstall the agent via incorrectly applied permissions in the removal protection functionality. | |||||
| CVE-2022-4294 | 5 Avast, Avg, Avira and 2 more | 5 Antivirus, Antivirus, Avira Security and 2 more | 2024-11-21 | N/A | 7.1 HIGH |
| Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
| CVE-2022-4258 | 2 Hima, Microsoft | 5 Hopcs, X-opc A\+e, X-opc Da and 2 more | 2024-11-21 | N/A | 7.8 HIGH |
| In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system. | |||||
| CVE-2022-4187 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4149 | 2 Microsoft, Netskope | 2 Windows, Netskope | 2024-11-21 | N/A | 7.0 HIGH |
| The Netskope client service (prior to R96) on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory (C:\Users\Public\netSkope) for a standard user. The files are created and written with a SYSTEM account except one file (logplaceholder) which inherits permission giving all users full access control list. Netskope client restricts access to this file by allowing only read permissions as a standard user. Whenever the Netskope client service restarts, it deletes the logplaceholder and recreates, creating a race condition, which can be exploited by a malicious local user to create the file and set ACL permissions on the file. Once the file is created by a malicious user with proper ACL permissions, all files within C:\Users\Public\netSkope\ becomes modifiable by the unprivileged user. By using Windows pseudo-symlink, these files can be pointed to other places in the system and thus malicious users will be able to elevate privileges. | |||||
| CVE-2022-4146 | 4 Hitachi, Linux, Microsoft and 1 more | 4 Replication Manager, Linux Kernel, Windows and 1 more | 2024-11-21 | N/A | 7.3 HIGH |
| Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02. | |||||
| CVE-2022-4126 | 4 Abb, Apple, Linux and 1 more | 4 Rccmd, Macos, Linux Kernel and 1 more | 2024-11-21 | N/A | 9.6 CRITICAL |
| Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207. | |||||
| CVE-2022-48482 | 2 3cx, Microsoft | 2 3cx, Windows | 2024-11-21 | N/A | 7.5 HIGH |
| 3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs. | |||||
| CVE-2022-48199 | 2 Microsoft, Softperfect | 2 Windows, Networx | 2024-11-21 | N/A | 8.8 HIGH |
| SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a malicious binary with potentially higher privileges via a low-privileged user account that abuses the Notifications function. The Notifications function allows for arbitrary binary execution and can be modified by any user. The resulting binary execution will occur in the context of any user running NetWorx. If an attacker modifies the Notifications function to execute a malicious binary, the binary will be executed by every user running NetWorx on that system. | |||||
| CVE-2022-48191 | 2 Microsoft, Trendmicro | 2 Windows, Maximum Security 2022 | 2024-11-21 | N/A | 7.0 HIGH |
| A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system. | |||||
| CVE-2022-48183 | 3 Lenovo, Linux, Microsoft | 6 Thinkpad T14s Gen 3, Thinkpad T14s Gen 3 Firmware, Thinkpad X13 Gen 3 and 3 more | 2024-11-21 | N/A | 6.1 MEDIUM |
| A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. | |||||