U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x86:*
  • CPE Name Search: true
There are 6,286 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2022-4187

Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)

Published: November 29, 2022; 7:15:10 PM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-41157

A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands.

Published: November 25, 2022; 2:15:11 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-41156

Remote code execution vulnerability due to insufficient verification of URLs, etc. in OndiskPlayerAgent. A remote attacker could exploit the vulnerability to cause remote code execution by causing an arbitrary user to download and execute malicious code.

Published: November 25, 2022; 2:15:11 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-38166

In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service.

Published: November 25, 2022; 10:15:10 AM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-41924

A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows client GUI in cleartext with no Host header verification. This allowed an attacker-controlled website visited by the node to rebind DNS to an attacker-controlled DNS server, and then make local API requests in the client, including changing the coordination server to an attacker-controlled coordination server. An attacker-controlled coordination server can send malicious URL responses to the client, including pushing executables or installing an SMB share. These allow the attacker to remotely execute code on the node. All Windows clients prior to version v.1.32.3 are affected. If you are running Tailscale on Windows, upgrade to v1.32.3 or later to remediate the issue.

Published: November 23, 2022; 2:15:12 PM -0500
V3.1: 9.6 CRITICAL
V2.0:(not available)
CVE-2022-40746

IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581.

Published: November 21, 2022; 1:15:14 PM -0500
V3.1: 6.7 MEDIUM
V2.0:(not available)
CVE-2022-34667

NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local user to download a specially crafted corrupted file and execute cuobjdump against it locally, which may lead to a limited denial of service and some loss of data integrity for the local user.

Published: November 18, 2022; 7:15:29 PM -0500
V3.1: 4.4 MEDIUM
V2.0:(not available)
CVE-2022-34665

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.

Published: November 18, 2022; 7:15:27 PM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-31617

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Published: November 18, 2022; 7:15:27 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-31616

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure.

Published: November 18, 2022; 7:15:26 PM -0500
V3.1: 7.1 HIGH
V2.0:(not available)
CVE-2022-31613

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any local user can cause a null-pointer dereference, which may lead to a kernel panic.

Published: November 18, 2022; 7:15:26 PM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-31612

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information.

Published: November 18, 2022; 7:15:25 PM -0500
V3.1: 7.1 HIGH
V2.0:(not available)
CVE-2022-31610

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Published: November 18, 2022; 7:15:25 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-31606

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering.

Published: November 18, 2022; 7:15:14 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-40752

IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID: 236687.

Published: November 16, 2022; 6:15:10 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-40753

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236688.

Published: November 15, 2022; 4:15:38 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-40750

IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588.

Published: November 11, 2022; 2:15:11 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-31772

IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335.

Published: November 11, 2022; 2:15:10 PM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-34666

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.

Published: November 10, 2022; 11:15:10 AM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-27674

Insufficient validation in the IOCTL input/output buffer in AMD ?Prof may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.

Published: November 09, 2022; 4:15:14 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)