CVSS: 8.1EPSS: 0%CPEs: 15EXPL: 0CVE-2023-36005 – Windows Telephony Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36005
12 Dec 2023 — Windows Telephony Server Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del servidor de telefonía de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36005 • CWE-591: Sensitive Data Storage in Improperly Locked Memory •
CVSS: 7.6EPSS: 0%CPEs: 15EXPL: 0CVE-2023-36004 – Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-36004
12 Dec 2023 — Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability Vulnerabilidad de suplantación de identidad DPAPI (interfaz de programación de aplicaciones de protección de datos) de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36004 • CWE-287: Improper Authentication •
CVSS: 7.3EPSS: 0%CPEs: 11EXPL: 2CVE-2023-36003 – XAML Diagnostics Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36003
12 Dec 2023 — XAML Diagnostics Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de diagnóstico XAML • https://github.com/m417z/CVE-2023-36003-POC • CWE-426: Untrusted Search Path •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-36012 – DHCP Server Service Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-36012
12 Dec 2023 — DHCP Server Service Information Disclosure Vulnerability Vulnerabilidad de divulgación de información del servicio del servidor DHCP • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36012 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2023-21740 – Windows Media Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21740
12 Dec 2023 — Windows Media Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Windows Media • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21740 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2023-36011 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36011
12 Dec 2023 — Win32k Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Win32k • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36011 • CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36391 – Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36391
12 Dec 2023 — Local Security Authority Subsystem Service Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del servicio del subsistema de autoridad de seguridad local • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36391 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-36696 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36696
12 Dec 2023 — Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del controlador del minifiltro de archivos en la nube de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36696 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-48677
https://notcve.org/view.php?id=CVE-2023-48677
12 Dec 2023 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901. Escalada de privilegios locales debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos se ven afectados: Acronis Cyber Protect Home Office (Windows) anterior a la compilación 40901. Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-5620 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-48861
https://notcve.org/view.php?id=CVE-2023-48861
07 Dec 2023 — DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll. Vulnerabilidad de secuestro de DLL en TTplayer versión 7.0.2, permite a atacantes locales escalar privilegios y ejecutar código arbitrario a través de urlmon.dll. • https://github.com/xieqiang11/POC4/blob/main/README.md • CWE-427: Uncontrolled Search Path Element •