CVE-2023-36011 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36011
Win32k Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Win32k • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36011 • CWE-822: Untrusted Pointer Dereference •
CVE-2023-36391 – Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36391
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del servicio del subsistema de autoridad de seguridad local • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36391 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2023-36696 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36696
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del controlador del minifiltro de archivos en la nube de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36696 • CWE-125: Out-of-bounds Read •
CVE-2023-24023 – kernel: Bluetooth Forward and Future Secrecy Attacks and Defenses
https://notcve.org/view.php?id=CVE-2023-24023
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS. Los dispositivos Bluetooth BR/EDR con emparejamiento simple seguro y emparejamiento de conexiones seguras en las especificaciones principales de Bluetooth 4.2 a 5.4 permiten ciertos ataques de intermediario que fuerzan una longitud de clave corta y pueden llevar al descubrimiento de la clave de cifrado y a la inyección en vivo, también conocido como BLUFFS. A flaw was found in Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4. This issue may allow certain man-in-the-middle attacks that force a short key length and might lead to discovery of the encryption key and live injection, aka BLUFFS. • https://dl.acm.org/doi/10.1145/3576915.3623066 https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability https://access.redhat.com/security/cve/CVE-2023-24023 https://bugzilla.redhat.com/show_bug.cgi?id=2254961 • CWE-300: Channel Accessible by Non-Endpoint •
CVE-2023-36049 – .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36049
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en .NET, .NET Framework y Visual Studio A vulnerability was found in FormatFtpCommand in the .NET package that may result in a CRLF injection arbitrary file write and deletion. This vulnerability allows remote attackers to create or delete arbitrary files on FTP servers implemented using affected versions of Microsoft .NET. Interaction with the .NET framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the FormatFtpCommand method. The issue results from the incorrect neutralization of CRLF sequences. An attacker can leverage this vulnerability to write or delete files in the context of the FTP server. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36049 https://access.redhat.com/security/cve/CVE-2023-36049 https://bugzilla.redhat.com/show_bug.cgi?id=2248883 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •