CVSS: 4.9EPSS: 0%CPEs: 16EXPL: 0CVE-2024-21340 – Windows Kernel Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-21340
13 Feb 2024 — Windows Kernel Information Disclosure Vulnerability Vulnerabilidad de divulgación de información del kernel de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21340 • CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 10CVE-2024-21338 – Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2024-21338
13 Feb 2024 — Windows Kernel Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del kernel de Windows Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation. • https://packetstorm.news/files/id/177869 • CWE-822: Untrusted Pointer Dereference •
CVSS: 9.4EPSS: 3%CPEs: 14EXPL: 1CVE-2024-21412 – Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-21412
13 Feb 2024 — Internet Shortcut Files Security Feature Bypass Vulnerability Vulnerabilidad de omisión de la función de seguridad de archivos de acceso directo a Internet This vulnerability allows remote attackers to bypass the SmartScreen security feature to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Internet Shortcu... • https://github.com/lsr00ter/CVE-2024-21412_Water-Hydra • CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2024-21320 – Windows Themes Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-21320
09 Jan 2024 — Windows Themes Spoofing Vulnerability Vulnerabilidad de suplantación de temas de Windows • https://github.com/sxyrxyy/CVE-2024-21320-POC • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2024-21314 – Microsoft Message Queuing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-21314
09 Jan 2024 — Microsoft Message Queuing Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de Microsoft Message Queue Server • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21314 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2024-21311 – Windows Cryptographic Services Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-21311
09 Jan 2024 — Windows Cryptographic Services Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de servicios criptográficos de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21311 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-21310 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-21310
09 Jan 2024 — Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del controlador del minifiltro de archivos en la nube de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Only systems with long Win32 path support enabled are affected. The specific flaw... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21310 • CWE-197: Numeric Truncation Error •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 3CVE-2024-21306 – Microsoft Bluetooth Driver Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-21306
09 Jan 2024 — Microsoft Bluetooth Driver Spoofing Vulnerability Vulnerabilidad de suplantación de controladores Bluetooth de Microsoft • https://github.com/PhucHauDeveloper/BadBlue • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2024-20692 – Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-20692
09 Jan 2024 — Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Vulnerabilidad de divulgación de información del servicio del subsistema de la autoridad de seguridad local de Microsoft • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20692 • CWE-326: Inadequate Encryption Strength CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2024-20687 – Microsoft AllJoyn API Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-20687
09 Jan 2024 — Microsoft AllJoyn API Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de la API Microsoft AllJoyn • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20687 • CWE-125: Out-of-bounds Read •