CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-41766 – Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-41766
10 Oct 2023 — Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Windows Client Server Run-Time Subsystem (CSRSS) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41766 • CWE-426: Untrusted Search Path •
CVSS: 8.1EPSS: 0%CPEs: 14EXPL: 0CVE-2023-41765 – Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41765
10 Oct 2023 — Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en Layer 2 Tunneling Protocol • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41765 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-38171 – Microsoft QUIC Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-38171
10 Oct 2023 — Microsoft QUIC Denial of Service Vulnerability Vulnerabilidad de denegación de servicio en Microsoft QUIC • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171 • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-36902 – Windows Runtime Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-36902
10 Oct 2023 — Windows Runtime Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en Windows Runtime Remote • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36902 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2023-35349 – Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35349
10 Oct 2023 — Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en Microsoft Message Queue • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35349 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 85%CPEs: 444EXPL: 16CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0CVE-2022-48183
https://notcve.org/view.php?id=CVE-2022-48183
09 Oct 2023 — A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. Se informó una vulnerabilidad en ThinkPad T14s Gen 3 y X13 Gen3 que podría causar que el mecanismo de detección de manipulación del BIOS no se active en circunstancias específicas que podrían permitir el acceso no autorizado. • https://support.lenovo.com/us/en/product_security/LEN-106014 • CWE-1263: Improper Physical Access Control •
CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0CVE-2022-48182
https://notcve.org/view.php?id=CVE-2022-48182
09 Oct 2023 — A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. Se informó una vulnerabilidad en ThinkPad T14s Gen 3 y X13 Gen3 que podría causar que el mecanismo de detección de manipulación del BIOS no se active en circunstancias específicas que podrían permitir el acceso no autorizado. • https://support.lenovo.com/us/en/product_security/LEN-106014 • CWE-1263: Improper Physical Access Control •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-45247
https://notcve.org/view.php?id=CVE-2023-45247
09 Oct 2023 — Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36497. Divulgación y manipulación de información sensible por falta de autorización. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilación 36497. Sensitive information disclosure and manipulation due to missing authorization. • https://security-advisory.acronis.com/advisories/SEC-6600 • CWE-862: Missing Authorization •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45248
https://notcve.org/view.php?id=CVE-2023-45248
09 Oct 2023 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391. Escalada de privilegios locales debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos se ven afectados: Acronis Agent (Windows) anterior a la compilación 36497. • https://security-advisory.acronis.com/advisories/SEC-6052 • CWE-427: Uncontrolled Search Path Element •