CVSS: 4.4EPSS: 0%CPEs: 9EXPL: 1CVE-2024-21305 – Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-21305
09 Jan 2024 — Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability Vulnerabilidad de omisión de la característica de seguridad de Hypervisor-Protected Code Integrity (HVCI) This post details the story and technical details of the non-secure Hypervisor-Protected Code Integrity (HVCI) configuration vulnerability disclosed and fixed with the January 9th update on Windows. This vulnerability, CVE-2024-21305, allowed arbitrary kernel-mode code execution, effectively bypassing HVCI within the root p... • https://github.com/tandasat/CVE-2024-21305 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2024-20700 – Windows Hyper-V Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20700
09 Jan 2024 — Windows Hyper-V Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Windows Hyper-V • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20700 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-20699 – Windows Hyper-V Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-20699
09 Jan 2024 — Windows Hyper-V Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de Windows Hyper-V • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20699 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2024-20698 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-20698
09 Jan 2024 — Windows Kernel Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del kernel de Windows • https://github.com/RomanRybachek/CVE-2024-20698 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.3EPSS: 0%CPEs: 9EXPL: 1CVE-2024-20696 – Windows libarchive Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20696
09 Jan 2024 — Windows Libarchive Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Windows Libarchive Windows libarchive Remote Code Execution Vulnerability It was discovered that libarchive incorrectly handled certain RAR archive files. If a user or automated system were tricked into processing a specially crafted RAR archive, an attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://github.com/clearbluejar/CVE-2024-20696 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2024-20694 – Windows CoreMessaging Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-20694
09 Jan 2024 — Windows CoreMessaging Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de Windows CoreMessaging • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20694 • CWE-668: Exposure of Resource to Wrong Sphere CWE-908: Use of Uninitialized Resource •
CVSS: 4.7EPSS: 0%CPEs: 19EXPL: 0CVE-2024-20691 – Windows Themes Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-20691
09 Jan 2024 — Windows Themes Information Disclosure Vulnerability Vulnerabilidad de divulgación de información en temas de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20691 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-20690 – Windows Nearby Sharing Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-20690
09 Jan 2024 — Windows Nearby Sharing Spoofing Vulnerability Vulnerabilidad de Nearby Sharing Spoofing de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20690 • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2024-20683 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-20683
09 Jan 2024 — Win32k Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Win32k • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20683 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-20682 – Windows Cryptographic Services Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20682
09 Jan 2024 — Windows Cryptographic Services Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de los servicios criptográficos de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20682 • CWE-822: Untrusted Pointer Dereference •