CVSS: 7.0EPSS: 0%CPEs: 11EXPL: 0CVE-2022-26928 – Windows Photo Import API Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-26928
13 Sep 2022 — Windows Photo Import API Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Windows Photo Import API • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26928 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2022-35837 – Windows Graphics Component Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-35837
13 Sep 2022 — Windows Graphics Component Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información de Windows Graphics Component. Este ID de CVE es diferente de CVE-2022-34728, CVE-2022-38006 • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35837 •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 1CVE-2022-37956 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-37956
13 Sep 2022 — Windows Kernel Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Windows Kernel. Este ID de CVE es diferente de CVE-2022-37957, CVE-2022-37964 The Windows Kernel suffers from integer overflow vulnerabilities in its registry subkey lists leading to memory corruption. • https://packetstorm.news/files/id/168723 •
CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2022-34301 – shim: 3rd party shim allow secure boot bypass
https://notcve.org/view.php?id=CVE-2022-34301
26 Aug 2022 — A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. Se ha encontrado un fallo en los cargadores de arranque de CryptoPro Secure Disk versiones anterior... • https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot • CWE-494: Download of Code Without Integrity Check •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2022-34302 – shim: 3rd party shim allow secure boot bypass
https://notcve.org/view.php?id=CVE-2022-34302
26 Aug 2022 — A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. Se ha encontrado un fallo en los cargadores de arranque de New Horizon Datasys versiones anteriores a... • https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot • CWE-494: Download of Code Without Integrity Check •
CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2022-34303 – shim: 3rd party shim allow secure boot bypass
https://notcve.org/view.php?id=CVE-2022-34303
26 Aug 2022 — A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. Se ha encontrado un fallo en los cargadores de arranque de Eurosoft versiones anteriores a 01-06-2022. • https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot • CWE-494: Download of Code Without Integrity Check •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 1CVE-2022-35822 – Windows Defender Credential Guard Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-35822
15 Aug 2022 — Windows Defender Credential Guard Security Feature Bypass Vulnerability Una Vulnerabilidad de Omisión de la Funcionalidad de Seguridad de Windows Defender Credential Guard. Este ID de CVE es diferente de CVE-2022-34709. On Windows, the Kerberos ticket renewal process can be used with CG to get an unencrypted TGT session key for a currently authenticated user leading to information disclosure. • https://packetstorm.news/files/id/168331 •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 1CVE-2022-34711 – Windows Defender Credential Guard Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-34711
15 Aug 2022 — Windows Defender Credential Guard Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de Windows Defender Credential Guard. Este ID de CVE es diferente de CVE-2022-34705, CVE-2022-35771. On Windows, CG API KerbIumCreateApReqAuthenticator can be used to decrypt arbitrary encrypted Kerberos keys leading to information disclosure. • https://packetstorm.news/files/id/168325 •
CVSS: 8.8EPSS: 0%CPEs: 30EXPL: 0CVE-2022-35820 – Windows Bluetooth Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-35820
09 Aug 2022 — Windows Bluetooth Driver Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios de Windows Bluetooth Driver This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the bthport.sys driver. The issue results from improper authorization logic when accessing regis... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35820 •
CVSS: 6.6EPSS: 0%CPEs: 14EXPL: 0CVE-2022-35797 – Windows Hello Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-35797
09 Aug 2022 — Windows Hello Security Feature Bypass Vulnerability Vulnerabilidad de Omisión de la Funcionalidad de Seguridad de Windows Hello • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35797 •