CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32214 – Gentoo Linux Security Advisory 202401-10
https://notcve.org/view.php?id=CVE-2023-32214
19 Jun 2023 — Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefo... • https://bugzilla.mozilla.org/show_bug.cgi?id=1828716 •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-4149 – Local privilege escalation using log file
https://notcve.org/view.php?id=CVE-2022-4149
15 Jun 2023 — The Netskope client service (prior to R96) on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory (C:\Users\Public\netSkope) for a standard user. The files are created and written with a SYSTEM account except one file (logplaceholder) which inherits permission giving all users full access control list. Netskope client restricts access to this file by allowing only read permissions as a standard user. Whenever the Netskope client service restarts, it deletes the logplaceholder ... • https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-002 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2270 – Local privilege escalation
https://notcve.org/view.php?id=CVE-2023-2270
15 Jun 2023 — The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration files on the machine. This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code w... • https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-001 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 80EXPL: 0CVE-2023-32030 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-32030
14 Jun 2023 — .NET and Visual Studio Denial of Service Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32030 •
CVSS: 7.8EPSS: 0%CPEs: 86EXPL: 0CVE-2023-24895 – .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-24895
14 Jun 2023 — .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24895 •
CVSS: 7.8EPSS: 0%CPEs: 61EXPL: 0CVE-2023-29326 – .NET Framework Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-29326
14 Jun 2023 — .NET Framework Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29326 •
CVSS: 7.8EPSS: 0%CPEs: 81EXPL: 0CVE-2023-24897 – .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-24897
14 Jun 2023 — .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0837
https://notcve.org/view.php?id=CVE-2023-0837
14 Jun 2023 — An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked. This can result in unwanted changes to the configuration. Una comprobación de autorización incorrecta de la configuración del dispositivo local en TeamViewer Remote entre las versiones 15.41 y 15.42.7 para Windows y macOS permite a un usuario sin privilegios cambiar la confi... • https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2023-1001 • CWE-285: Improper Authorization •
CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0CVE-2023-24937 – Windows CryptoAPI Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-24937
14 Jun 2023 — Windows CryptoAPI Denial of Service Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24937 • CWE-20: Improper Input Validation •
CVSS: 7.6EPSS: 0%CPEs: 82EXPL: 0CVE-2023-24936 – .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-24936
14 Jun 2023 — .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability A flaw was found in dotnet. This issue can allow bypass restrictions when deserializing a DataSet or DataTable from XML. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.118 and .NET Runtime 6.0.18. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936 •