CVSS: 8.8EPSS: 2%CPEs: 10EXPL: 2CVE-2023-29360 – Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability
https://notcve.org/view.php?id=CVE-2023-29360
13 Jun 2023 — Microsoft Streaming Service Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the mskssrv driver. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this ... • https://github.com/0xDivyanshu-new/CVE-2023-29360 • CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2023-29359 – GDI Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-29359
13 Jun 2023 — GDI Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29359 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2023-29358 – Windows GDI Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-29358
13 Jun 2023 — Windows GDI Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29358 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29355 – DHCP Server Service Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-29355
13 Jun 2023 — DHCP Server Service Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29355 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-29352 – Windows Remote Desktop Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-29352
13 Jun 2023 — Windows Remote Desktop Security Feature Bypass Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29352 •
CVSS: 8.5EPSS: 0%CPEs: 25EXPL: 0CVE-2023-29351 – Windows Group Policy Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-29351
13 Jun 2023 — Windows Group Policy Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29351 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2023-29346 – NTFS Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-29346
13 Jun 2023 — NTFS Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29346 • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0CVE-2023-24938 – Windows CryptoAPI Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-24938
13 Jun 2023 — Windows CryptoAPI Denial of Service Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24938 • CWE-476: NULL Pointer Dereference •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-34121
https://notcve.org/view.php?id=CVE-2023-34121
13 Jun 2023 — Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34120
https://notcve.org/view.php?id=CVE-2023-34120
13 Jun 2023 — Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-269: Improper Privilege Management CWE-347: Improper Verification of Cryptographic Signature •