CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2022-35746 – Windows Digital Media Receiver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-35746
31 May 2023 — Windows Digital Media Receiver Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35746 •
CVSS: 8.1EPSS: 0%CPEs: 19EXPL: 0CVE-2022-35745 – Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-35745
31 May 2023 — Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35745 •
CVSS: 10.0EPSS: 0%CPEs: 27EXPL: 0CVE-2022-35744 – Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-35744
31 May 2023 — Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35744 •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2022-35743 – Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-35743
31 May 2023 — Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35743 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2939 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-2939
30 May 2023 — Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected. • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-20884
https://notcve.org/view.php?id=CVE-2023-20884
30 May 2023 — VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leadi... • https://www.vmware.com/security/advisories/VMSA-2023-0011.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-28353
https://notcve.org/view.php?id=CVE-2023-28353
30 May 2023 — An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to chain this vulnerability with others to cause a deployed DLL file to immediately execute as NT AUTHORITY/SYSTEM. • https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 1CVE-2023-28350
https://notcve.org/view.php?id=CVE-2023-28350
30 May 2023 — An issue was discovered in Faronics Insight 10.0.19045 on Windows. Attacker-supplied input is not validated/sanitized before being rendered in both the Teacher and Student Console applications, enabling an attacker to execute JavaScript in these applications. Due to the rich and highly privileged functionality offered by the Teacher Console, the ability to silently exploit Cross Site Scripting (XSS) on the Teacher Machine enables remote code execution on any connected student machine (and the teacher's mach... • https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 1CVE-2023-25734 – Gentoo Linux Security Advisory 202305-35
https://notcve.org/view.php?id=CVE-2023-25734
30 May 2023 — After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. • https://bugzilla.mozilla.org/show_bug.cgi?id=1784451 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-28349
https://notcve.org/view.php?id=CVE-2023-28349
30 May 2023 — An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a crafted program that functions similarly to the Teacher Console. This can compel Student Consoles to connect and put themselves at risk automatically. Connected Student Consoles can be compelled to write arbitrary files to arbitrary locations on disk with NT AUTHORITY/SYSTEM level permissions, enabling remote code execution. • https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight • CWE-346: Origin Validation Error •