CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-21568 – Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21568
Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21568 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 2%CPEs: 14EXPL: 0CVE-2022-37966 – Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-37966
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Kerberos RC4-HMAC de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37966 https://security.gentoo.org/glsa/202309-06 •
CVSS: 7.2EPSS: 5%CPEs: 14EXPL: 0CVE-2022-37967 – Windows Kerberos Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-37967
Windows Kerberos Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Kerberos en Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967 https://security.gentoo.org/glsa/202309-06 •
CVSS: 8.1EPSS: 2%CPEs: 14EXPL: 0CVE-2022-38023 – Netlogon RPC Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-38023
Netlogon RPC Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Netlogon RPC A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between the samba client and server to craft data with the same MD5 calculation and replace it without being detected. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38023 https://security.gentoo.org/glsa/202309-06 https://access.redhat.com/security/cve/CVE-2022-38023 https://bugzilla.redhat.com/show_bug.cgi?id=2154362 • CWE-328: Use of Weak Hash •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-36336 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-36336
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue. Una vulnerabilidad de seguimiento de enlaces en la función scanning de los agentes de Trend Micro Apex One y Worry-Free Business Security podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. La resolución de este problema se ha desplegado automáticamente por medio de ActiveUpdate a clientes con un patrón de Spyware actualizado. • https://success.trendmicro.com/solution/000291267 https://www.zerodayinitiative.com/advisories/ZDI-22-1033 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •