
CVE-2024-30085 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-30085
11 Jun 2024 — Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del controlador del minifiltro de archivos en la nube de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the cldflt kernel ... • https://packetstorm.news/files/id/189962 • CWE-122: Heap-based Buffer Overflow •

CVE-2024-35250 – Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability
https://notcve.org/view.php?id=CVE-2024-35250
11 Jun 2024 — Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del controlador en modo kernel de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges. • https://packetstorm.news/files/id/182984 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •

CVE-2024-30078 – Windows Wi-Fi Driver Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30078
11 Jun 2024 — Windows Wi-Fi Driver Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código del controlador Wi-Fi de Windows • https://github.com/lvyitian/CVE-2024-30078- • CWE-20: Improper Input Validation •

CVE-2024-30002 – Windows Mobile Broadband Driver Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30002
14 May 2024 — Windows Mobile Broadband Driver Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código del controlador de banda ancha de Windows Mobile • https://github.com/EQSTSeminar/git_rce • CWE-20: Improper Input Validation •

CVE-2024-26160 – Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-26160
12 Mar 2024 — Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability Vulnerabilidad de divulgación de información del controlador del minifiltro de archivos en la nube de Windows • https://github.com/0x00Alchemist/CVE-2024-26160 • CWE-126: Buffer Over-read •

CVE-2024-23441 – Vba32 Antivirus v3.36.0 - Denial of Service (DoS)
https://notcve.org/view.php?id=CVE-2024-23441
29 Jan 2024 — Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver. • https://fluidattacks.com/advisories/rollins • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption CWE-476: NULL Pointer Dereference •

CVE-2024-21306 – Microsoft Bluetooth Driver Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-21306
09 Jan 2024 — Microsoft Bluetooth Driver Spoofing Vulnerability Vulnerabilidad de suplantación de controladores Bluetooth de Microsoft • https://github.com/PhucHauDeveloper/BadBlue • CWE-306: Missing Authentication for Critical Function •

CVE-2023-36424 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36424
14 Nov 2023 — Windows Common Log File System Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del controlador del sistema de archivos de registro común de Windows. • https://github.com/Nassim-Asrir/CVE-2023-36424 • CWE-125: Out-of-bounds Read •

CVE-2023-41444
https://notcve.org/view.php?id=CVE-2023-41444
28 Sep 2023 — An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver. • https://blog.dru1d.ninja/windows-driver-exploit-development-irec-sys-a5eb45093945 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2022-47631 – Razer Synapse Race Condition / DLL Hijacking
https://notcve.org/view.php?id=CVE-2022-47631
14 Sep 2023 — As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows. ... Como resultado, los usuarios locales de Windows pueden abusar del instalador del controlador Razer para obtener privilegios administrativos en Windows. ... As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows. • https://packetstorm.news/files/id/174696 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •