Page 2 of 231 results (0.105 seconds)

CVSS: 7.8EPSS: 56%CPEs: 9EXPL: 3

11 Jun 2024 — Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del controlador del minifiltro de archivos en la nube de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the cldflt kernel ... • https://packetstorm.news/files/id/189962 • CWE-122: Heap-based Buffer Overflow •

CVSS: 8.8EPSS: 52%CPEs: 17EXPL: 7

11 Jun 2024 — Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del controlador en modo kernel de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges. • https://packetstorm.news/files/id/182984 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •

CVSS: 8.8EPSS: 13%CPEs: 17EXPL: 4

11 Jun 2024 — Windows Wi-Fi Driver Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código del controlador Wi-Fi de Windows • https://github.com/lvyitian/CVE-2024-30078- • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 1

14 May 2024 — Windows Mobile Broadband Driver Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código del controlador de banda ancha de Windows Mobile • https://github.com/EQSTSeminar/git_rce • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 36%CPEs: 4EXPL: 2

12 Mar 2024 — Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability Vulnerabilidad de divulgación de información del controlador del minifiltro de archivos en la nube de Windows • https://github.com/0x00Alchemist/CVE-2024-26160 • CWE-126: Buffer Over-read •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1

29 Jan 2024 — Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver. • https://fluidattacks.com/advisories/rollins • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption CWE-476: NULL Pointer Dereference •

CVSS: 6.1EPSS: 28%CPEs: 7EXPL: 3

09 Jan 2024 — Microsoft Bluetooth Driver Spoofing Vulnerability Vulnerabilidad de suplantación de controladores Bluetooth de Microsoft • https://github.com/PhucHauDeveloper/BadBlue • CWE-306: Missing Authentication for Critical Function •

CVSS: 7.8EPSS: 17%CPEs: 21EXPL: 2

14 Nov 2023 — Windows Common Log File System Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del controlador del sistema de archivos de registro común de Windows. • https://github.com/Nassim-Asrir/CVE-2023-36424 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3

28 Sep 2023 — An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver. • https://blog.dru1d.ninja/windows-driver-exploit-development-irec-sys-a5eb45093945 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 4

14 Sep 2023 — As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows. ... Como resultado, los usuarios locales de Windows pueden abusar del instalador del controlador Razer para obtener privilegios administrativos en Windows. ... As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows. • https://packetstorm.news/files/id/174696 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •