CVSS: 5.5EPSS: 22%CPEs: 4EXPL: 2CVE-2024-26160 – Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-26160
12 Mar 2024 — Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability Vulnerabilidad de divulgación de información del controlador del minifiltro de archivos en la nube de Windows • https://github.com/0x00Alchemist/CVE-2024-26160 • CWE-126: Buffer Over-read •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2024-23441 – Vba32 Antivirus v3.36.0 - Denial of Service (DoS)
https://notcve.org/view.php?id=CVE-2024-23441
29 Jan 2024 — Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver. • https://fluidattacks.com/advisories/rollins • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 41%CPEs: 7EXPL: 3CVE-2024-21306 – Microsoft Bluetooth Driver Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-21306
09 Jan 2024 — Microsoft Bluetooth Driver Spoofing Vulnerability Vulnerabilidad de suplantación de controladores Bluetooth de Microsoft • https://github.com/PhucHauDeveloper/BadBlue • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 17%CPEs: 21EXPL: 2CVE-2023-36424 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36424
14 Nov 2023 — Windows Common Log File System Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del controlador del sistema de archivos de registro común de Windows. • https://github.com/Nassim-Asrir/CVE-2023-36424 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2023-41444
https://notcve.org/view.php?id=CVE-2023-41444
28 Sep 2023 — An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver. • https://blog.dru1d.ninja/windows-driver-exploit-development-irec-sys-a5eb45093945 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 4CVE-2022-47631 – Razer Synapse Race Condition / DLL Hijacking
https://notcve.org/view.php?id=CVE-2022-47631
14 Sep 2023 — As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows. ... Como resultado, los usuarios locales de Windows pueden abusar del instalador del controlador Razer para obtener privilegios administrativos en Windows. ... As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows. • https://packetstorm.news/files/id/174696 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 1CVE-2022-45451
https://notcve.org/view.php?id=CVE-2022-45451
31 Aug 2023 — Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984. • https://github.com/alfarom256/CVE-2022-45451 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 6%CPEs: 4EXPL: 2CVE-2023-20562 –
https://notcve.org/view.php?id=CVE-2023-20562
08 Aug 2023 — Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. • https://github.com/zeze-zeze/HITCON-2023-Demo-CVE-2023-20562 •
CVSS: 8.8EPSS: 11%CPEs: 16EXPL: 1CVE-2023-36900 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36900
08 Aug 2023 — Windows Common Log File System Driver Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the clfs.sys driver. • https://github.com/RomanRybachek/CVE-2023-36900 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35863
https://notcve.org/view.php?id=CVE-2023-35863
05 Jul 2023 — In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. • https://ctrl-c.club/~blue/nfsdk.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •