CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2024-23441 – Vba32 Antivirus v3.36.0 - Denial of Service (DoS)
https://notcve.org/view.php?id=CVE-2024-23441
Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver. • https://fluidattacks.com/advisories/rollins https://www.anti-virus.by/vba32 • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption CWE-476: NULL Pointer Dereference •
CVSS: 5.7EPSS: 0%CPEs: 7EXPL: 2CVE-2024-21306 – Microsoft Bluetooth Driver Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-21306
Microsoft Bluetooth Driver Spoofing Vulnerability Vulnerabilidad de suplantación de controladores Bluetooth de Microsoft • https://github.com/PhucHauDeveloper/BadBlue https://github.com/d4rks1d33/C-PoC-for-CVE-2024-21306 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21306 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 4%CPEs: 21EXPL: 1CVE-2023-36424 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36424
Windows Common Log File System Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del controlador del sistema de archivos de registro común de Windows. • https://github.com/Nassim-Asrir/CVE-2023-36424 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36424 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2023-41444
https://notcve.org/view.php?id=CVE-2023-41444
An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver. • https://blog.dru1d.ninja/windows-driver-exploit-development-irec-sys-a5eb45093945 https://gist.github.com/dru1d-foofus/1af21179f253879f101c3a8d4f718bf0 https://github.com/magicsword-io/LOLDrivers/blob/main/yaml/d74fdf19-b4b0-4ec2-9c29-4213b064138b.yml • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2022-47631 – Razer Synapse Race Condition / DLL Hijacking
https://notcve.org/view.php?id=CVE-2022-47631
As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows. ... Como resultado, los usuarios locales de Windows pueden abusar del instalador del controlador Razer para obtener privilegios administrativos en Windows. ... As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows. • http://packetstormsecurity.com/files/174696/Razer-Synapse-Race-Condition-DLL-Hijacking.html http://seclists.org/fulldisclosure/2023/Sep/6 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-002.txt • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •