CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24914 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-24914
11 Apr 2023 — Win32k Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24914 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-21769 – Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-21769
11 Apr 2023 — Microsoft Message Queuing Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21769 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2023-21729 – Remote Procedure Call Runtime Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-21729
11 Apr 2023 — Remote Procedure Call Runtime Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21729 • CWE-125: Out-of-bounds Read •
CVSS: 9.0EPSS: 0%CPEs: 14EXPL: 0CVE-2023-21727 – Remote Procedure Call Runtime Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21727
11 Apr 2023 — Remote Procedure Call Runtime Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21727 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27497 – Multiple vulnerabilities in SAP Diagnostics Agent (EventLogServiceCollector)
https://notcve.org/view.php?id=CVE-2023-27497
11 Apr 2023 — Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system. • https://launchpad.support.sap.com/#/notes/3305369 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2023-28267 – Remote Desktop Protocol Client Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-28267
11 Apr 2023 — Remote Desktop Protocol Client Information Disclosure Vulnerability This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must open a remote desktop session to a host that has been compromised or otherwise under control of an attacker. The specific flaw exists within the Remote Desktop client. A crafted audio packet can trigger access to memory prior to initial... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28267 • CWE-126: Buffer Over-read •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 3CVE-2022-38604
https://notcve.org/view.php?id=CVE-2022-38604
11 Apr 2023 — Wacom Driver 6.3.46-1 for Windows and lower was discovered to contain an arbitrary file deletion vulnerability. • https://github.com/LucaBarile/CVE-2022-38604 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22282
https://notcve.org/view.php?id=CVE-2023-22282
11 Apr 2023 — WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. • https://jvn.jp/en/jp/JVN35246979 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.6EPSS: 0%CPEs: 15EXPL: 0CVE-2023-28227 – Windows Bluetooth Driver Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-28227
11 Apr 2023 — Windows Bluetooth Driver Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must connect a malicious Bluetooth device. The specific flaw exists within the processing of BNEP packets. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28227 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0977
https://notcve.org/view.php?id=CVE-2023-0977
03 Apr 2023 — A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable. • https://kcm.trellix.com/corporate/index?page=content&id=SB10396 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •