CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-41766 – Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-41766
10 Oct 2023 — Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Windows Client Server Run-Time Subsystem (CSRSS) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41766 • CWE-426: Untrusted Search Path •
CVSS: 8.1EPSS: 0%CPEs: 14EXPL: 0CVE-2023-41765 – Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41765
10 Oct 2023 — Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en Layer 2 Tunneling Protocol • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41765 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-36902 – Windows Runtime Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-36902
10 Oct 2023 — Windows Runtime Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en Windows Runtime Remote • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36902 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2023-35349 – Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35349
10 Oct 2023 — Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en Microsoft Message Queue • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35349 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 80%CPEs: 444EXPL: 16CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2023-38160 – Windows TCP/IP Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-38160
12 Sep 2023 — Windows TCP/IP Information Disclosure Vulnerability Vulnerabilidad de Divulgación de Información TCP/IP de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38160 • CWE-416: Use After Free CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2023-36803 – Windows Kernel Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-36803
12 Sep 2023 — Windows Kernel Information Disclosure Vulnerability Vulnerabilidad de Divulgación de Información del Kernel de Windows The Microsoft Windows Kernel suffers from out-of-bounds reads and paged pool memory disclosure in VrpUpdateKeyInformation. • https://packetstorm.news/files/id/175109 • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-36804 – Windows GDI Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36804
12 Sep 2023 — Windows GDI Elevation of Privilege Vulnerability Vulnerabilidad de Elevación de Privilegios de Windows GDI This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull driver. The issue results from the lack of validating the existence of an object prior to performing operations... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36804 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2023-36805 – Windows MSHTML Platform Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-36805
12 Sep 2023 — Windows MSHTML Platform Security Feature Bypass Vulnerability Vulnerabilidad de Omisión de la Característica de Seguridad de la Plataforma MSHTML de Windows This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of certain image file types that can load scripts. Under li... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36805 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 1CVE-2023-38139 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-38139
12 Sep 2023 — Windows Kernel Elevation of Privilege Vulnerability Vulnerabilidad de Elevación de Privilegios del Kernel de Windows The Microsoft Windows kernel does not reset security cache during self-healing, leading to refcount overflow and use-after-free conditions. • https://packetstorm.news/files/id/174849 • CWE-416: Use After Free •