CVSS: 8.8EPSS: 26%CPEs: 17EXPL: 2CVE-2024-49039 – Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-49039
12 Nov 2024 — Windows Task Scheduler Elevation of Privilege Vulnerability Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges outside of its AppContainer, and access privileged RPC functions. • https://github.com/je5442804/WPTaskScheduler_CVE-2024-49039 • CWE-287: Improper Authentication •
CVSS: 6.2EPSS: 0%CPEs: 26EXPL: 0CVE-2024-38203 – Windows Package Library Manager Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-38203
12 Nov 2024 — Windows Package Library Manager Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38203 • CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 1CVE-2024-43641 – Windows Registry Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-43641
12 Nov 2024 — Windows Registry Elevation of Privilege Vulnerability The Microsoft Windows kernel registry security descriptor refcount may overflow when referenced by too many transacted operations. • https://packetstorm.news/files/id/183018 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2024-43636 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-43636
12 Nov 2024 — Win32k Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43636 • CWE-822: Untrusted Pointer Dereference •
CVSS: 10.0EPSS: 1%CPEs: 26EXPL: 0CVE-2024-43635 – Windows Telephony Service Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43635
12 Nov 2024 — Windows Telephony Service Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43635 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2024-43622 – Windows Telephony Service Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43622
12 Nov 2024 — Windows Telephony Service Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43622 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 1%CPEs: 26EXPL: 0CVE-2024-43621 – Windows Telephony Service Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43621
12 Nov 2024 — Windows Telephony Service Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43621 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2024-43620 – Windows Telephony Service Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43620
12 Nov 2024 — Windows Telephony Service Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43620 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2024-49046 – Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-49046
12 Nov 2024 — Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49046 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 90%CPEs: 24EXPL: 1CVE-2024-43451 – Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-43451
12 Nov 2024 — NTLM Hash Disclosure Spoofing Vulnerability Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker could then leverage this hash to impersonate that user. • https://github.com/RonF98/CVE-2024-43451-POC • CWE-73: External Control of File Name or Path •