CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-38171 – Microsoft QUIC Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-38171
10 Oct 2023 — Microsoft QUIC Denial of Service Vulnerability Vulnerabilidad de denegación de servicio en Microsoft QUIC • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171 • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-36902 – Windows Runtime Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-36902
10 Oct 2023 — Windows Runtime Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en Windows Runtime Remote • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36902 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2023-35349 – Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35349
10 Oct 2023 — Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en Microsoft Message Queue • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35349 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 80%CPEs: 444EXPL: 16CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 1%CPEs: 12EXPL: 2CVE-2023-38039 – curl: out of heap memory issue due to missing limit on header quantity
https://notcve.org/view.php?id=CVE-2023-38039
13 Sep 2023 — When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory. Cuando curl recupera una respuesta HTTP, almacena los encabezados entrantes para que se pueda acceder a ellos más tarde a través de la API de encabezados libcur... • https://github.com/Smartkeyss/CVE-2023-38039 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2023-38160 – Windows TCP/IP Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-38160
12 Sep 2023 — Windows TCP/IP Information Disclosure Vulnerability Vulnerabilidad de Divulgación de Información TCP/IP de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38160 • CWE-416: Use After Free CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 5CVE-2023-36802 – Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-36802
12 Sep 2023 — Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability Vulnerabilidad de Elevación de Privilegios del Proxy del Servicio de Microsoft Streaming Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation. • https://github.com/ISH2YU/CVE-2023-36802 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2023-36803 – Windows Kernel Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-36803
12 Sep 2023 — Windows Kernel Information Disclosure Vulnerability Vulnerabilidad de Divulgación de Información del Kernel de Windows The Microsoft Windows Kernel suffers from out-of-bounds reads and paged pool memory disclosure in VrpUpdateKeyInformation. • https://packetstorm.news/files/id/175109 • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-36804 – Windows GDI Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36804
12 Sep 2023 — Windows GDI Elevation of Privilege Vulnerability Vulnerabilidad de Elevación de Privilegios de Windows GDI This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull driver. The issue results from the lack of validating the existence of an object prior to performing operations... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36804 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2023-36805 – Windows MSHTML Platform Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-36805
12 Sep 2023 — Windows MSHTML Platform Security Feature Bypass Vulnerability Vulnerabilidad de Omisión de la Característica de Seguridad de la Plataforma MSHTML de Windows This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of certain image file types that can load scripts. Under li... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36805 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •