CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2023-21542 – Windows Installer Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-21542
10 Jan 2023 — Windows Installer Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del instalador de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Installer service. By creating a junction, an attacker can abuse the service to create files in a... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21542 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-269: Improper Privilege Management CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.1EPSS: 1%CPEs: 31EXPL: 0CVE-2023-21543 – Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21543
10 Jan 2023 — Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código del protocolo de túnel de capa 2 de Windows (L2TP) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21543 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.1EPSS: 0%CPEs: 31EXPL: 0CVE-2023-21546 – Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21546
10 Jan 2023 — Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código del protocolo de túnel de capa 2 de Windows (L2TP) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21546 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-591: Sensitive Data Storage in Improperly Locked Memory •
CVSS: 8.1EPSS: 0%CPEs: 31EXPL: 0CVE-2023-21548 – Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21548
10 Jan 2023 — Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código del protocolo de túnel de socket seguro (SSTP) de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21548 • CWE-591: Sensitive Data Storage in Improperly Locked Memory •
CVSS: 9.0EPSS: 2%CPEs: 26EXPL: 0CVE-2023-21549 – Windows SMB Witness Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-21549
10 Jan 2023 — Windows SMB Witness Service Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del servicio testigo de SMB de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21549 • CWE-269: Improper Privilege Management CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 1%CPEs: 31EXPL: 0CVE-2023-21552 – Windows GDI Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-21552
10 Jan 2023 — Windows GDI Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Windows GDI • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21552 • CWE-269: Improper Privilege Management CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 31EXPL: 0CVE-2023-21555 – Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21555
10 Jan 2023 — Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código del protocolo de túnel de capa 2 de Windows (L2TP) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21555 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.1EPSS: 0%CPEs: 31EXPL: 0CVE-2023-21556 – Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21556
10 Jan 2023 — Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código del protocolo de túnel de capa 2 de Windows (L2TP) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21556 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.1EPSS: 0%CPEs: 31EXPL: 0CVE-2023-21557 – Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-21557
10 Jan 2023 — Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Vulnerabilidad de denegación de servicio del Protocolo ligero de acceso a directorios (LDAP) de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21557 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2023-21558 – Windows Error Reporting Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-21558
10 Jan 2023 — Windows Error Reporting Service Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del servicio de informes de errores de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21558 • CWE-20: Improper Input Validation •