CVE-2022-26928 – Windows Photo Import API Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-26928
Windows Photo Import API Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Windows Photo Import API • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26928 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2022-35837 – Windows Graphics Component Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-35837
Windows Graphics Component Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información de Windows Graphics Component. Este ID de CVE es diferente de CVE-2022-34728, CVE-2022-38006 • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35837 •
CVE-2022-37956 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-37956
Windows Kernel Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Windows Kernel. Este ID de CVE es diferente de CVE-2022-37957, CVE-2022-37964 The Windows Kernel suffers from integer overflow vulnerabilities in its registry subkey lists leading to memory corruption. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37956 •
CVE-2022-34303 – shim: 3rd party shim allow secure boot bypass
https://notcve.org/view.php?id=CVE-2022-34303
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. Se ha encontrado un fallo en los cargadores de arranque de Eurosoft versiones anteriores a 01-06-2022. • https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html https://www.kb.cert.org/vuls/id/309662 https://access.redhat.com/security/cve/CVE-2022-34303 https://bugzilla.redhat.com/show_bug.cgi?id=2120701 • CWE-494: Download of Code Without Integrity Check •
CVE-2022-34301 – shim: 3rd party shim allow secure boot bypass
https://notcve.org/view.php?id=CVE-2022-34301
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. Se ha encontrado un fallo en los cargadores de arranque de CryptoPro Secure Disk versiones anteriores a 01-06-2022. • https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html https://www.kb.cert.org/vuls/id/309662 https://access.redhat.com/security/cve/CVE-2022-34301 https://bugzilla.redhat.com/show_bug.cgi?id=2120699 • CWE-494: Download of Code Without Integrity Check •