CVSS: 7.3EPSS: 0%CPEs: 11EXPL: 2CVE-2023-36003 – XAML Diagnostics Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36003
XAML Diagnostics Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de diagnóstico XAML • https://github.com/m417z/CVE-2023-36003-POC https://github.com/baph0m3th/CVE-2023-36003 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36003 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2023-21740 – Windows Media Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21740
Windows Media Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Windows Media • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21740 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2023-36011 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36011
Win32k Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Win32k • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36011 • CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-36696 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36696
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del controlador del minifiltro de archivos en la nube de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36696 • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-24023 – kernel: Bluetooth Forward and Future Secrecy Attacks and Defenses
https://notcve.org/view.php?id=CVE-2023-24023
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS. Los dispositivos Bluetooth BR/EDR con emparejamiento simple seguro y emparejamiento de conexiones seguras en las especificaciones principales de Bluetooth 4.2 a 5.4 permiten ciertos ataques de intermediario que fuerzan una longitud de clave corta y pueden llevar al descubrimiento de la clave de cifrado y a la inyección en vivo, también conocido como BLUFFS. A flaw was found in Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4. This issue may allow certain man-in-the-middle attacks that force a short key length and might lead to discovery of the encryption key and live injection, aka BLUFFS. • https://dl.acm.org/doi/10.1145/3576915.3623066 https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability https://access.redhat.com/security/cve/CVE-2023-24023 https://bugzilla.redhat.com/show_bug.cgi?id=2254961 • CWE-300: Channel Accessible by Non-Endpoint •