CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 1CVE-2024-38178 – Microsoft Windows Scripting Engine Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2024-38178
Scripting Engine Memory Corruption Vulnerability Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL. • https://github.com/uixss/PoC-CVE-2024-38178 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38178 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38161 – Windows Mobile Broadband Driver Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38161
Windows Mobile Broadband Driver Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38161 • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38123 – Windows Bluetooth Driver Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-38123
Windows Bluetooth Driver Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38123 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38163 – Windows Update Stack Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-38163
Windows Update Stack Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the WinREUpdateInstaller_2401B_amd64 installer. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38163 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 1CVE-2024-6768 – Denial of Service in CLFS.sys
https://notcve.org/view.php?id=CVE-2024-6768
A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function. • https://github.com/fortra/CVE-2024-6768 https://www.fortra.com/security/advisories/research/fr-2024-001 • CWE-1284: Improper Validation of Specified Quantity in Input •