CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38160 – Windows Network Virtualization Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38160
Windows Network Virtualization Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38160 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38159 – Windows Network Virtualization Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38159
Windows Network Virtualization Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38159 • CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38123 – Windows Bluetooth Driver Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-38123
Windows Bluetooth Driver Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38123 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38163 – Windows Update Stack Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-38163
Windows Update Stack Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the WinREUpdateInstaller_2401B_amd64 installer. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38163 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 1CVE-2024-6768 – Denial of Service in CLFS.sys
https://notcve.org/view.php?id=CVE-2024-6768
A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function. • https://github.com/fortra/CVE-2024-6768 https://www.fortra.com/security/advisories/research/fr-2024-001 • CWE-1284: Improper Validation of Specified Quantity in Input •