CVE-2023-41766 – Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-41766
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Windows Client Server Run-Time Subsystem (CSRSS) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41766 • CWE-426: Untrusted Search Path •
CVE-2023-41765 – Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41765
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en Layer 2 Tunneling Protocol • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41765 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2023-36902 – Windows Runtime Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-36902
Windows Runtime Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en Windows Runtime Remote • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36902 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2023-35349 – Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35349
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en Microsoft Message Queue • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35349 • CWE-20: Improper Input Validation •
CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •