CVSS: 5.6EPSS: 0%CPEs: 301EXPL: 1CVE-2023-20569 – amd: Return Address Predictor vulnerability leading to information disclosure
https://notcve.org/view.php?id=CVE-2023-20569
08 Aug 2023 — A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. Una vulnerabilidad de canal lateral en algunas de las CPU de AMD puede permitir que un atacante influya en la predicción de la dirección de retorno. Esto puede dar lugar a una ejecución especulativa en una dirección controlada por el atacante, lo que podría conducir a l... • http://www.openwall.com/lists/oss-security/2023/08/08/4 • CWE-203: Observable Discrepancy •
CVSS: 7.6EPSS: 17%CPEs: 15EXPL: 9CVE-2023-36884 – Microsoft Windows Search Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-36884
11 Jul 2023 — Windows Search Remote Code Execution Vulnerability Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leading to remote code execution. • https://github.com/jakabakos/CVE-2023-36884-MS-Office-HTML-RCE • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 2%CPEs: 10EXPL: 2CVE-2023-29360 – Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability
https://notcve.org/view.php?id=CVE-2023-29360
13 Jun 2023 — Microsoft Streaming Service Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the mskssrv driver. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this ... • https://github.com/0xDivyanshu-new/CVE-2023-29360 • CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-1017 – TPM2.0 vulnerable to out-of-bounds write
https://notcve.org/view.php?id=CVE-2023-1017
28 Feb 2023 — An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. An out-of-bounds write vulnerability was found in the TPM 2.0's Module Library, which allows the writing of 2-byte data after the end of... • https://kb.cert.org/vuls/id/782720 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2023-1018 – TPM2.0 vulnerable to out-of-bounds read
https://notcve.org/view.php?id=CVE-2023-1018
28 Feb 2023 — An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM. An out-of-bound read vulnerability was found in the TPM 2.0's Module Library, which allows the reading of 2-byte data after the end of the TPM command. This flaw allows an attacker to leak confidential data stored within the libtpms... • https://kb.cert.org/vuls/id/782720 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 1CVE-2023-21674 – Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-21674
10 Jan 2023 — Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de llamada a procedimiento local avanzado (ALPC) de Windows. Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation. • https://github.com/hd3s5aa/CVE-2023-21674 • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 10EXPL: 0CVE-2022-44698 – Microsoft Defender SmartScreen Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-44698
13 Dec 2022 — Windows SmartScreen Security Feature Bypass Vulnerability Vulnerabilidad de omisión de la función de seguridad SmartScreen de Windows Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44698 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-41125 – Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41125
09 Nov 2022 — Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del servicio de Windows CNG Key Isolation Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41125 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 6%CPEs: 18EXPL: 0CVE-2022-41128 – Microsoft Windows Scripting Languages Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41128
09 Nov 2022 — Windows Scripting Languages Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en Windows Scripting Languages Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41128 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 1%CPEs: 12EXPL: 0CVE-2022-41091 – Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-41091
09 Nov 2022 — Windows Mark of the Web Security Feature Bypass Vulnerability Vulnerabilidad de omisión de la característica de seguridad web de Windows Mark Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41091 • CWE-863: Incorrect Authorization •