CVSS: 6.4EPSS: 30%CPEs: 12EXPL: 1CVE-2022-41049 – Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-41049
09 Nov 2022 — Windows Mark of the Web Security Feature Bypass Vulnerability Vulnerabilidad de omisión de la característica de seguridad web de Windows Mark Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. • https://github.com/Nathan01110011/CVE-2022-41049-POC •
CVSS: 6.4EPSS: 5%CPEs: 12EXPL: 0CVE-2022-41091 – Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-41091
09 Nov 2022 — Windows Mark of the Web Security Feature Bypass Vulnerability Vulnerabilidad de omisión de la característica de seguridad web de Windows Mark Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41091 • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 0CVE-2022-41125 – Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41125
09 Nov 2022 — Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del servicio de Windows CNG Key Isolation Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41125 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 69%CPEs: 18EXPL: 0CVE-2022-41128 – Microsoft Windows Scripting Languages Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41128
09 Nov 2022 — Windows Scripting Languages Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en Windows Scripting Languages Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41128 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 19EXPL: 1CVE-2022-41073 – Microsoft Windows Print Spooler Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41073
09 Nov 2022 — Windows Print Spooler Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en la Cola de Impresión de Windows Windows still suffers from issues related to the replacement of the system drive letter during impersonation. This can be abused to trick privilege processes to load configuration files and other resources from untrusted locations leading to elevation of privilege. Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-... • https://packetstorm.news/files/id/174528 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2022-41033 – Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41033
11 Oct 2022 — Windows COM+ Event System Service Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en system service de eventos COM+ de Windows Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41033 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 5%CPEs: 17EXPL: 1CVE-2022-37969 – Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-37969
13 Sep 2022 — Windows Common Log File System Driver Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Windows Common Log File System Driver. Este ID de CVE es diferente de CVE-2022-35803 Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation. • https://github.com/fortra/CVE-2022-37969 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 5%CPEs: 27EXPL: 0CVE-2022-35750 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-35750
18 Aug 2022 — Win32k Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of bitmap objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerab... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35750 •
CVSS: 8.8EPSS: 5%CPEs: 17EXPL: 0CVE-2022-35751 – Windows Hyper-V Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-35751
18 Aug 2022 — Windows Hyper-V Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the vhdmp.sys driver. The issue results from improper authorization logic when accessing VHD files. An attacker can leverage this vulnerability to escalate privileges and execute a... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35751 •
CVSS: 7.8EPSS: 9%CPEs: 19EXPL: 0CVE-2022-34713 – Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-34713
09 Aug 2022 — Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota en Microsoft Windows Support Diagnostic Tool (MSDT). Este ID de CVE es diferente de CVE-2022-35743 A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713 •