CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-21310 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-21310
09 Jan 2024 — Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del controlador del minifiltro de archivos en la nube de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Only systems with long Win32 path support enabled are affected. The specific flaw... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21310 • CWE-197: Numeric Truncation Error •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2024-20692 – Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-20692
09 Jan 2024 — Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Vulnerabilidad de divulgación de información del servicio del subsistema de la autoridad de seguridad local de Microsoft • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20692 • CWE-326: Inadequate Encryption Strength CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.7EPSS: 0%CPEs: 10EXPL: 0CVE-2024-21316 – Windows Server Key Distribution Service Security Feature Bypass
https://notcve.org/view.php?id=CVE-2024-21316
09 Jan 2024 — Windows Server Key Distribution Service Security Feature Bypass Omisión de la función de seguridad del servicio de distribución de claves de Windows Server • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21316 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 16EXPL: 0CVE-2024-21313 – Windows TCP/IP Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-21313
09 Jan 2024 — Windows TCP/IP Information Disclosure Vulnerability Vulnerabilidad de divulgación de información TCP/IP de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21313 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.6EPSS: 0%CPEs: 14EXPL: 0CVE-2024-21307 – Remote Desktop Client Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-21307
09 Jan 2024 — Remote Desktop Client Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código del cliente de escritorio remoto • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21307 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 9EXPL: 1CVE-2024-21305 – Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-21305
09 Jan 2024 — Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability Vulnerabilidad de omisión de la característica de seguridad de Hypervisor-Protected Code Integrity (HVCI) This post details the story and technical details of the non-secure Hypervisor-Protected Code Integrity (HVCI) configuration vulnerability disclosed and fixed with the January 9th update on Windows. This vulnerability, CVE-2024-21305, allowed arbitrary kernel-mode code execution, effectively bypassing HVCI within the root p... • https://github.com/tandasat/CVE-2024-21305 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2024-20700 – Windows Hyper-V Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20700
09 Jan 2024 — Windows Hyper-V Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Windows Hyper-V • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20700 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2024-20698 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-20698
09 Jan 2024 — Windows Kernel Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del kernel de Windows • https://github.com/RomanRybachek/CVE-2024-20698 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.3EPSS: 0%CPEs: 9EXPL: 1CVE-2024-20696 – Windows libarchive Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20696
09 Jan 2024 — Windows Libarchive Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Windows Libarchive Windows libarchive Remote Code Execution Vulnerability It was discovered that libarchive incorrectly handled certain RAR archive files. If a user or automated system were tricked into processing a specially crafted RAR archive, an attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://github.com/clearbluejar/CVE-2024-20696 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2024-20694 – Windows CoreMessaging Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-20694
09 Jan 2024 — Windows CoreMessaging Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de Windows CoreMessaging • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20694 • CWE-668: Exposure of Resource to Wrong Sphere CWE-908: Use of Uninitialized Resource •