CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2024-20700 – Windows Hyper-V Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20700
Windows Hyper-V Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Windows Hyper-V • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20700 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2024-20698 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-20698
Windows Kernel Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del kernel de Windows • https://github.com/RomanRybachek/CVE-2024-20698 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20698 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.3EPSS: 0%CPEs: 9EXPL: 1CVE-2024-20696 – Windows libarchive Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20696
Windows Libarchive Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Windows Libarchive Windows libarchive Remote Code Execution Vulnerability • https://github.com/clearbluejar/CVE-2024-20696 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20696 https://clearbluejar.github.io/posts/patch-tuesday-diffing-cve-2024-20696-windows-libarchive-rce • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2024-20694 – Windows CoreMessaging Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-20694
Windows CoreMessaging Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de Windows CoreMessaging • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20694 • CWE-668: Exposure of Resource to Wrong Sphere CWE-908: Use of Uninitialized Resource •
CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-24023 – kernel: Bluetooth Forward and Future Secrecy Attacks and Defenses
https://notcve.org/view.php?id=CVE-2023-24023
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS. Los dispositivos Bluetooth BR/EDR con emparejamiento simple seguro y emparejamiento de conexiones seguras en las especificaciones principales de Bluetooth 4.2 a 5.4 permiten ciertos ataques de intermediario que fuerzan una longitud de clave corta y pueden llevar al descubrimiento de la clave de cifrado y a la inyección en vivo, también conocido como BLUFFS. A flaw was found in Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4. This issue may allow certain man-in-the-middle attacks that force a short key length and might lead to discovery of the encryption key and live injection, aka BLUFFS. • https://dl.acm.org/doi/10.1145/3576915.3623066 https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability https://access.redhat.com/security/cve/CVE-2023-24023 https://bugzilla.redhat.com/show_bug.cgi?id=2254961 • CWE-300: Channel Accessible by Non-Endpoint •