CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2023-1018 – TPM2.0 vulnerable to out-of-bounds read
https://notcve.org/view.php?id=CVE-2023-1018
An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM. An out-of-bound read vulnerability was found in the TPM 2.0's Module Library, which allows the reading of 2-byte data after the end of the TPM command. This flaw allows an attacker to leak confidential data stored within the libtpms context. • https://kb.cert.org/vuls/id/782720 https://trustedcomputinggroup.org/about/security https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf https://access.redhat.com/security/cve/CVE-2023-1018 https://bugzilla.redhat.com/show_bug.cgi?id=2149420 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 27%CPEs: 28EXPL: 1CVE-2023-21823 – Microsoft Windows Graphic Component Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-21823
Windows Graphics Component Remote Code Execution Vulnerability Microsoft Windows Graphic Component contains an unspecified vulnerability that allows for privilege escalation. • https://github.com/Elizarfish/CVE-2023-21823 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 28%CPEs: 28EXPL: 0CVE-2023-21692 – Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21692
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21692 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2023-21691 – Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-21691
Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21691 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 28%CPEs: 28EXPL: 0CVE-2023-21690 – Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21690
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21690 • CWE-122: Heap-based Buffer Overflow •