CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2023-1018 – TPM2.0 vulnerable to out-of-bounds read
https://notcve.org/view.php?id=CVE-2023-1018
An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM. An out-of-bound read vulnerability was found in the TPM 2.0's Module Library, which allows the reading of 2-byte data after the end of the TPM command. This flaw allows an attacker to leak confidential data stored within the libtpms context. • https://kb.cert.org/vuls/id/782720 https://trustedcomputinggroup.org/about/security https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf https://access.redhat.com/security/cve/CVE-2023-1018 https://bugzilla.redhat.com/show_bug.cgi?id=2149420 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 1CVE-2023-21674 – Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-21674
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de llamada a procedimiento local avanzado (ALPC) de Windows. Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation. • https://github.com/hd3s5aa/CVE-2023-21674 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21674 • CWE-416: Use After Free •
CVSS: 5.4EPSS: 2%CPEs: 10EXPL: 0CVE-2022-44698 – Microsoft Defender SmartScreen Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-44698
Windows SmartScreen Security Feature Bypass Vulnerability Vulnerabilidad de omisión de la función de seguridad SmartScreen de Windows Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44698 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2022-41073 – Microsoft Windows Print Spooler Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41073
Windows Print Spooler Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en la Cola de Impresión de Windows Windows still suffers from issues related to the replacement of the system drive letter during impersonation. This can be abused to trick privilege processes to load configuration files and other resources from untrusted locations leading to elevation of privilege. Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges. • http://packetstormsecurity.com/files/174528/Microsoft-Windows-Privilege-Escalation.html https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41073 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-41125 – Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41125
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del servicio de Windows CNG Key Isolation Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41125 • CWE-787: Out-of-bounds Write •