Page 87 of 598 results (0.003 seconds)

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

Windows Kernel Elevation of Privilege Vulnerability This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of relocation tables in PE files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow when performing a bounds check before reading from memory. An attacker can leverage this vulnerability to create a persistent denial-of-service condition on the system. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24949 • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.6EPSS: 0%CPEs: 11EXPL: 0

Windows Bluetooth Driver Elevation of Privilege Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must connect a malicious Bluetooth device. The specific flaw exists within the processing of AVDTP packets. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the kernel. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24948 • CWE-122: Heap-based Buffer Overflow •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

Windows Bluetooth Driver Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24947 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0

Windows Backup Service Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24946 • CWE-591: Sensitive Data Storage in Improperly Locked Memory •

CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0

Windows iSCSI Target Service Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24945 • CWE-190: Integer Overflow or Wraparound •