CVE-2023-24948 – Windows Bluetooth Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-24948
Windows Bluetooth Driver Elevation of Privilege Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must connect a malicious Bluetooth device. The specific flaw exists within the processing of AVDTP packets. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the kernel. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24948 • CWE-122: Heap-based Buffer Overflow •
CVE-2023-24946 – Windows Backup Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-24946
Windows Backup Service Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24946 • CWE-591: Sensitive Data Storage in Improperly Locked Memory •
CVE-2023-24945 – Windows iSCSI Target Service Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-24945
Windows iSCSI Target Service Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24945 • CWE-190: Integer Overflow or Wraparound •
CVE-2023-24944 – Windows Bluetooth Driver Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-24944
Windows Bluetooth Driver Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24944 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-24905 – Remote Desktop Client Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-24905
Remote Desktop Client Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24905 • CWE-284: Improper Access Control •