CVSS: 8.0EPSS: 1%CPEs: 26EXPL: 0CVE-2024-20654 – Microsoft ODBC Driver Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20654
Microsoft ODBC Driver Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código del controlador ODBC de Microsoft • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20654 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 0CVE-2024-20674 – Windows Kerberos Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-20674
Windows Kerberos Security Feature Bypass Vulnerability Vulnerabilidad de omisión de la función de seguridad Kerberos de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674 • CWE-290: Authentication Bypass by Spoofing CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 6.6EPSS: 0%CPEs: 16EXPL: 3CVE-2024-20666 – BitLocker Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-20666
BitLocker Security Feature Bypass Vulnerability Vulnerabilidad de omisión de la característica de seguridad de BitLocker • https://github.com/invaderslabs/CVE-2024-20666 https://github.com/nnotwen/Script-For-CVE-2024-20666 https://github.com/HYZ3K/CVE-2024-20666 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20666 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-6407 – Schneider Electric APC Easy UPS Online deletePdfReportFile Directory Traversal Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-6407
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker. Existe una vulnerabilidad CWE-22: limitación inadecuada de un nombre de ruta a un directorio restringido ("Path Traversal") que podría causar la eliminación arbitraria de archivos al reiniciar el servicio cuando un atacante local y con pocos privilegios accede a él. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Schneider Electric APC Easy UPS Online. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the deletePdfReportFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-346-03.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-35622 – Windows DNS Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-35622
Windows DNS Spoofing Vulnerability Vulnerabilidad de suplantación de DNS de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35622 •