CVE-2023-23394 – Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-23394
Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23394 • CWE-668: Exposure of Resource to Wrong Sphere CWE-822: Untrusted Pointer Dereference •
CVE-2023-23388 – Windows Bluetooth Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-23388
Windows Bluetooth Driver Elevation of Privilege Vulnerability • https://github.com/ynwarcs/CVE-2023-23388 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23388 • CWE-681: Incorrect Conversion between Numeric Types •
CVE-2023-23385 – Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-23385
Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23385 • CWE-190: Integer Overflow or Wraparound •
CVE-2023-1017 – TPM2.0 vulnerable to out-of-bounds write
https://notcve.org/view.php?id=CVE-2023-1017
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. An out-of-bounds write vulnerability was found in the TPM 2.0's Module Library, which allows the writing of 2-byte data after the end of the TPM command. This flaw may lead to a denial of service or arbitrary code execution within the libtpms scope. • https://kb.cert.org/vuls/id/782720 https://trustedcomputinggroup.org/about/security https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf https://access.redhat.com/security/cve/CVE-2023-1017 https://bugzilla.redhat.com/show_bug.cgi?id=2149416 • CWE-787: Out-of-bounds Write •
CVE-2023-1018 – TPM2.0 vulnerable to out-of-bounds read
https://notcve.org/view.php?id=CVE-2023-1018
An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM. An out-of-bound read vulnerability was found in the TPM 2.0's Module Library, which allows the reading of 2-byte data after the end of the TPM command. This flaw allows an attacker to leak confidential data stored within the libtpms context. • https://kb.cert.org/vuls/id/782720 https://trustedcomputinggroup.org/about/security https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf https://access.redhat.com/security/cve/CVE-2023-1018 https://bugzilla.redhat.com/show_bug.cgi?id=2149420 • CWE-125: Out-of-bounds Read •