CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 0CVE-2024-20674 – Windows Kerberos Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-20674
Windows Kerberos Security Feature Bypass Vulnerability Vulnerabilidad de omisión de la función de seguridad Kerberos de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674 • CWE-290: Authentication Bypass by Spoofing CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 6.6EPSS: 0%CPEs: 16EXPL: 3CVE-2024-20666 – BitLocker Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-20666
BitLocker Security Feature Bypass Vulnerability Vulnerabilidad de omisión de la característica de seguridad de BitLocker • https://github.com/invaderslabs/CVE-2024-20666 https://github.com/nnotwen/Script-For-CVE-2024-20666 https://github.com/HYZ3K/CVE-2024-20666 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20666 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-44684 – Windows Local Session Manager (LSM) Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-44684
Windows Local Session Manager (LSM) Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de Windows Local Session Manager (LSM) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44684 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-6407 – Schneider Electric APC Easy UPS Online deletePdfReportFile Directory Traversal Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-6407
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker. Existe una vulnerabilidad CWE-22: limitación inadecuada de un nombre de ruta a un directorio restringido ("Path Traversal") que podría causar la eliminación arbitraria de archivos al reiniciar el servicio cuando un atacante local y con pocos privilegios accede a él. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Schneider Electric APC Easy UPS Online. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the deletePdfReportFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-346-03.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-35632 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-35632
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Controlador de función auxiliar de Windows para la vulnerabilidad de elevación de privilegios de WinSock • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35632 • CWE-190: Integer Overflow or Wraparound •