GHSA-M3C4-PRHW-MRX6 Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass

Summary A prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against lowercase literals and therefore can be bypassed when the extension uses alternate casing for...

X.org XFIXES 信息泄露漏洞

X.org XFIXES is a Windows system extension from the X.org Foundation. An information disclosure vulnerability exists in X.org XFIXES that stems from an unvalidated request length that could result in reading unexpected memory...

The vulnerability of the Azure Network Watcher VM Extension for Windows operating systems allows a perpetrator to escalate their privileges.

The vulnerability of the Azure Network Watcher VM Extension for Windows operating systems stems from an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow attackers to increase their privileges...

CVE-2023-21683

Windows Internet Key Exchange IKE Extension Denial of Service Vulnerability...

The vulnerability of the Windows IKE extension of the Windows operating system, which allows a hacker to trigger a service failure.

The vulnerability of the Windows IKE extension in the Windows operating system is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

PT-2022-1494 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the incorrect clearing or release of resources in the Windows IKE extension, which can lead to a denial-of-service condition. This can be exploited by a remote...