Windows 11 21H2 Security Vulnerabilities - 2023
When curl retrieves an HTTP response, it stores the incoming headers so thatthey can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it wouldaccept in a response, allowing a malicious server to stream an endless seriesof headers and...
7.5CVSS
7.5AI Score
0.011EPSS
7.8CVSS
7.9AI Score
0.001EPSS
5.5CVSS
5.9AI Score
0.0005EPSS
7.8CVSS
7.9AI Score
0.0005EPSS
7.8CVSS
8.4AI Score
0.0005EPSS
7.8CVSS
7.9AI Score
0.0005EPSS
7.8CVSS
7.9AI Score
0.0005EPSS
8.8CVSS
8.7AI Score
0.919EPSS
8.8CVSS
9AI Score
0.001EPSS
8.8CVSS
9AI Score
0.001EPSS
7.5CVSS
8.3AI Score
0.001EPSS
7.8CVSS
8AI Score
0.0005EPSS
7CVSS
6.8AI Score
0.0004EPSS
5.5CVSS
6.8AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.001EPSS
8.1CVSS
8.4AI Score
0.005EPSS
7.5CVSS
7.3AI Score
0.003EPSS
7.5CVSS
7.6AI Score
0.001EPSS
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
7.5CVSS
7.9AI Score
0.006EPSS
9.8CVSS
9.2AI Score
0.002EPSS
6.5CVSS
6.7AI Score
0.001EPSS
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxyhandshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allowthat to resolve the address instead of it getting done by curl itself, themaximum length that host name can be is 255 bytes. If the host name is...
9.8CVSS
9.6AI Score
0.003EPSS
8.1CVSS
8.4AI Score
0.005EPSS
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
7.8CVSS
7.9AI Score
0.001EPSS
8.1CVSS
8.4AI Score
0.005EPSS
8.1CVSS
8.4AI Score
0.005EPSS
8.1CVSS
8.4AI Score
0.005EPSS
8.1CVSS
8.4AI Score
0.005EPSS
8.1CVSS
8.4AI Score
0.005EPSS
7.8CVSS
8AI Score
0.001EPSS
8.1CVSS
8.4AI Score
0.005EPSS
8.1CVSS
8.4AI Score
0.005EPSS
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.