CVE-2023-0400

HIGH Year: 2023
CVSS v3 Score
8.2
High
Weakness Type
CWE-670
View all →

Vulnerability Description

The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.

Related Vulnerabilities

CVE-2023-1668

HIGH
CVSS:8.2(High)

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel ...

CWE-6702023

CVE-2024-52811

HIGH
CVSS:8.2(High)

The ngtcp2 project is an effort to implement IETF QUIC protocol in C. In affected versions acks are not validated before being written to the qlog leading to a buffer overflow. In `ngtcp2_conn::conn_r...

CWE-6702024

CVE-2024-32896

HIGH
CVSS:8.1(High)

there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for expl...

CWE-6702024

CVE-2017-0604

HIGH
CVSS:7.8(High)

An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated a...

CWE-6702017

CVE-2020-25603

HIGH
CVSS:7.8(High)

An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the p...

CWE-6702020

CVE-2023-20915

HIGH
CVSS:7.8(High)

In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalat...

CWE-6702023