12 results (0.006 seconds)

CVSS: 7.8EPSS: 0%CPEs: 96EXPL: 0

.NET and Visual Studio Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808 • CWE-416: Use After Free •

CVSS: 5.0EPSS: 0%CPEs: 71EXPL: 0

.NET Framework Denial of Service Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21722 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.8EPSS: 91%CPEs: 19EXPL: 3

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. Existe una vulnerabilidad de elevación de privilegios cuando el Windows Background Intelligent Transfer Service (BITS) maneja inapropiadamente los enlaces simbólicos, también se conoce como "Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability". Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-level privileges. • https://github.com/cbwang505/CVE-2020-0787-EXP-ALL-WINDOWS-VERSION https://github.com/yanghaoi/CVE-2020-0787 http://packetstormsecurity.com/files/158056/Background-Intelligent-Transfer-Service-Privilege-Escalation.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0787 https://itm4n.github.io/cve-2020-0787-windows-bits-eop https://github.com/itm4n/BitsArbitraryFileMove https://attackerkb.com/assessments/e61cfec0-d766-4e7e-89f7-5aad2460afb8 https://googleprojectzero.blogspot.com/2018&# • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.8EPSS: 86%CPEs: 6EXPL: 9

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836. Existe una elevación de la vulnerabilidad de privilegios cuando el Servicio de implementación de Windows AppX (AppXSVC) maneja incorrectamente los enlaces físicos, también conocida como "Vulnerabilidad de Elevación Privilegios de Windows". El ID de este CVE es diferente de CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805 y CVE-2019-0836. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. • https://www.exploit-db.com/exploits/46976 https://www.exploit-db.com/exploits/46938 https://www.exploit-db.com/exploits/46683 https://www.exploit-db.com/exploits/47128 https://github.com/rogue-kdc/CVE-2019-0841 https://github.com/0x00-0x00/CVE-2019-0841-BYPASS https://github.com/likescam/CVE-2019-0841 https://github.com/mappl3/CVE-2019-0841 http://packetstormsecurity.com/files/152463/Microsoft-Windows-AppX-Deployment-Service-Privilege-Escalation.html http://packetstormsecurity.com • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 8.8EPSS: 5%CPEs: 10EXPL: 0

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861. Existe una vulnerabilidad de ejecución remota de código en la forma en que el motor de scripting Chakra maneja los objetos en memoria en Microsoft Edge, también conocido como 'Vulnerabilidad de Corrupción de Memoria en el Motor de Scripting Chakra'. El ID de este CVE es diferente de CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860 y CVE-2019-0861. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0810 https://www.zerodayinitiative.com/advisories/ZDI-19-361 • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •