CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2021-31954 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-31954
Windows Common Log File System Driver Elevation of Privilege Vulnerability Una vulnerabilidad de Escalada de Privilegios en Windows Common Log File System Driver This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the clfs.sys driver. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31954 https://www.zerodayinitiative.com/advisories/ZDI-21-668 • CWE-122: Heap-based Buffer Overflow CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2021-31953 – Windows Filter Manager Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-31953
Windows Filter Manager Elevation of Privilege Vulnerability Una vulnerabilidad de Escalada de Privilegios en Windows Filter Manager • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31953 •
CVSS: 6.5EPSS: 0%CPEs: 36EXPL: 0CVE-2021-26414 – Windows DCOM Server Security Feature Bypass
https://notcve.org/view.php?id=CVE-2021-26414
Windows DCOM Server Security Feature Bypass Omisión de la Funcionalidad de Seguridad en Windows DCOM Server Kerberos supports a security buffer to set the target SPN of a ticket bypassing the SPN check in LSASS. • http://packetstormsecurity.com/files/163206/Windows-Kerberos-AppContainer-Enterprise-Authentication-Capability-Bypass.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26414 •
CVSS: 9.3EPSS: 96%CPEs: 16EXPL: 31CVE-2021-1675 – Microsoft Windows Print Spooler Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-1675
Windows Print Spooler Remote Code Execution Vulnerability Una vulnerabilidad de Escalada de Privilegios de Windows Print Spooler Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution. • https://github.com/afwu/PrintNightmare https://github.com/cube0x0/CVE-2021-1675 https://github.com/calebstewart/CVE-2021-1675 https://github.com/hlldz/CVE-2021-1675-LPE https://github.com/LaresLLC/CVE-2021-1675 https://github.com/evilashz/CVE-2021-1675-LPE-EXP https://github.com/corelight/CVE-2021-1675 https://github.com/Leonidus0x10/CVE-2021-1675-SCANNER https://github.com/exploitblizzard/PrintNightmare-CVE-2021-1675 https://github.com/puckiestyle/CVE-2021-1675 https:// •
CVSS: 8.8EPSS: 1%CPEs: 19EXPL: 0CVE-2021-31194 – OLE Automation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-31194
OLE Automation Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de OLE Automation • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31194 •