CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2021-26899 – Windows UPnP Device Host Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-26899
Windows UPnP Device Host Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de UPnP Device Host de Windows • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26899 •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2021-26898 – Windows Event Tracing Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-26898
Windows Event Tracing Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de Event Tracing de Windows. Este ID de CVE es diferente de CVE-2021-26872, CVE-2021-26901 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26898 •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2021-26887 – Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-26887
<p>An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another user's personal data to a created folder.</p> <p>To exploit the vulnerability, an attacker can create a new folder under the Folder Redirection root path and create a junction on a newly created User folder. When the new user logs in, Folder Redirection would start redirecting to the folder and copying personal data.</p> <p>This elevation of privilege vulnerability can only be addressed by reconfiguring Folder Redirection with Offline files and restricting permissions, and NOT via a security update for affected Windows Servers. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26887 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2021-26886 – User Profile Service Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-26886
User Profile Service Denial of Service Vulnerability Una Vulnerabilidad de Denegación de Servicio del User Profile Service This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the User Profile Service. By creating a junction, an attacker can abuse the service to overwrite the contents of a chosen file. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26886 https://www.zerodayinitiative.com/advisories/ZDI-21-327 •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2021-26884 – Windows Media Photo Codec Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-26884
Windows Media Photo Codec Information Disclosure Vulnerability Una Vulnerabilidad de Divulgación de Información de Photo Codec de Windows Media • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26884 •