Page 12 of 213 results (0.059 seconds)

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. ... Se presenta una vulnerabilidad de elevación de privilegios en Windows cuando el controlador del modo kernel de Windows no puede manejar apropiadamente los objetos en la memoria, también se conoce como "Win32k Elevation of Privilege Vulnerability". ... Microsoft Windows Kernel suffers from a TTF font processing win32k! • https://www.exploit-db.com/exploits/47484 http://packetstormsecurity.com/files/154797/Microsoft-Windows-Kernel-win32k.sys-TTF-Font-Processing-win32k-ulClearTypeFilter-Pool-Corruption.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1364 •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1

An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by preventing sandboxed processes from creating reparse points targeting inaccessible files. existe una vulnerabilidad de elevación de privilegios cuando los puntos de reanálisis son creados mediante procesos dentro del sandbox que permiten el escape de mismo, también se conoce como "Windows NTFS Elevation of Privilege Vulnerability". The NTFS driver supports a new FS control code to set a mount point which the existing sandbox mitigation doesn't support allowing a sandboxed application to set an arbitrary mount point symbolic link. • https://www.exploit-db.com/exploits/47306 http://packetstormsecurity.com/files/154192/Microsoft-Windows-SET_REPARSE_POINT_EX-Mount-Point-Security-Feature-Bypass.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1170 • CWE-862: Missing Authorization •

CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution. Windows GPU Display Driver de NVIDIA (todas las versiones) contiene una vulnerabilidad en los controladores DirectX, en la que un shader especialmente diseñado puede causar un acceso fuera de límites a una matriz temporal local de un shader, lo que puede conllevar a la denegación de servicio o la ejecución del código. • https://nvidia.custhelp.com/app/answers/detail/a_id/4841 https://support.lenovo.com/us/en/product_security/LEN-28096 https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0812 • CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution. Windows GPU Display Driver de NVIDIA (todas las versiones) contiene una vulnerabilidad en los controladores DirectX, en la que un shader especialmente diseñado puede causar un acceso fuera de límites de una matriz de textura de entrada, lo que puede conllevar a la denegación de servicio o la ejecución del código. • http://www.vmware.com/security/advisories/VMSA-2019-0012.html https://nvidia.custhelp.com/app/answers/detail/a_id/4841 https://support.lenovo.com/us/en/product_security/LEN-28096 https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0779 • CWE-787: Out-of-bounds Write •

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 3

An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. ... Se detectó un problema en el controlador versión 5.0.0.5 del Framework Biometric de Windows del U.are.U 4500 Fingerprint Reader de HID Global DigitalPersona (anteriormente Crossmatch). • https://github.com/sungjungk/fp-scanner-hacking https://www.youtube.com/watch?v=Grirez2xeas https://www.youtube.com/watch?v=wEXJDyEOatM • CWE-330: Use of Insufficiently Random Values •