CVSS: 9.3EPSS: 5%CPEs: 20EXPL: 0CVE-2020-1339 – Windows Media Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-1339
17 Aug 2020 — A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. Se present... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1339 •
CVSS: 9.3EPSS: 5%CPEs: 22EXPL: 0CVE-2020-1046 – .NET Framework Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-1046
17 Aug 2020 — A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application. The security update addresses the vulnerability by correcting how .NET Framework processes input. Se presenta una vulnerabilidad de ejecución de código remota cuando Microsoft .NET Framework procesa ... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1046 •
CVSS: 8.8EPSS: 6%CPEs: 20EXPL: 0CVE-2020-1492 – Media Foundation Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2020-1492
14 Aug 2020 — A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by corre... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1492 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 20EXPL: 1CVE-2020-1509 – Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-1509
13 Aug 2020 — An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. Se presenta una vulnerabilidad de elevación de privilegi... • https://packetstorm.news/files/id/158865 •
CVSS: 7.8EPSS: 8%CPEs: 21EXPL: 0CVE-2020-1577 – DirectWrite Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-1577
13 Aug 2020 — An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1577 •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2020-1520 – Windows Font Driver Host Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-1520
13 Aug 2020 — A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. Se presenta una vulnerabilidad de ejecución de código remota cuando el Windows Font Driver Host maneja inapropiadamente la memoria. Un atacante que explotara con éxito la vulnerabilidad podría cons... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1520 •
CVSS: 7.8EPSS: 59%CPEs: 20EXPL: 9CVE-2020-1337 – Windows Print Spooler Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-1337
13 Aug 2020 — An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. ... • https://packetstorm.news/files/id/160993 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.5EPSS: 20%CPEs: 20EXPL: 0CVE-2020-1468
https://notcve.org/view.php?id=CVE-2020-1468
14 Jul 2020 — An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. Se presenta una vulnerabilidad de divulgación de información cuando el componente Windows GDI divulga inapropiadamente el contenido de su memoria, también se conoce como "Windows GDI Information Disclosure Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1468 •
CVSS: 7.1EPSS: 0%CPEs: 25EXPL: 0CVE-2020-1461
https://notcve.org/view.php?id=CVE-2020-1461
14 Jul 2020 — An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'. Se presenta una vulnerabilidad de elevación de privilegios cuando el archivo MpSigStub.exe para Defender permite una eliminación de archivos en ubicaciones arbitrarias. Para explotar la vulnerabilidad, un atacante primero debe iniciar ses... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1461 •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2020-1438
https://notcve.org/view.php?id=CVE-2020-1438
14 Jul 2020 — An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428. Se presenta una vulnerabilidad de elevación de privilegios en la manera en que el Windows Network Connections Service maneja objetos en memoria, también se conoce como "Windows Network Connections Service Elevation ... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1438 •