CVSS: 7.5EPSS: 32%CPEs: 54EXPL: 0CVE-2020-0878 – Microsoft Edge and Internet Explorer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2020-0878
<p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0878 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 11EXPL: 0CVE-2020-0837 – ADFS MFA Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-0837
<p>An elevation of privilege vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests. An attacker who successfully exploited this vulnerability could bypass some, but not all, of the authentication factors.</p> <p>To exploit this vulnerability, an attacker could send a specially crafted authentication request.</p> <p>This security update corrects how ADFS handles multi-factor authentication requests.</p> Se presenta una vulnerabilidad de suplantación cuando Active Directory Federation Services (ADFS) maneja inapropiadamente peticiones de autenticación de múltiples factores. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0837 •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2020-0839 – Windows dnsrslvr.dll Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-0839
<p>An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.</p> <p>The security update addresses the vulnerability by ensuring the dnsrslvr.dll properly handles objects in memory.</p> Se presenta una vulnerabilidad de escalada de privilegios en la manera en que la biblioteca dnsrslvr.dll maneja objetos en memoria, también se conoce como "Windows dnsrslvr.dll Elevation of Privilege Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0839 •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2020-0838 – NTFS Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-0838
<p>An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p> <p>The security update addresses the vulnerability by correcting how NTFS checks access.</p> Se presenta una vulnerabilidad de escalada de privilegios cuando NTFS comprueba el acceso inapropiadamente, también se conoce como "NTFS Elevation of Privilege Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0838 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-0805 – Projected Filesystem Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-0805
<p>A security feature bypass vulnerability exists when a Windows Projected Filesystem improperly handles file redirections. An attacker who successfully exploited this vulnerability could delete a targeted file they would not have permissions to.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by correcting how Windows Projected Filesystem handle file redirections. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0805 •