Page 135 of 2879 results (0.013 seconds)

CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0

Windows UPnP Device Host Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de UPnP Device Host de Windows • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26899 •

CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0

Windows Event Tracing Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de Event Tracing de Windows. Este ID de CVE es diferente de CVE-2021-26872, CVE-2021-26901 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26898 •

CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0

<p>An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another user's personal data to a created folder.</p> <p>To exploit the vulnerability, an attacker can create a new folder under the Folder Redirection root path and create a junction on a newly created User folder. When the new user logs in, Folder Redirection would start redirecting to the folder and copying personal data.</p> <p>This elevation of privilege vulnerability can only be addressed by reconfiguring Folder Redirection with Offline files and restricting permissions, and NOT via a security update for affected Windows Servers. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26887 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0

User Profile Service Denial of Service Vulnerability Una Vulnerabilidad de Denegación de Servicio del User Profile Service This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the User Profile Service. By creating a junction, an attacker can abuse the service to overwrite the contents of a chosen file. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26886 https://www.zerodayinitiative.com/advisories/ZDI-21-327 •

CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0

Windows Media Photo Codec Information Disclosure Vulnerability Una Vulnerabilidad de Divulgación de Información de Photo Codec de Windows Media • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26884 •