CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2020-0782 – Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-0782
<p>An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. An attacker who successfully exploited this vulnerability could modify the cryptographic catalog.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The security update addresses the vulnerability by addressing how the Windows Cryptographic Catalog Services handle objects in memory. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0782 •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2020-0766 – Microsoft Store Runtime Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-0766
<p>An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.</p> <p>The security update addresses the vulnerability by correcting how the Microsoft Store Runtime handles memory.</p> Se presenta una vulnerabilidad de escalada de privilegios cuando Microsoft Store Runtime maneja inapropiadamente la memoria. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0766 •
CVSS: 8.8EPSS: 2%CPEs: 9EXPL: 0CVE-2020-0761 – Active Directory Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-0761
<p>A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account</p> <p>To exploit the vulnerability, an authenticated attacker could send malicious requests to an Active Directory integrated DNS (ADIDNS) server.</p> <p>The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory.</p> Se presenta una vulnerabilidad de ejecución de código remota cuando Active Directory integrated DNS (ADIDNS) maneja inapropiadamente objetos en memoria, también se conoce como "Active Directory Remote Code Execution Vulnerability". Este ID de CVE es diferente de CVE-2020-0718 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0761 •
CVSS: 8.8EPSS: 2%CPEs: 9EXPL: 0CVE-2020-0718 – Active Directory Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-0718
<p>A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account</p> <p>To exploit the vulnerability, an authenticated attacker could send malicious requests to an Active Directory integrated DNS (ADIDNS) server.</p> <p>The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory.</p> Se presenta una vulnerabilidad de ejecución de código remota cuando Active Directory integrated DNS (ADIDNS) maneja inapropiadamente objetos en memoria, también se conoce como "Active Directory Remote Code Execution Vulnerability". Este ID de CVE es diferente de CVE-2020-0761 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0718 •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-0664 – Active Directory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-0664
<p>An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system.</p> <p>To exploit this condition, an authenticated attacker would need to send a specially crafted request to the AD|DNS service. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0664 •