CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2020-0914 – Windows State Repository Service Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-0914
<p>An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory.</p> Se presenta una vulnerabilidad de divulgación de información cuando el Windows State Repository Service maneja inapropiadamente objetos en memoria, también se conoce como "Windows State Repository Service Information Disclosure Vulnerability" This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0914 •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2020-0886 – Windows Storage Services Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-0886
<p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.</p> <p>To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.</p> <p>The security update addresses the vulnerability by ensuring the Windows Storage Services properly handle file operations. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0886 •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-1471 – Windows CloudExperienceHost Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-1471
<p>An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.</p> <p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.</p> <p>The security update addresses the vulnerability by checking COM objects.</p> Se presenta una vulnerabilidad de escalada de privilegios cuando Microsoft Windows CloudExperienceHost se presenta un fallo al comprobar los objetos COM, también se conoce como "Windows CloudExperienceHost Elevation of Privilege Vulnerability' The CloundExperienceHostBroker hosts unsafe COM objects accessible to a normal user leading to elevation of privilege. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1471 •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2020-1587 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-1587
An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Ancillary Function Driver for WinSock handles memory. Se presenta una vulnerabilidad de elevación de privilegios cuando el Windows Ancillary Function Driver para WinSock maneja inapropiadamente la memoria. Para explotar esta vulnerabilidad, un atacante primero tendría que conseguir una ejecución en el sistema víctima, también se conoce como "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1587 •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2020-1584 – Windows dnsrslvr.dll Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-1584
An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the dnsrslvr.dll properly handles objects in memory. Se presenta una vulnerabilidad de elevación de privilegios en la manera en que la biblioteca dnsrslvr.dll maneja objetos en memoria, también se conoce como "Windows dnsrslvr.dll Elevation of Privilege Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1584 •