CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2020-0915 – Microsoft Windows splwow64 Untrusted Pointer Dereference Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-0915
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0916. Se presenta una vulnerabilidad de elevación de privilegios en la manera en que Windows Graphics Device Interface (GDI) maneja objetos en memoria, también se conoce como "Windows GDI Elevation of Privilege Vulnerability". Este ID de CVE es diferente de CVE-2020-0916 This vulnerability allows local attackers to disclose information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the user-mode printer driver host process splwow64.exe. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0915 •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2020-0916 – Microsoft Windows splwow64 Untrusted Pointer Dereference Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-0916
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0915. Se presenta una vulnerabilidad de elevación de privilegios en la manera en que Windows Graphics Device Interface (GDI) maneja objetos en memoria, también se conoce como "Windows GDI Elevation of Privilege Vulnerability". Este ID de CVE es diferente de CVE-2020-0915 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the user-mode printer driver host process splwow64.exe. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0916 •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2020-0986 – Microsoft Windows Kernel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-0986
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. Se presenta una vulnerabilidad de elevación de privilegios cuando el kernel de Windows presenta un fallo al manejar apropiadamente objetos en memoria, también se conoce como "Windows Kernel Elevation of Privilege Vulnerability". Este ID de CVE es diferente de CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE- 2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the user-mode printer driver host process splwow64.exe. • http://packetstormsecurity.com/files/160698/Microsoft-Windows-splWOW64-Privilege-Escalation.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0986 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 23EXPL: 0CVE-2020-1113 – Microsoft Windows Task Scheduler Security Feature Bypass
https://notcve.org/view.php?id=CVE-2020-1113
A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler service fails to properly verify client connections over RPC, aka 'Windows Task Scheduler Security Feature Bypass Vulnerability'. Se presenta una vulnerabilidad de omisión de la característica de seguridad en Microsoft Windows cuando el servicio Task Scheduler presenta un fallo al verificar apropiadamente las conexiones del cliente por medio de una RPC, también se conoce como "Windows Task Scheduler Security Feature Bypass Vulnerability". Compass Security identified a security feature bypass vulnerability in Microsoft Windows. Due to the absence of integrity verification requirements for the RPC protocol and in particular the Task Scheduler, a man-in-the-middle attacker can relay his victim's NTLM authentication to a target of his choice over the RPC protocol. Provided the victim has administrative privileges on the target, the attacker can execute code on the remote target. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1113 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 132EXPL: 0CVE-2020-1108 – dotnet: Denial of service via untrusted input
https://notcve.org/view.php?id=CVE-2020-1108
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'. Se presenta una vulnerabilidad denegación de servicio cuando .NET Core o .NET Framework manejan inapropiadamente las peticiones web, también se conoce como ".NET Core & .NET Framework Denial of Service Vulnerability" An integer overflow condition was found in dotnet and dotnet3.1's BinaryReader Read7BitEncodedInt() method. This method is used by BinaryReader's ReadString() method, and given a certain input, and cause a denial of service to dotnet applications using BinaryReader. The exploitation of this flaw depends on the application but does not inherently require the attacker to be authenticated or have any specific privileges. An attacker could exploit this flaw remotely via the internet by sending crafted data to a dotnet application that is passed into Read7BitEncodedInt(), resulting in a denial of service when the output is used by ReadString(). • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108 https://access.redhat.com/security/cve/CVE-2020-1108 https://bugzilla.redhat.com/show_bug.cgi?id=1827643 • CWE-190: Integer Overflow or Wraparound •