CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2020-1385
https://notcve.org/view.php?id=CVE-2020-1385
An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory, aka 'Windows Credential Picker Elevation of Privilege Vulnerability'. Se presenta una vulnerabilidad de elevación de privilegios en la manera en que el Windows Credential Picker maneja objetos en memoria, también se conoce como "Windows Credential Picker Elevation of Privilege Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1385 •
CVSS: 7.8EPSS: 84%CPEs: 6EXPL: 0CVE-2020-1382 – Microsoft Windows DirectComposition RemoveBindingManagerReferenceFromTrackerIfNecessary Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-1382
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1381. Se presenta una vulnerabilidad de elevación de privilegios cuando el Windows Graphics Component maneja inapropiadamente objetos en memoria, también se conoce como "Windows Graphics Component Elevation of Privilege Vulnerability". Este ID de CVE es diferente de CVE-2020-1381 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the DirectComposition RemoveBindingManagerReferenceFromTrackerIfNecessary function in the kernel. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1382 https://www.zerodayinitiative.com/advisories/ZDI-20-873 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2020-1384
https://notcve.org/view.php?id=CVE-2020-1384
An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1359. Se presenta una vulnerabilidad de elevación de privilegios cuando el servicio Windows Cryptography Next Generation (CNG) Key Isolation maneja inapropiadamente la memoria, también se conoce como "Windows CNG Key Isolation Service Elevation of Privilege Vulnerability". Este ID de CVE es diferente de CVE-2020-1359 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1384 •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-1375
https://notcve.org/view.php?id=CVE-2020-1375
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'. Se presenta una vulnerabilidad de elevación de privilegios cuando Windows maneja inapropiadamente la creación de objetos COM, también se conoce como "Windows COM Server Elevation of Privilege Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1375 •
CVSS: 7.8EPSS: 84%CPEs: 6EXPL: 0CVE-2020-1381 – Microsoft Windows DirectComposition SetBufferProperty Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-1381
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1382. Se presenta una vulnerabilidad de elevación de privilegios cuando el Windows Graphics Component maneja inapropiadamente objetos en memoria, también se conoce como "Windows Graphics Component Elevation of Privilege Vulnerability". Este ID de CVE es diferente de CVE-2020-1382 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the DirectComposition SetBufferProperty function in the kernel. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1381 https://www.zerodayinitiative.com/advisories/ZDI-20-872 • CWE-416: Use After Free •