CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2021-1642 – Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-1642
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de Windows AppX Deployment Extensions. Este ID de CVE es diferente de CVE-2021-1685 This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppX Deployment Service. By creating a directory junction, an attacker can abuse the service to delete a directory. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1642 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1642 • CWE-269: Improper Privilege Management •
CVSS: 7.7EPSS: 0%CPEs: 9EXPL: 0CVE-2021-1638 – Windows Bluetooth Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-1638
Windows Bluetooth Security Feature Bypass Vulnerability Una Vulnerabilidad de Omisión de la Funcionalidad Windows Bluetooth Security. Este ID de CVE es diferente de CVE-2021-1683, CVE-2021-1684 Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1638 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1638 •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2021-1637 – Windows DNS Query Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-1637
Windows DNS Query Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información de consultas DNS de Windows • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1637 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1637 •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2021-1648 – Microsoft splwow64 Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-1648
Microsoft splwow64 Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de Microsoft splwow64 This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the user-mode printer driver host process splwow64.exe. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges from low integrity and execute code in the context of the current user at medium integrity. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1648 https://www.zerodayinitiative.com/advisories/ZDI-21-504 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1648 • CWE-269: Improper Privilege Management •
CVSS: 8.1EPSS: 0%CPEs: 33EXPL: 0CVE-2020-17140 – Windows SMB Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-17140
Windows SMB Information Disclosure Vulnerability Vulnerabilidad de divulgación de información en Windows SMB • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17140 •