CVSS: 7.8EPSS: 86%CPEs: 6EXPL: 9CVE-2019-0841 – Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-0841
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836. Existe una elevación de la vulnerabilidad de privilegios cuando el Servicio de implementación de Windows AppX (AppXSVC) maneja incorrectamente los enlaces físicos, también conocida como "Vulnerabilidad de Elevación Privilegios de Windows". El ID de este CVE es diferente de CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805 y CVE-2019-0836. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. • https://www.exploit-db.com/exploits/46976 https://www.exploit-db.com/exploits/46938 https://www.exploit-db.com/exploits/46683 https://www.exploit-db.com/exploits/47128 https://github.com/rogue-kdc/CVE-2019-0841 https://github.com/0x00-0x00/CVE-2019-0841-BYPASS https://github.com/likescam/CVE-2019-0841 https://github.com/mappl3/CVE-2019-0841 http://packetstormsecurity.com/files/152463/Microsoft-Windows-AppX-Deployment-Service-Privilege-Escalation.html http://packetstormsecurity.com • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 5%CPEs: 10EXPL: 0CVE-2019-0810 – Microsoft Chakra Object Reoptimization Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-0810
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861. Existe una vulnerabilidad de ejecución remota de código en la forma en que el motor de scripting Chakra maneja los objetos en memoria en Microsoft Edge, también conocido como 'Vulnerabilidad de Corrupción de Memoria en el Motor de Scripting Chakra'. El ID de este CVE es diferente de CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860 y CVE-2019-0861. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0810 https://www.zerodayinitiative.com/advisories/ZDI-19-361 • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 94%CPEs: 17EXPL: 5CVE-2018-8453 – Microsoft Win32k Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-8453
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. Existe una vulnerabilidad de elevación de privilegios en Windows cuando el componente Win32k no gestiona adecuadamente los objetos en la memoria. Esto también se conoce como "Win32k Elevation of Privilege Vulnerability". Esto afecta a Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10 y Windows 10 Servers. • https://www.exploit-db.com/exploits/47134 https://github.com/thepwnrip/leHACK-Analysis-of-CVE-2018-8453 http://packetstormsecurity.com/files/153669/Microsoft-Windows-NtUserSetWindowFNID-Win32k-User-Callback.html http://www.securityfocus.com/bid/105467 http://www.securitytracker.com/id/1041828 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453 https://securelist.com/cve-2018-8453-used-in-targeted-attack https://github.com/ze0r/cve-2018-8453-exp https://mp.weixin& •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0CVE-2018-8493
https://notcve.org/view.php?id=CVE-2018-8493
An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka "Windows TCP/IP Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. Existe una vulnerabilidad de divulgación de información cuando la pila TCP/IP de Windows gestiona incorrectamente los paquetes IP fragmentados. Esto también se conoce como "Windows TCP/IP Information Disclosure Vulnerability". Esto afecta a Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10 y Windows 10 Servers. • http://www.securityfocus.com/bid/105456 http://www.securitytracker.com/id/1041843 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8493 •
CVSS: 9.3EPSS: 97%CPEs: 42EXPL: 13CVE-2017-8759 – Microsoft .NET Framework Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-8759
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability." Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 y 4.7 permite que un atacante ejecute código remotamente mediante un documento o aplicación maliciosos. Esto también se conoce como ".NET Framework Remote Code Execution Vulnerability." Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system. • https://www.exploit-db.com/exploits/42711 https://github.com/bhdresh/CVE-2017-8759 https://github.com/Voulnet/CVE-2017-8759-Exploit-sample https://github.com/vysecurity/CVE-2017-8759 https://github.com/nccgroup/CVE-2017-8759 https://github.com/sythass/CVE-2017-8759 https://github.com/JonasUliana/CVE-2017-8759 https://github.com/ashr/CVE-2017-8759-exploits https://github.com/BasuCert/CVE-2017-8759 https://github.com/ChaitanyaHaritash/CVE-2017-8759 https://github.com& •