CVSS: 9.8EPSS: 12%CPEs: 17EXPL: 0CVE-2019-1212 – Windows DHCP Server Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1212
A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could cause the DHCP server service to stop responding. To exploit the vulnerability, a remote unauthenticated attacker could send a specially crafted packet to an affected DHCP server. The security update addresses the vulnerability by correcting how DHCP servers handle network packets. Existe una vulnerabilidad de corrupción de memoria en el servicio DHCP de Windows Server, cuando se procesan paquetes especialmente diseñados, también se conoce como "Windows DHCP Server Denial of Service Vulnerability". El ID de este CVE es diferente de CVE-2019-1206. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1212 • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2019-1177 – Windows Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2019-1177
An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the rpcss.dll properly handles objects in memory. Existe una vulnerabilidad de elevación de privilegios en la manera en que la biblioteca rpcss.dll maneja los objetos en la memoria, también se conoce como "Windows Elevation of Privilege Vulnerability". El ID de este CVE es diferente de CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1178, CVE-2019-1179, CVE-2019-1180, CVE-2019-1184, CVE- 2019-1186. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1177 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 9%CPEs: 17EXPL: 0CVE-2019-1182 – Remote Desktop Services Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-1182
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. Existe una vulnerabilidad de ejecución remota de código en los Servicios de escritorio remoto, anteriormente conocidos como Servicios de terminal, cuando un atacante no autenticado se conecta al sistema de destino mediante RDP y envía solicitudes especialmente diseñadas, también conocidas como 'Vulnerabilidad de ejecución remota de código de los Servicios de escritorio remoto'. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190819-01-windows-en https://cert-portal.siemens.com/productcert/pdf/ssa-187667.pdf https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182 •
CVSS: 7.6EPSS: 2%CPEs: 20EXPL: 0CVE-2019-1194 – Scripting Engine Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2019-1194
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1194 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 9%CPEs: 17EXPL: 0CVE-2019-1181 – Remote Desktop Services Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-1181
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. Existe una vulnerabilidad de ejecución remota de código en los Servicios de escritorio remoto, anteriormente conocidos como Servicios de terminal, cuando un atacante no autenticado se conecta al sistema de destino mediante RDP y envía solicitudes especialmente diseñadas, también conocidas como 'Vulnerabilidad de ejecución remota de código de los Servicios de escritorio remoto'. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190819-01-windows-en https://cert-portal.siemens.com/productcert/pdf/ssa-187667.pdf https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181 •