CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 1CVE-2019-0552 – Microsoft Windows 10 - COM Desktop Broker Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-0552
An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. Existe un escalado de privilegios en Windows COM Desktop Broker, también conocido como "Windows COM Elevation of Privilege Vulnerability." Esto afecta a Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10 y Windows 10 Servers. Microsoft Windows suffers from a COM Desktop Broker privilege escalation vulnerability. • https://www.exploit-db.com/exploits/46162 http://www.securityfocus.com/bid/106407 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0552 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 1CVE-2019-0543 – Microsoft Windows Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-0543
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. Existe un escalado de privilegios cuando Windows gestiona indebidamente las peticiones de autenticación. Esto también se conoce como "Microsoft Windows Elevation of Privilege Vulnerability". Esto afecta a Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10 y Windows 10 Servers. • https://www.exploit-db.com/exploits/46156 http://www.securityfocus.com/bid/106408 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0543 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-2019-0555 – Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-0555
An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft XmlDocument Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. Existe una vulnerabilidad de elevación de privilegios en la clase Microsoft XmlDocument que podría permitir a un atacante escapar del sandbox AppContainer en el navegador. Esto también se conoce como "Microsoft XmlDocument Elevation of Privilege Vulnerability". Esto afecta a Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. • https://www.exploit-db.com/exploits/46185 http://www.securityfocus.com/bid/106395 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0555 • CWE-862: Missing Authorization •
CVSS: 9.3EPSS: 97%CPEs: 25EXPL: 1CVE-2019-0541 – Microsoft MSHTML Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-0541
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus. Existe una vulnerabilidad de ejecución remota de código debido a la forma en la que el motor MSHTML valida indebidamente las entradas. Esto también se conoce como "MSHTML Engine Remote Code Execution Vulnerability". Esto afecta a Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10 y Office 365 ProPlus. • https://www.exploit-db.com/exploits/46536 http://www.securityfocus.com/bid/106402 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0541 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-2019-0570 – Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free
https://notcve.org/view.php?id=CVE-2019-0570
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka "Windows Runtime Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. Existe una vulnerabilidad de elevación de privilegios cuando Windows Runtime no gestiona correctamente los objetos en la memoria. Esto también se conoce como "Windows Runtime Elevation of Privilege Vulnerability". Esto afecta a Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. • https://www.exploit-db.com/exploits/46184 http://www.securityfocus.com/bid/106415 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0570 • CWE-416: Use After Free •