CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2022-21895 – Windows User Profile Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-21895
Windows User Profile Service Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Windows User Profile Service. Este ID de CVE es diferente de CVE-2022-21919 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the User Profile Service. By creating a directory junction, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21895 https://www.zerodayinitiative.com/advisories/ZDI-22-050 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21895 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.5EPSS: 2%CPEs: 32EXPL: 0CVE-2022-21893 – Remote Desktop Protocol Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-21893
Remote Desktop Protocol Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota en Remote Desktop Protocol • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21893 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21893 •
CVSS: 7.2EPSS: 4%CPEs: 29EXPL: 0CVE-2022-21892 – Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-21892
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota en Windows Resilient File System (ReFS). Este ID de CVE es diferente de CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21892 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21892 •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2022-21889 – Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-21889
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en Windows IKE Extension. Este ID de CVE es diferente de CVE-2022-21843, CVE-2022-21848, CVE-2022-21883, CVE-2022-21890 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21889 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21889 •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2022-21890 – Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-21890
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en Windows IKE Extension. Este ID de CVE es diferente de CVE-2022-21843, CVE-2022-21848, CVE-2022-21883, CVE-2022-21889 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21890 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21890 •