CVSS: 7.8EPSS: 0%CPEs: 39EXPL: 0CVE-2021-43248 – Windows Digital Media Receiver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-43248
Windows Digital Media Receiver Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Windows Digital Media Receiver • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43248 •
CVSS: 8.8EPSS: 0%CPEs: 24EXPL: 0CVE-2021-43247 – Windows TCP/IP Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-43247
Windows TCP/IP Driver Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios de Windows TCP/IP Driver This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the tcpip.sys driver. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43247 https://www.zerodayinitiative.com/advisories/ZDI-21-1554 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0CVE-2021-43244 – Windows Kernel Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-43244
Windows Kernel Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información de Windows Kernel • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43244 •
CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0CVE-2021-43238 – Windows Remote Access Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-43238
Windows Remote Access Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Windows Remote Access This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Remote Access Connection Manager service. By creating a directory junction, an attacker can abuse the service to create a directory. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43238 https://www.zerodayinitiative.com/advisories/ZDI-22-019 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 29EXPL: 0CVE-2021-43235 – Storage Spaces Controller Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-43235
Storage Spaces Controller Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información de Storage Spaces Controller. Este ID de CVE es diferente de CVE-2021-43227 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43235 •