CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2020-17014 – Windows Print Spooler Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-17014
Windows Print Spooler Elevation of Privilege Vulnerability Vulnerabilidad de Elevación de Privilegios de Windows Print Spooler Este ID de CVE es diferente de CVE-2020-17001 This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Print Spooler service. By creating a directory junction, an attacker can abuse the Print Spooler service to delete a file. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17014 •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2020-16889 – Windows KernelStream Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-16889
<p>An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.</p> <p>The update addresses the vulnerability by correcting how the Windows KernelStream handles objects in memory. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16889 •
CVSS: 5.5EPSS: 0%CPEs: 70EXPL: 0CVE-2020-1476 – ASP.NET and .NET Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-1476
An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. To exploit this vulnerability, an attacker would need to send a specially crafted request to an affected server. The update addresses the vulnerability by changing how ASP.NET and .NET handle requests. Se presenta una vulnerabilidad de elevación de privilegios cuando las aplicaciones web ASP.NET o .NET que se ejecutan en IIS, permiten inapropiadamente el acceso a archivos almacenados en caché, también se conoce como "ASP.NET and .NET Elevation of Privilege Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1476 •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 5CVE-2020-1337 – Windows Print Spooler Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-1337
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system. Se presenta una vulnerabilidad de elevación de privilegios cuando el servicio de Windows Print Spooler permite inapropiadamente la escritura arbitraria en el sistema de archivos, también se conoce como "Windows Print Spooler Elevation of Privilege Vulnerability". This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. • https://github.com/math1as/CVE-2020-1337-exploit https://github.com/neofito/CVE-2020-1337 https://github.com/VoidSec/CVE-2020-1337 http://packetstormsecurity.com/files/160028/Microsoft-Windows-Local-Spooler-Bypass.html http://packetstormsecurity.com/files/160993/Microsoft-Spooler-Local-Privilege-Elevation.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1337 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1337 https://github.com/sailay1996/cve-2 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 18%CPEs: 4EXPL: 4CVE-2019-0808 – Microsoft Win32k Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-0808
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797. Se presenta una vulnerabilidad de elevación de privilegios en Windows cuando el componente Win32k no puede manejar apropiadamente los objetos en la memoria, también se conoce como "Win32k Elevation of Privilege Vulnerability". Este ID de CVE es diferente de CVE-2019-0797. Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. • https://www.exploit-db.com/exploits/46604 https://github.com/exodusintel/CVE-2019-0808 https://github.com/rakesh143/CVE-2019-0808 https://github.com/bb33bb/CVE-2019-0808-32-64-exp http://packetstormsecurity.com/files/157616/Microsoft-Windows-NtUserMNDragOver-Local-Privilege-Escalation.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0808 https://github.com/ze0r/cve-2019-0808-poc http://blogs.360.cn/post/RootCause_CVE-2019-0808_EN.html https://blog. •