CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2021-31971 – Windows HTML Platforms Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-31971
Windows HTML Platforms Security Feature Bypass Vulnerability Una vulnerabilidad de Omisión de la Característica de Seguridad en Windows HTML Platform Security • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31971 •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2021-31970 – Windows TCP/IP Driver Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-31970
Windows TCP/IP Driver Security Feature Bypass Vulnerability Una vulnerabilidad de Omisión de la Característica de Seguridad en Windows TCP/IP Driver The Windows Filtering Platform does not verify the token impersonation level when checking filters allowing the bypass of firewall rules leading to elevation of privilege. • http://packetstormsecurity.com/files/163256/Microsoft-Windows-Filtering-Platform-Token-Access-Check-Privilege-Escalation.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31970 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-31969 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-31969
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Una vulnerabilidad de Escalada de Privilegios en Windows Cloud Files Mini Filter Driver This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the cldflt.sys driver. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31969 https://www.zerodayinitiative.com/advisories/ZDI-21-797 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2021-31968 – Windows Remote Desktop Services Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-31968
Windows Remote Desktop Services Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en Windows Remote Desktop Services • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31968 •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2021-31962 – Kerberos AppContainer Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-31962
Kerberos AppContainer Security Feature Bypass Vulnerability Una vulnerabilidad de Omisión de la Característica de Seguridad en Kerberos AppContainer Kerberos supports a security buffer to set the target SPN of a ticket bypassing the SPN check in LSASS. • http://packetstormsecurity.com/files/163206/Windows-Kerberos-AppContainer-Enterprise-Authentication-Capability-Bypass.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31962 •