CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2021-31954 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-31954
Windows Common Log File System Driver Elevation of Privilege Vulnerability Una vulnerabilidad de Escalada de Privilegios en Windows Common Log File System Driver This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the clfs.sys driver. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31954 https://www.zerodayinitiative.com/advisories/ZDI-21-668 • CWE-122: Heap-based Buffer Overflow CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-31952 – Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-31952
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Una vulnerabilidad de Escalada de Privilegios en Windows Kernel-Mode Driver • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31952 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-31951 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-31951
Windows Kernel Elevation of Privilege Vulnerability Una vulnerabilidad en la Escalada de Privilegios en Windows Kernel • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31951 •
CVSS: 6.5EPSS: 0%CPEs: 36EXPL: 0CVE-2021-26414 – Windows DCOM Server Security Feature Bypass
https://notcve.org/view.php?id=CVE-2021-26414
Windows DCOM Server Security Feature Bypass Omisión de la Funcionalidad de Seguridad en Windows DCOM Server Kerberos supports a security buffer to set the target SPN of a ticket bypassing the SPN check in LSASS. • http://packetstormsecurity.com/files/163206/Windows-Kerberos-AppContainer-Enterprise-Authentication-Capability-Bypass.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26414 •
CVSS: 9.3EPSS: 96%CPEs: 16EXPL: 31CVE-2021-1675 – Microsoft Windows Print Spooler Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-1675
Windows Print Spooler Remote Code Execution Vulnerability Una vulnerabilidad de Escalada de Privilegios de Windows Print Spooler Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution. • https://github.com/afwu/PrintNightmare https://github.com/cube0x0/CVE-2021-1675 https://github.com/calebstewart/CVE-2021-1675 https://github.com/hlldz/CVE-2021-1675-LPE https://github.com/LaresLLC/CVE-2021-1675 https://github.com/evilashz/CVE-2021-1675-LPE-EXP https://github.com/corelight/CVE-2021-1675 https://github.com/Leonidus0x10/CVE-2021-1675-SCANNER https://github.com/exploitblizzard/PrintNightmare-CVE-2021-1675 https://github.com/puckiestyle/CVE-2021-1675 https:// •