CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2021-1689 – Windows Multipoint Management Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-1689
Windows Multipoint Management Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de Windows Multipoint Management • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1689 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1689 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2021-1685 – Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-1685
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de Windows AppX Deployment Extensions. Este ID de CVE es diferente de CVE-2021-1642 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppX Deployment Service. By creating a directory junction, an attacker can abuse the service to create files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1685 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1685 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2021-1684 – Windows Bluetooth Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-1684
Windows Bluetooth Security Feature Bypass Vulnerability Una Vulnerabilidad de Omisión de la Funcionalidad de Windows Bluetooth Security. Este ID de CVE es diferente de CVE-2021-1638, CVE-2021-1683 Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1684 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1684 •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2021-1683 – Windows Bluetooth Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-1683
Windows Bluetooth Security Feature Bypass Vulnerability Una Vulnerabilidad de Omisión de la Característica de Seguridad de Windows Bluetooth. Este ID de CVE es diferente de CVE-2021-1638, CVE-2021-1684 Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1683 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1683 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-1682 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-1682
Windows Kernel Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios del Kernel de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of Event Tracing for Windows. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated data structure. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1682 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1682 • CWE-269: Improper Privilege Management •