CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 2CVE-2019-1170 – Windows NTFS Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2019-1170
14 Aug 2019 — An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by preventing sandboxed processes from creating reparse points targeting inaccessible files. existe una vulnerabilidad de elevación de privilegios cuando los punt... • http://packetstormsecurity.com/files/154192/Microsoft-Windows-SET_REPARSE_POINT_EX-Mount-Point-Security-Feature-Bypass.html • CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 15%CPEs: 26EXPL: 3CVE-2019-1125 – Windows Kernel Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1125
07 Aug 2019 — Se presenta una vulnerabilidad de divulgación de información cuando ciertas unidades de procesamiento central (CPU) acceden especulativamente a la memoria, también conocida como "Windows Kernel Information Disclosure Vulnerability". ... It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. • https://packetstorm.news/files/id/156337 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2019-5685
https://notcve.org/view.php?id=CVE-2019-5685
06 Aug 2019 — NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution. Windows GPU Display Driver de NVIDIA (todas las versiones) contiene una vulnerabilidad en los controladores DirectX, en la que un shader especialmente diseñado puede causar un acceso fuera de límites a una matriz temporal local de... • https://nvidia.custhelp.com/app/answers/detail/a_id/4841 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2019-5684
https://notcve.org/view.php?id=CVE-2019-5684
06 Aug 2019 — NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution. Windows GPU Display Driver de NVIDIA (todas las versiones) contiene una vulnerabilidad en los controladores DirectX, en la que un shader especialmente diseñado puede causar un acceso fuera de límites de una matriz de textura de entrada, l... • http://www.vmware.com/security/advisories/VMSA-2019-0012.html • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 3CVE-2019-13603
https://notcve.org/view.php?id=CVE-2019-13603
16 Jul 2019 — An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. ... Se detectó un problema en el controlador versión 5.0.0.5 del Framework Biometric de Windows del U.are.U 4500 Fingerprint Reader de HID Global DigitalPersona (anteriormente Crossmatch). • https://github.com/sungjungk/fp-scanner-hacking • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.8EPSS: 4%CPEs: 6EXPL: 1CVE-2019-0959 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2019-0959
12 Jun 2019 — An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. ... Existe una vulnerabilidad de elevación de privilegios cuando el controlador de Common Log File System (CLFS) de Windows maneja inapropiadamente los objetos en la memoria, también se conoce como 'Windows Common Log File System Driver Eleva... • https://www.exploit-db.com/exploits/47028 •
CVSS: 10.0EPSS: 94%CPEs: 139EXPL: 127CVE-2019-0708 – Microsoft Remote Desktop Services Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-0708
16 May 2019 — The RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120, allowing a malformed Disconnect Provider Indication message to cause a use-after-free. • https://github.com/cbwang505/CVE-2019-0708-EXP-Windows • CWE-416: Use After Free •
CVSS: 7.8EPSS: 37%CPEs: 18EXPL: 2CVE-2019-0836 – Microsoft Windows 10 1809 - LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-0836
09 Apr 2019 — An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. ... Existe una vulnerabilidad de elevación de privilegios cuando Windows maneja incorrectamente las llamadas al controlador LUAFV (luafv.sys), también conocido como ' vulnerabilidad de elevación de privilegios de Windows'. ... On Microsoft Windows, the LUAFV driver has a race condition in the... • http://packetstormsecurity.com/files/152538/Microsoft-Windows-LUAFV-PostLuafvPostReadWrite-SECTION_OBJECT_POINTERS-Race-Condition.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.5EPSS: 3%CPEs: 18EXPL: 2CVE-2019-0796 – Microsoft Windows 10 1809 - LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-0796
09 Apr 2019 — An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. ... Existe una vulnerabilidad de elevación de privilegios en Windows, debido a que maneja incorrectamente las llamadas al controlador LUAFV (luafv.sys), también conocido como 'vulnerabilidad de elevación de privilegio de Windows'. ... On Microsoft Windows, the LUAFV driver bypasses security c... • http://packetstormsecurity.com/files/152535/Microsoft-Windows-LUAFV-LuafvCopyShortName-Arbitrary-Short-Name-Privilege-Escalation.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 2CVE-2019-0805 – Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-0805
09 Apr 2019 — An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. ... Existe una vulnerabilidad de elevación de privilegios en Windows, debido a que maneja incorrectamente las llamadas al controlador LUAFV (luafv.sys), también conocido como 'vulnerabilidad de elevación de privilegio de Windows'. ... On Microsoft Windows, the LUAFV driver can confuse the cac... • http://packetstormsecurity.com/files/152537/Microsoft-Windows-LUAFV-Delayed-Virtualization-Cache-Manager-Poisoning-Privilege-Escalation.html • CWE-345: Insufficient Verification of Data Authenticity •