Page 80 of 1100 results (0.021 seconds)

CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0

CVE-2021-28479 – Windows CSC Service Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2021-28479

Windows CSC Service Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información de Windows CSC Service • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28479 •

CVSS: 9.9EPSS: 11%CPEs: 18EXPL: 4

CVE-2021-28476 – Windows Hyper-V Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2021-28476

Windows Hyper-V Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Hyper-V • https://github.com/0vercl0k/CVE-2021-28476 https://github.com/bluefrostsecurity/CVE-2021-28476 https://github.com/LaCeeKa/CVE-2021-28476-tools-env https://github.com/australeo/CVE-2021-28476 http://packetstormsecurity.com/files/163497/Microsoft-Hyper-V-vmswitch.sys-Proof-Of-Concept.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28476 •

CVSS: 8.8EPSS: 1%CPEs: 23EXPL: 0

CVE-2021-28455 – Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2021-28455

Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft Jet Red Database Engine y Access Connectivity Engine • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28455 •

CVSS: 7.6EPSS: 93%CPEs: 19EXPL: 1

CVE-2021-26419 – Scripting Engine Memory Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2021-26419

Scripting Engine Memory Corruption Vulnerability Una vulnerabilidad de Corrupción de la Memoria del Motor de Scripting There is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied. • http://packetstormsecurity.com/files/162570/Internet-Explorer-jscript9.dll-Memory-Corruption.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26419 • CWE-787: Out-of-bounds Write •

CVSS: 4.3EPSS: 0%CPEs: 385EXPL: 1

CVE-2020-24588 – kernel: wifi frame payload being parsed incorrectly as an L2 frame

https://notcve.org/view.php?id=CVE-2020-24588

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. El estándar 802.11 que sustenta a Wi-Fi Protected Access (WPA, WPA2, y WPA3) y Wired Equivalent Privacy (WEP) no requiere que el flag A-MSDU en el campo de encabezado QoS de texto plano esté autenticada. Contra dispositivos que admiten la recepción de tramas A-MSDU que no son SSP (que es obligatorio como parte de 802.11n), un adversario puede abusar de esto para inyectar paquetes de red arbitrarios A flaw was found in the Linux kernels wifi implementation. An attacker within wireless broadcast range can inject custom data into the wireless communication circumventing checks on the data. • http://www.openwall.com/lists/oss-security/2021/05/11/12 https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu https: • CWE-20: Improper Input Validation CWE-327: Use of a Broken or Risky Cryptographic Algorithm •