CVSS: 7.8EPSS: 13%CPEs: 24EXPL: 0CVE-2021-1647 – Microsoft Defender Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-1647
Microsoft Defender Remote Code Execution Vulnerability Una Vulnerabilidad de Ejecución de Código Remota de Microsoft Defender Microsoft Defender contains an unspecified vulnerability that allows for remote code execution. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1647 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1647 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-1646 – Windows WLAN Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-1646
Windows WLAN Service Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios del servicio WLAN de Windows • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1646 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1646 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2021-1645 – Windows Docker Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-1645
Windows Docker Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información de Windows Docker Microsoft Windows Containers suffers from a DP API design flaw where encryption keys are shared and reused between images. • http://packetstormsecurity.com/files/161816/Microsoft-Windows-Containers-DP-API-Cryptography-Flaw.html http://seclists.org/fulldisclosure/2021/Mar/33 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1645 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1645 •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2021-1642 – Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-1642
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de Windows AppX Deployment Extensions. Este ID de CVE es diferente de CVE-2021-1685 This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppX Deployment Service. By creating a directory junction, an attacker can abuse the service to delete a directory. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1642 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1642 • CWE-269: Improper Privilege Management •
CVSS: 7.7EPSS: 0%CPEs: 9EXPL: 0CVE-2021-1638 – Windows Bluetooth Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-1638
Windows Bluetooth Security Feature Bypass Vulnerability Una Vulnerabilidad de Omisión de la Funcionalidad Windows Bluetooth Security. Este ID de CVE es diferente de CVE-2021-1683, CVE-2021-1684 Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1638 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1638 •