CVSS: 7.8EPSS: 1%CPEs: 19EXPL: 0CVE-2021-31188 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-31188
11 May 2021 — Windows Graphics Component Elevation of Privilege Vulnerability Una vulnerabilidad de Escalada de Privilegios de Windows Graphics Component. Este ID de CVE es diferente de CVE-2021-31170 This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Font Entry objects.... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31188 • CWE-416: Use After Free •
CVSS: 7.4EPSS: 12%CPEs: 19EXPL: 0CVE-2021-31186 – Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-31186
11 May 2021 — Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información de Windows Remote Desktop Protocol (RDP) • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31186 •
CVSS: 5.5EPSS: 3%CPEs: 19EXPL: 1CVE-2021-31184 – Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-31184
11 May 2021 — Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información de Microsoft Windows Infrared Data Association (IrDA) • https://github.com/waleedassar/CVE-2021-31184 •
CVSS: 9.9EPSS: 63%CPEs: 18EXPL: 6CVE-2021-28476 – Windows Hyper-V Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-28476
11 May 2021 — Windows Hyper-V Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Hyper-V • https://packetstorm.news/files/id/163497 •
CVSS: 8.8EPSS: 6%CPEs: 23EXPL: 0CVE-2021-28455 – Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-28455
11 May 2021 — Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft Jet Red Database Engine y Access Connectivity Engine • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28455 •
CVSS: 7.6EPSS: 34%CPEs: 19EXPL: 2CVE-2021-26419 – Scripting Engine Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2021-26419
11 May 2021 — Scripting Engine Memory Corruption Vulnerability Una vulnerabilidad de Corrupción de la Memoria del Motor de Scripting There is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied. • https://packetstorm.news/files/id/162570 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 385EXPL: 1CVE-2020-24588 – kernel: wifi frame payload being parsed incorrectly as an L2 frame
https://notcve.org/view.php?id=CVE-2020-24588
11 May 2021 — The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. El estándar 802.11 que sustenta a Wi-Fi Protected Access (WPA, WPA2, y WPA3) y Wired Equivalent Privacy (WEP) no requiere que el flag A-MSDU ... • http://www.openwall.com/lists/oss-security/2021/05/11/12 • CWE-20: Improper Input Validation CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.1EPSS: 1%CPEs: 19EXPL: 0CVE-2021-28446 – Windows Portmapping Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-28446
13 Apr 2021 — Windows Portmapping Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información de Windows Portmapping • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28446 •
CVSS: 8.8EPSS: 17%CPEs: 17EXPL: 0CVE-2021-28445 – Windows Network File System Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-28445
13 Apr 2021 — Windows Network File System Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota del Network File System de Windows • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28445 •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 0CVE-2021-28443 – Windows Console Driver Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-28443
13 Apr 2021 — Windows Console Driver Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio del controlador de la consola de Windows. Este ID de CVE es diferente de CVE-2021-28438 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28443 •