CVE-2023-21808 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21808
.NET and Visual Studio Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808 • CWE-416: Use After Free •
CVE-2023-21722 – .NET Framework Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-21722
.NET Framework Denial of Service Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21722 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2020-0787 – Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability
https://notcve.org/view.php?id=CVE-2020-0787
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. Existe una vulnerabilidad de elevación de privilegios cuando el Windows Background Intelligent Transfer Service (BITS) maneja inapropiadamente los enlaces simbólicos, también se conoce como "Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability". Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-level privileges. • https://github.com/cbwang505/CVE-2020-0787-EXP-ALL-WINDOWS-VERSION https://github.com/yanghaoi/CVE-2020-0787 http://packetstormsecurity.com/files/158056/Background-Intelligent-Transfer-Service-Privilege-Escalation.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0787 https://itm4n.github.io/cve-2020-0787-windows-bits-eop https://github.com/itm4n/BitsArbitraryFileMove https://attackerkb.com/assessments/e61cfec0-d766-4e7e-89f7-5aad2460afb8 https://googleprojectzero.blogspot.com/2018 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2019-0841 – Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-0841
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836. Existe una elevación de la vulnerabilidad de privilegios cuando el Servicio de implementación de Windows AppX (AppXSVC) maneja incorrectamente los enlaces físicos, también conocida como "Vulnerabilidad de Elevación Privilegios de Windows". El ID de este CVE es diferente de CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805 y CVE-2019-0836. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. • https://www.exploit-db.com/exploits/46976 https://www.exploit-db.com/exploits/46938 https://www.exploit-db.com/exploits/46683 https://www.exploit-db.com/exploits/47128 https://github.com/rogue-kdc/CVE-2019-0841 https://github.com/0x00-0x00/CVE-2019-0841-BYPASS https://github.com/likescam/CVE-2019-0841 https://github.com/mappl3/CVE-2019-0841 http://packetstormsecurity.com/files/152463/Microsoft-Windows-AppX-Deployment-Service-Privilege-Escalation.html http://packetstormsecurity.com • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2019-0810 – Microsoft Chakra Object Reoptimization Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-0810
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861. Existe una vulnerabilidad de ejecución remota de código en la forma en que el motor de scripting Chakra maneja los objetos en memoria en Microsoft Edge, también conocido como 'Vulnerabilidad de Corrupción de Memoria en el Motor de Scripting Chakra'. El ID de este CVE es diferente de CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860 y CVE-2019-0861. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0810 https://www.zerodayinitiative.com/advisories/ZDI-19-361 • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •