CVE-2020-1009

An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0934, CVE-2020-0983, CVE-2020-1011, CVE-2020-1015...

CVE-2020-0944

An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0942, CVE-2020-1029...

CVE-2020-0942

CVE-2020-0942 is an Elevation of Privilege vulnerability in the Windows Connected User Experiences and Telemetry Service caused by improper handling of file operations. According to CNVD/NVD entries, exploitation would allow a locally authenticated attacker to execute code with elevated privilege...

CVE-2020-0942

An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0944, CVE-2020-1029...

CVE-2020-1094

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka ‘Windows Work Folder Service Elevation of Privilege Vulnerability’. Recent assessments: bac2binary at April 15, 2020 4:47pm UTC reported: The attack complexity is very less,...

Description of the security update for the elevation of privilege vulnerability in Microsoft Visual Studio 2015 Update 3: April 14, 2020

Description of the security update for the elevation of privilege vulnerability in Microsoft Visual Studio 2015 Update 3: April 14, 2020 Applies to: All Visual Studio 2015 Update 3 editions except Build Tools Notice In November 2020, the content of this article was updated to clarify the affected...

Visual Studio Extension Installer Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations. An attacker who successfully exploited the vulnerability could delete files in arbitrary locations with elevated permissions. To exploit the vulnerability, an...

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally...

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows System Assessment Tool improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially...

Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could overwrite files in arbitrary locations with elevated permissions. To exploit the vulnerability, ...

Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a...

Windows Work Folder Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted...

Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a...

KB4549949: Windows 10 Version 1809 and Windows Server 2019 April 2020 Security Update

The remote Windows host is missing security update 4549949. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability...

Security Updates for Microsoft Visual Studio Products (April 2020)

The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions. An attacker who successfully exploited thi...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as a deficiency was found in the Linux kernel tmpfs implementation. This could allow a local unprivileged user to make a certain sequence of file operations, possibly causing a denial of service...

Items in the navigation pane of File Explorer may disappear in Windows

Items in the navigation pane of File Explorer may disappear in Windows This article describes an issue that occurs when many file operations occur in quick succession in Windows RT 8.1, Windows 8.1, or Windows Server 2012 R2. You can resolve this issue by using the update in this article. Before...

(0Day) Advantech WebAccess webvrpc IOCTL 0x2715 Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x2715 in the webvrpcs process. The issue results...

DedeCMS v7.5 SP2 - Multiple Persistent Web Vulnerabilities

Document Title: =============== DedeCMS v7.5 SP2 - Multiple Persistent Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2195 Release Date: ============= 2020-04-08 Vulnerability Laboratory ID VL-ID: ===================================...

(0Day) Advantech WebAccess IOCTL 0x2711 BwPFile Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IOCTL 0x2711, which can be used to invoke BwPFile.exe. The issue...