Somaro

#11686of 53,624
23.5Total CVSS
Vulnerabilities · 3
Medium
1
High
2
PT-2021-2423
7.8
2021-03-09
Microsoft · Windows · CVE-2021-26887
Name of the Vulnerable Software and Affected Versions: Microsoft Windows (affected versions not specified) Description: The issue is related to the implementation of the Folder Redirection technology in Microsoft Windows, which is associated with insecure privilege management. An attacker who successfully exploits this issue could gain elevated privileges, allowing them to redirect another user's personal data to a created folder. This can be achieved by creating a new folder under the Folder Redirection root path and creating a junction on a newly created User folder. When a new user logs in, Folder Redirection would start redirecting to the folder and copying personal data. Recommendations: To address this issue, reconfigure Folder Redirection with Offline files and restrict permissions. This can be done by following the configuration guidance provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2020-3083
6.7
2020-07-14
Microsoft · Windows · CVE-2020-1333
**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability in the Group Policy Services of the Windows operating system. It is caused by improper handling of reparse points during policy processing, which can lead to a buffer overflow in memory. Exploitation of this issue may allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2020-2920
9.0
2020-06-09
Microsoft · Windows · CVE-2020-1317
**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to a lack of proper access control in the Windows group policy, allowing a remote attacker to potentially elevate their privileges and execute arbitrary code using a specially crafted application. This can affect the system, enabling attackers to impact it. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.