CVE-2021-31959 – Scripting Engine Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2021-31959
Scripting Engine Memory Corruption Vulnerability Una vulnerabilidad de corrupción de la memoria en Motor de Scripting • http://packetstormsecurity.com/files/163056/Internet-Explorer-jscript9.dll-Memory-Corruption.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31959 •
CVE-2021-31958 – Windows NTLM Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-31958
Windows NTLM Elevation of Privilege Vulnerability Una vulnerabilidad de Escalada de Privilegios en Windows NTLM • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31958 • CWE-294: Authentication Bypass by Capture-replay •
CVE-2021-31955 – Microsoft Windows Kernel Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-31955
Windows Kernel Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información en Windows Kernel Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memory from a user-mode process. • https://github.com/freeide/CVE-2021-31955-POC https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31955 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVE-2021-31956 – Microsoft Windows NTFS Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-31956
Windows NTFS Elevation of Privilege Vulnerability Una vulnerabilidad de Escalada de Privilegios en Windows NTFS Microsoft Windows New Technology File System (NTFS) contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted application. • https://github.com/aazhuliang/CVE-2021-31956-EXP https://github.com/Y3A/CVE-2021-31956 https://github.com/hoangprod/CVE-2021-31956-POC https://github.com/hzshang/CVE-2021-31956 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31956 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2021-31954 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-31954
Windows Common Log File System Driver Elevation of Privilege Vulnerability Una vulnerabilidad de Escalada de Privilegios en Windows Common Log File System Driver This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the clfs.sys driver. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31954 https://www.zerodayinitiative.com/advisories/ZDI-21-668 • CWE-122: Heap-based Buffer Overflow CWE-269: Improper Privilege Management •