CVE-2021-32537 – Realtek High definition audio Windows driver crashed
https://notcve.org/view.php?id=CVE-2021-32537
Realtek HAD contains a driver crashed vulnerability which allows local side attackers to send a special string to the kernel driver in a user’s mode. Due to unexpected commands, the kernel driver will cause the system crashed. • https://github.com/0vercl0k/CVE-2021-32537 http://packetstormsecurity.com/files/163498/Realtek-RTKVHD64.sys-Out-Of-Bounds-Access.html https://www.twcert.org.tw/tw/cp-132-4813-7b578-1.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2021-28447 – Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-28447
Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability Una vulnerabilidad de Omisión de la Característica de Seguridad de Early Launch Antimalware Driver de Windows. • https://bi-zone.medium.com/measured-boot-and-malware-signatures-exploring-two-vulnerabilities-found-in-the-windows-loader-5a4fcc3c4b66 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28447 •
CVE-2021-27094 – Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-27094
Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability Una vulnerabilidad de Omisión de la Característica de Seguridad en Windows Early Launch Antimalware Driver. • https://bi-zone.medium.com/measured-boot-and-malware-signatures-exploring-two-vulnerabilities-found-in-the-windows-loader-5a4fcc3c4b66 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27094 •
CVE-2021-28927
https://notcve.org/view.php?id=CVE-2021-28927
The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names. El motor de text-to-speech en libretro RetroArch para Windows versión 1.9.0 pasa la entrada no saneada a PowerShell mediante el archivo platform_win32.c por medio de la función accessibility_speak_windows, que permite a atacantes que presentan acceso de escritura en los sistemas de archivos que usa RetroArch para ejecutar código por medio de la inyección de comandos usando especialmente un nombres de archivos y directorios diseñados • http://libretro.com http://retroarch.com https://github.com/libretro/RetroArch/blob/d3dc3ee989ec6a4903c689907ffc47027f71f776/frontend/drivers/platform_win32.c https://labs.bishopfox.com/advisories/retroarch-for-windows-version-1.9.0 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-24098 – Windows Console Driver Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-24098
Windows Console Driver Denial of Service Vulnerability Una Vulnerabilidad de Denegación de Servicio del Console Driver de Windows • https://github.com/waleedassar/CVE-2021-24098 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24098 •