Monthly Archive: September 2021

Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability Date published : 2021-09-15 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38629

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38638. Date published : 2021-09-15 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38628

Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38625. Date published : 2021-09-15 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38626

Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38626. Date published : 2021-09-15 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38625

Windows Key Storage Provider Security Feature Bypass Vulnerability Date published : 2021-09-15 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38624

In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard. Date published : 2021-09-15 https://raxis.com/blog/cve-2021-38156 https://www.nagios.com/downloads/nagios-xi/change-log/

prism is vulnerable to Inefficient Regular Expression Complexity Date published : 2021-09-15 https://huntr.dev/bounties/8c16ab31-6eb6-46d1-b9a4-387222fe1b8a https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9

hestiacp is vulnerable to Use of Wrong Operator in String Comparison Date published : 2021-09-15 https://huntr.dev/bounties/c24fb15c-3c84-45c8-af04-a660f8da388f https://github.com/hestiacp/hestiacp/commit/fc68baff4f94b59e38316f886d0ce47d337042f7

vim is vulnerable to Use After Free Date published : 2021-09-15 https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/

semver-regex is vulnerable to Inefficient Regular Expression Complexity Date published : 2021-09-15 https://huntr.dev/bounties/006624e3-35ac-448f-aab9-7b5183f30e28 https://github.com/sindresorhus/semver-regex/commit/11c66245f4e1976dccc52977ed183696a21a3fd7

vuelidate is vulnerable to Inefficient Regular Expression Complexity Date published : 2021-09-15 https://huntr.dev/bounties/d8201b98-fb91-4c12-a6f7-181b4a20d9b7 https://github.com/vuelidate/vuelidate/commit/1f0ca31c30e5032f00dbd14c4791b5ee7928f71d

The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute...

The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute...

WriteRegistry function in TSSServiSign component does not filter and verify users’ input, remote attackers can rewrite to the registry without permissions thus perform hijack attacks to execute arbitrary code. Date published : 2021-09-15 https://www.twcert.org.tw/tw/cp-132-5093-76f04-1.html