Security Vulnerabilities - Known exploited
CVE-2021-44529
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
Known exploited
CVSS Score
9.8
EPSS Score
0.945
Published
2021-12-08
CVE-2021-27860
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.
Known exploited
CVSS Score
9.8
EPSS Score
0.421
Published
2021-12-08
CVE-2021-20038
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.
Known exploited
CVSS Score
9.8
EPSS Score
0.943
Published
2021-12-08
CVE-2021-44077
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
Known exploited
CVSS Score
9.8
EPSS Score
0.942
Published
2021-11-29
CVE-2021-38000
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.
Known exploited
CVSS Score
6.1
EPSS Score
0.031
Published
2021-11-23
CVE-2021-38003
Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Known exploited
CVSS Score
8.8
EPSS Score
0.801
Published
2021-11-23
CVE-2021-44026
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
Known exploited
CVSS Score
9.8
EPSS Score
0.686
Published
2021-11-19
CVE-2021-41277
Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application.
Known exploited
CVSS Score
10.0
EPSS Score
0.944
Published
2021-11-17
CVE-2021-42321
Microsoft Exchange Server Remote Code Execution Vulnerability
Known exploited
CVSS Score
8.8
EPSS Score
0.935
Published
2021-11-10
CVE-2021-42292
Microsoft Excel Security Feature Bypass Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.179
Published
2021-11-10