Vulnerabilities
Vulnerable Software
Security Vulnerabilities - Known exploited
CVE-2021-41357
Known exploited
Win32k Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.146
Published
2021-10-13
CVE-2021-40449
Known exploited
Win32k Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.834
Published
2021-10-13
CVE-2021-40450
Known exploited
Win32k Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.151
Published
2021-10-13
CVE-2021-37973
Known exploited
Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVSS Score
9.6
EPSS Score
0.192
Published
2021-10-08
CVE-2021-37975
Known exploited
Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.552
Published
2021-10-08
CVE-2021-37976
Known exploited
Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.114
Published
2021-10-08
CVE-2021-30632
Known exploited
Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.842
Published
2021-10-08
CVE-2021-30633
Known exploited
Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVSS Score
9.6
EPSS Score
0.468
Published
2021-10-08
CVE-2021-42013
Known exploited
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
CVSS Score
9.8
EPSS Score
0.944
Published
2021-10-07
CVE-2021-25487
Known exploited
Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.
CVSS Score
7.3
EPSS Score
0.009
Published
2021-10-06


Contact Us

Shodan ® - All rights reserved