Security Vulnerabilities - Known exploited
CVE-2021-31956
Windows NTFS Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.883
Published
2021-06-08
CVE-2021-30533
Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.
Known exploited
CVSS Score
6.5
EPSS Score
0.064
Published
2021-06-07
CVE-2021-27852
Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. This issue affects: Checkbox Survey versions prior to 7.
Known exploited
CVSS Score
9.8
EPSS Score
0.211
Published
2021-05-27
CVE-2021-22894
A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.
Known exploited
CVSS Score
8.8
EPSS Score
0.497
Published
2021-05-27
CVE-2021-22899
A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature
Known exploited
CVSS Score
8.8
EPSS Score
0.45
Published
2021-05-27
CVE-2021-22900
A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
Known exploited
CVSS Score
7.2
EPSS Score
0.017
Published
2021-05-27
CVE-2021-21985
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2021-05-26
CVE-2021-27562
In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
Known exploited
CVSS Score
5.5
EPSS Score
0.722
Published
2021-05-25
CVE-2021-29256
. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.
Known exploited
CVSS Score
8.8
EPSS Score
0.01
Published
2021-05-24
CVE-2021-28799
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3.0.210412 on QTS 4.3.6; versions prior to v3.0.210411 on QTS 4.3.4; versions prior to v3.0.210411 on QTS 4.3.3; versions prior to v16.0.0419 on QuTS hero h4.5.1; versions prior to v16.0.0419 on QuTScloud c4.5.1~c4.5.4. This issue does not affect: QNAP Systems Inc. HBS 2 . QNAP Systems Inc. HBS 1.3 .
Known exploited
CVSS Score
10.0
EPSS Score
0.888
Published
2021-05-13