Security Vulnerabilities - Known exploited
CVE-2022-21882
Win32k Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.0
EPSS Score
0.887
Published
2022-01-11
CVE-2022-22265
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.
Known exploited
CVSS Score
5.0
EPSS Score
0.002
Published
2022-01-10
CVE-2021-35247
Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.
Known exploited
CVSS Score
4.3
EPSS Score
0.053
Published
2022-01-10
CVE-2021-44168
A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.
Known exploited
CVSS Score
3.3
EPSS Score
0.011
Published
2022-01-04
CVE-2021-44207
Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.
Known exploited
CVSS Score
8.1
EPSS Score
0.089
Published
2021-12-21
CVE-2021-22054
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.
Known exploited
CVSS Score
7.5
EPSS Score
0.938
Published
2021-12-17
CVE-2021-1048
In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel
Known exploited
CVSS Score
7.8
EPSS Score
0.009
Published
2021-12-15
CVE-2021-0920
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel
Known exploited
CVSS Score
6.4
EPSS Score
0.009
Published
2021-12-15
CVE-2021-43890
We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader.
An attacker could craft a malicious attachment to be used in phishing campaigns. The attacker would then have to convince the user to open the specially crafted attachment. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Please see the Security Updates table for the link to the updated app. Alternatively you can download and install the Installer using the links provided in the FAQ section.
Please see the Mitigations and Workaround sections for important information about steps you can take to protect your system from this vulnerability.
December 27 2023 Update:
In recent months, Microsoft Threat Intelligence has seen an increase in activity from threat actors leveraging social engineering and phishing techniques to target Windows OS users and utilizing the ms-appinstaller URI scheme.
To address this increase in activity, we have updated the App Installer to disable the ms-appinstaller protocol by default and recommend other potential mitigations.
Known exploited
CVSS Score
7.1
EPSS Score
0.164
Published
2021-12-15
CVE-2021-43226
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.084
Published
2021-12-15