Security Vulnerabilities - Known exploited
CVE-2021-38648
Open Management Infrastructure Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.318
Published
2021-09-15
CVE-2021-38649
Open Management Infrastructure Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.0
EPSS Score
0.05
Published
2021-09-15
CVE-2021-38645
Open Management Infrastructure Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.115
Published
2021-09-15
CVE-2021-36955
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.206
Published
2021-09-15
CVE-2021-38163
SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable.
Known exploited
CVSS Score
9.9
EPSS Score
0.848
Published
2021-09-14
CVE-2021-40870
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
Known exploited
CVSS Score
9.8
EPSS Score
0.943
Published
2021-09-13
CVE-2021-30713
A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited..
Known exploited
CVSS Score
7.8
EPSS Score
0.001
Published
2021-09-08
CVE-2021-30657
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited..
Known exploited
CVSS Score
5.5
EPSS Score
0.831
Published
2021-09-08
CVE-2021-30661
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Known exploited
CVSS Score
8.8
EPSS Score
0.001
Published
2021-09-08
CVE-2021-30663
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.
Known exploited
CVSS Score
8.8
EPSS Score
0.007
Published
2021-09-08