Security Vulnerabilities - Known exploited
CVE-2021-36742
A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Known exploited
CVSS Score
7.8
EPSS Score
0.014
Published
2021-07-29
CVE-2021-35464
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2021-07-22
CVE-2021-36934
<p>An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>An attacker must have the ability to execute code on a victim system to exploit this vulnerability.</p>
<p>After installing this security update, you <em>must</em> manually delete all shadow copies of system files, including the SAM database, to fully mitigate this vulnerabilty. <strong>Simply installing this security update will not fully mitigate this vulnerability.</strong> See <a href="https://support.microsoft.com/topic/1ceaa637-aaa3-4b58-a48b-baf72a2fa9e7">KB5005357- Delete Volume Shadow Copies</a>.</p>
Known exploited
CVSS Score
7.8
EPSS Score
0.91
Published
2021-07-22
CVE-2021-34448
Scripting Engine Memory Corruption Vulnerability
Known exploited
CVSS Score
6.8
EPSS Score
0.02
Published
2021-07-16
CVE-2021-35211
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.
Known exploited
CVSS Score
9.0
EPSS Score
0.943
Published
2021-07-14
CVE-2021-34523
Microsoft Exchange Server Elevation of Privilege Vulnerability
Known exploited
CVSS Score
9.0
EPSS Score
0.941
Published
2021-07-14
CVE-2021-34473
Microsoft Exchange Server Remote Code Execution Vulnerability
Known exploited
CVSS Score
9.1
EPSS Score
0.942
Published
2021-07-14
CVE-2021-33766
Microsoft Exchange Server Information Disclosure Vulnerability
Known exploited
CVSS Score
7.3
EPSS Score
0.936
Published
2021-07-14
CVE-2021-33771
Windows Kernel Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.066
Published
2021-07-14
CVE-2021-31196
Microsoft Exchange Server Remote Code Execution Vulnerability
Known exploited
CVSS Score
7.2
EPSS Score
0.033
Published
2021-07-14