Security Vulnerabilities - Known exploited
CVE-2021-25337
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.
Known exploited
CVSS Score
4.4
EPSS Score
0.008
Published
2021-03-04
CVE-2021-22681
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.
Known exploited
CVSS Score
9.8
EPSS Score
0.182
Published
2021-03-03
CVE-2021-26855
Microsoft Exchange Server Remote Code Execution Vulnerability
Known exploited
CVSS Score
9.1
EPSS Score
0.944
Published
2021-03-03
CVE-2021-26857
Microsoft Exchange Server Remote Code Execution Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.41
Published
2021-03-03
CVE-2021-26858
Microsoft Exchange Server Remote Code Execution Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.745
Published
2021-03-03
CVE-2021-27065
Microsoft Exchange Server Remote Code Execution Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.943
Published
2021-03-03
CVE-2021-27876
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. By using crafted input parameters in one of these commands, an attacker can access an arbitrary file on the system using System privileges.
Known exploited
CVSS Score
8.1
EPSS Score
0.011
Published
2021-03-01
CVE-2021-27877
An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.
Known exploited
CVSS Score
8.2
EPSS Score
0.455
Published
2021-03-01
CVE-2021-27878
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. The attacker could use one of these commands to execute an arbitrary command on the system using system privileges.
Known exploited
CVSS Score
8.8
EPSS Score
0.016
Published
2021-03-01
CVE-2021-1732
Windows Win32k Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.891
Published
2021-02-25