Security Vulnerabilities - Known exploited
CVE-2021-21311
Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.
Known exploited
CVSS Score
7.2
EPSS Score
0.942
Published
2021-02-11
CVE-2021-21017
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Known exploited
CVSS Score
8.8
EPSS Score
0.902
Published
2021-02-11
CVE-2021-23874
Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.
Known exploited
CVSS Score
8.2
EPSS Score
0.009
Published
2021-02-10
CVE-2021-21148
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Known exploited
CVSS Score
8.8
EPSS Score
0.249
Published
2021-02-09
CVE-2021-22502
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.
Known exploited
CVSS Score
9.8
EPSS Score
0.938
Published
2021-02-08
CVE-2021-20016
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.
Known exploited
CVSS Score
9.8
EPSS Score
0.78
Published
2021-02-04
CVE-2020-2506
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.
Known exploited
CVSS Score
7.3
EPSS Score
0.18
Published
2021-02-03
CVE-2020-25506
D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.943
Published
2021-02-02
CVE-2020-29557
An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.91
Published
2021-01-29
CVE-2021-3156
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Known exploited
CVSS Score
7.8
EPSS Score
0.925
Published
2021-01-26