Security Vulnerabilities - CVEs Published In February 2021
Microsoft SharePoint Server Spoofing Vulnerability
CVSS Score
8.0
EPSS Score
0.011
Published
2021-02-25
Windows Installer Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.002
Published
2021-02-25
System Center Operations Manager Elevation of Privilege Vulnerability
CVSS Score
8.8
EPSS Score
0.006
Published
2021-02-25
<p>A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user.</p>
<p>This update addresses this vulnerability.</p>
<p>To prevent these types of attacks, Microsoft recommends customers to download inline images from different DNSdomains than the rest of OWA. Please see further instructions in the FAQ to put in place this mitigations.</p>
CVSS Score
5.4
EPSS Score
0.033
Published
2021-02-25
PFX Encryption Security Feature Bypass Vulnerability
CVSS Score
5.5
EPSS Score
0.005
Published
2021-02-25
CVE-2021-1732
Windows Win32k Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.896
Published
2021-02-25
Sysinternals PsExec Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.003
Published
2021-02-25
Microsoft Windows Security Feature Bypass Vulnerability
CVSS Score
8.8
EPSS Score
0.106
Published
2021-02-25
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
CVSS Score
3.2
EPSS Score
0.0
Published
2021-02-25
A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations.
CVSS Score
9.8
EPSS Score
0.001
Published
2021-02-25