Security Vulnerabilities - Known exploited
CVE-2021-22899
A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature
Known exploited
CVSS Score
8.8
EPSS Score
0.159
Published
2021-05-27
CVE-2021-22900
A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
Known exploited
CVSS Score
7.2
EPSS Score
0.007
Published
2021-05-27
CVE-2021-21985
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2021-05-26
CVE-2021-27562
In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
Known exploited
CVSS Score
5.5
EPSS Score
0.445
Published
2021-05-25
CVE-2021-29256
. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.
Known exploited
CVSS Score
8.8
EPSS Score
0.005
Published
2021-05-24
CVE-2021-28799
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3.0.210412 on QTS 4.3.6; versions prior to v3.0.210411 on QTS 4.3.4; versions prior to v3.0.210411 on QTS 4.3.3; versions prior to v16.0.0419 on QuTS hero h4.5.1; versions prior to v16.0.0419 on QuTScloud c4.5.1~c4.5.4. This issue does not affect: QNAP Systems Inc. HBS 2 . QNAP Systems Inc. HBS 1.3 .
Known exploited
CVSS Score
10.0
EPSS Score
0.908
Published
2021-05-13
CVE-2021-31207
Microsoft Exchange Server Security Feature Bypass Vulnerability
Known exploited
CVSS Score
6.6
EPSS Score
0.94
Published
2021-05-11
CVE-2021-31166
HTTP Protocol Stack Remote Code Execution Vulnerability
Known exploited
CVSS Score
9.8
EPSS Score
0.931
Published
2021-05-11
CVE-2021-28663
The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0.
Known exploited
CVSS Score
8.8
EPSS Score
0.027
Published
2021-05-10
CVE-2021-28664
The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r8p0 through r30p0 before r31p0.
Known exploited
CVSS Score
8.8
EPSS Score
0.002
Published
2021-05-10