Security Vulnerabilities - Known exploited
CVE-2021-21224
Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Known exploited
CVSS Score
8.8
EPSS Score
0.469
Published
2021-04-26
CVE-2021-22204
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
Known exploited
CVSS Score
6.8
EPSS Score
0.929
Published
2021-04-23
CVE-2021-22205
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
Known exploited
CVSS Score
10.0
EPSS Score
0.945
Published
2021-04-23
CVE-2021-22893
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
Known exploited
CVSS Score
10.0
EPSS Score
0.936
Published
2021-04-23
CVE-2021-20023
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.
Known exploited
CVSS Score
4.9
EPSS Score
0.427
Published
2021-04-20
CVE-2021-3493
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
Known exploited
CVSS Score
8.8
EPSS Score
0.752
Published
2021-04-17
CVE-2020-2509
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later
Known exploited
CVSS Score
9.8
EPSS Score
0.84
Published
2021-04-17
CVE-2021-28310
Win32k Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.54
Published
2021-04-13
CVE-2021-20021
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.
Known exploited
CVSS Score
9.8
EPSS Score
0.917
Published
2021-04-09
CVE-2021-20022
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.
Known exploited
CVSS Score
7.2
EPSS Score
0.2
Published
2021-04-09