Security Vulnerabilities - Known exploited
CVE-2021-26855
Microsoft Exchange Server Remote Code Execution Vulnerability
Known exploited
CVSS Score
9.1
EPSS Score
0.944
Published
2021-03-03
CVE-2021-26857
Microsoft Exchange Server Remote Code Execution Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.453
Published
2021-03-03
CVE-2021-26858
Microsoft Exchange Server Remote Code Execution Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.745
Published
2021-03-03
CVE-2021-27065
Microsoft Exchange Server Remote Code Execution Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.943
Published
2021-03-03
CVE-2021-27876
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. By using crafted input parameters in one of these commands, an attacker can access an arbitrary file on the system using System privileges.
Known exploited
CVSS Score
8.1
EPSS Score
0.008
Published
2021-03-01
CVE-2021-27877
An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.
Known exploited
CVSS Score
8.2
EPSS Score
0.455
Published
2021-03-01
CVE-2021-27878
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. The attacker could use one of these commands to execute an arbitrary command on the system using system privileges.
Known exploited
CVSS Score
8.8
EPSS Score
0.016
Published
2021-03-01
CVE-2021-1732
Windows Win32k Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.891
Published
2021-02-25
CVE-2021-21972
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
Known exploited
CVSS Score
9.8
EPSS Score
0.938
Published
2021-02-24
CVE-2021-21973
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
Known exploited
CVSS Score
5.3
EPSS Score
0.904
Published
2021-02-24