Zero-day Vulnerability Database
Zero-day vulnerabilities discovered: 89
Remote code execution in FreePBX Phone Apps module
CVE-2021-45461
Input validation error
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input in the Phone Apps (restapps) module for FreePBX. A remote attacker can send specially crafted input to the application and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Phone Apps
Links:
https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109 https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE https://community.freepbx.org/t/0-day-freepbx-exploit/80092
Multiple vulnerabilities in Google Chrome
CVE-2021-4102
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the V8 engine. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html
Code injection in Ivanti Endpoint Manager
CVE-2021-44529
Embedded malicious code (backdoor)
The vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) within the "/opt/landesk/broker/webroot/lib/csrf-magic.php" file. A remote non-authenticated attacker can set specially crafted cookies and gain unauthorized access to the application.
Note, the vulnerability patched in 2021 by Ivanti is considered a backdoor.
This entry was added only on 19.2.2024. The vulnerability was addressed by the vendor on 02.12.2021, however it was not disclosued as a backdoor or a zero-day.
Software: Endpoint Manager
Links:
Privilege escalation in Microsoft Windows
CVE-2021-43890
Permissions, Privileges, and Access Controls
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect permissions in windows installer service. A local user can run a specially crafted program to execute arbitrary code with SYSTEM privileges.
The vulnerability exists due to incomplete patch for #VU58061 (CVE-2021-41379).
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Known/fameous malware:
Emotet, Trickbot, Bazaloader
Arbitrary file upload in FatPipe WARP, MPVPN and IPVPN
Arbitrary file upload
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload in the web management interface. A remote attacker can upload a malicious file and execute it on the server.
Note, the vulnerability is being actively exploited in the wild.
The vulnerability allows multiple APT actors to gain access to an unrestricted file upload function and execute arbitrary code on the system.
Software: IPVPN, MPVPN, WARP
Remote code execution in Microsoft Excel
CVE-2021-42292
Input validation error
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper input validation when processing Excel files. A remote attacker can create a specially crafted Excel file, trick the victim into opening it and execute arbitrary code on the system.
Note, the vulnerability is being exploited in the wild.
Software: Microsoft Office
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-42292
Remote code execution in Microsoft Exchange Server
CVE-2021-42321
Input validation error
The vulnerability allows a remote user to compromise the affected system.
The vulnerability exists due to insufficient validation of cmdlet arguments. A remote user can run a specially crafted cmdlet and execute arbitrary commands on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Microsoft Exchange Server
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-42321
Privilege escalation in Google Android
CVE-2021-1048
Use-after-free
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Android kernel component within the epoll_loop_check_proc() function. A malicious application can trigger a use-after-free error and execute arbitrary code with kernel privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Android
Links:
https://source.android.com/security/bulletin/2021-11-01#2021-11-06-security-patch-level-vulnerability-details
Multiple vulnerabilities in Google Chrome
CVE-2021-38003
Improperly implemented security check for standard
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
Multiple vulnerabilities in Google Chrome
CVE-2021-38000
Exposed dangerous method or function
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insecure implementation in V8 engine in Google Chrome. A remote attacker can create a specially crafted website, trick the victim into visiting it and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
SQL injection in BQE BillQuick Web Suite
CVE-2021-42258
SQL injection
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
Note, the vulnerability is being actively exploited in the wild.The vulnerability allows a remote attacker to cause SQL injection, leading to remote code execution.
Software: BillQuick Web Suite
The vulnerability allows a remote attacker to cause SQL injection, leading to remote code execution.
Privilege escalation in Microsoft Windows kernel
CVE-2021-40449
Use-after-free
The vulnerability allows a local user to escalate privileges on the system.The vulnerability exists due to a boundary error within the Win32k NtGdiResetDC function in Microsoft Windows kernel. A local user can run a specially crafted program to trigger a use-after-free error, when the function ResetDC is executed a second time for the same handle during execution of its own callback, and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Known/fameous malware:
MysterySnail
Privilege escalation in Apple iOS and iPadOS
CVE-2021-30883
Integer overflow
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the IOMobileFrameBuffer subsystem. A malicious application can trigger integer overflow and execute arbitrary code on with kernel privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT212846
Multiple vulnerabilities in Apache HTTP Server
CVE-2021-41773
Path traversal
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts.
The vulnerability can be used to execute arbitrary OS commands on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apache HTTP Server
Links:
https://httpd.apache.org/security/vulnerabilities_24.html
Multiple vulnerabilities in Google Chrome
CVE-2021-37976
Information disclosure
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in core in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and gain access to sensitive information.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html
Multiple vulnerabilities in Google Chrome
CVE-2021-37975
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the V8 browser engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html
Remote code execution in Google Chrome
CVE-2021-37973
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content within the Portals component in Google Chrome. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html
Privilege escalation in Apple macOS Catalina
CVE-2021-30869
Type Confusion
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a type confusion error within the XNU subsystem. A local user can run a specially crafted program to trigger a type confusion error and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: macOS
Links:
https://support.apple.com/en-us/HT212825
Multiple vulnerabilities in Apple macOS Big Sur
CVE-2021-31010
Deserialization of Untrusted Data
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insecure input validation when processing serialized data within the Core Telephony service. A local application can pass specially crafted data to the service and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Software: macOS
Remote code execution in EntroLink PPX-AnyLink devices
Code Injection
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote administrator can execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.The vulnerability was used by multiple ransomware gangs to remotely execute code to PPX-AnyLink devices
Software: PPX-AnyLink 6004, PPX-AnyLink 6006, PPX-AnyLink 6900F, PPX-AnyLink 6900, PPX-AnyLink 6904, PPX-AnyLink 8000
The vulnerability was used by multiple ransomware gangs to remotely execute code to PPX-AnyLink devices
Multiple vulnerabilities in Google Chrome
CVE-2021-30633
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Indexed DB API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in-the-wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html
Multiple vulnerabilities in Google Chrome
CVE-2021-30632
Out-of-bounds write
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in V8. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in-the-wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html
Remote code execution in Apple iOS
CVE-2021-30858
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in-the-wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT212807
Remote code execution in Zoho ADSelfService Plus
CVE-2021-40539
Improper access control
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper access restrictions to the "/RestAPI/LogonCustomization" and "/RestAPI/Connection" REST API endpoints. A remote non-authenticated attacker can send specially HTTP requests to the aforementioned REST API endpoints and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Zoho ManageEngine ADSelfService Plus
Links:
https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html
Remote code execution in Microsoft MSHTML
CVE-2021-40444
Code Injection
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation within the MSHTML component. A remote attacker can create a specially crafted Office document with a malicious ActiveX control inside, trick the victim into opening the document and execute arbitrary code on the system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444
Remote code execution in Apple iOS
CVE-2021-30860
Integer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when processing PDF files within the CoreGraphics component. A remote attacker can trick the victim to open a specially crafted PDF file, trigger integer overflow and execute arbitrary code on the target system.
Note, the vulnerability is being active exploited in-the-wild via the FORCEDENTRY tool against Bahraini activists.
The vulnerability is believed to be used against Bahraini activists.
Software: Apple iOS
Known/fameous malware:
FORCEDENTRY
The vulnerability is believed to be used against Bahraini activists.
Links:
https://citizenlab.ca/2021/08/bahrain-hacks-activists-with-nso-group-zero-click-iphone-exploits/
Privilege escalation in Microsoft Windows Update Medic Service
CVE-2021-36948
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Windows Update Medic Service. A local user can run a specially crafted program to execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36948
Multiple vulnerabilities in Trend Micro Apex One
CVE-2021-36742
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error. A local user can run a specially crafted program to trigger memory corruption and execute arability code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Apex One
Links:
https://success.trendmicro.com/solution/000287819
Multiple vulnerabilities in Trend Micro Apex One
CVE-2021-36741
Arbitrary file upload
The vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload within the productтАЩs management console . A remote user can upload a malicious file and execute it on the server.
Note, the vulnerability is being actively exploited in the wild.
Software: Apex One
Links:
https://success.trendmicro.com/solution/000287819
Privilege escalation in Apple iOS and iPadOS
CVE-2021-30807
Buffer overflow
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary within the IOMobileFrameBuffer subsystem. A local application can trigger memory corruption and execute arbitrary code on the target system with kernel privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Multiple vulnerabilities in Google Chrome
CVE-2021-30563
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html
SQL injection in WooCommerce and WooCommerce Blocks plugin
CVE-2021-32789
SQL injection
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
Note, the vulnerability is being actively exploited in the wild.
The vulnerability was used to compromise WooCommerce plugin.
Software: WooCommerce
The vulnerability was used to compromise WooCommerce plugin.
Privilege escalation in Microsoft Windows kernel
CVE-2021-31979
Buffer overflow
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Windows kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31979
Remote code execution in Microsoft Scripting Engine
CVE-2021-34448
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in Microsoft scripting engine. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34448
Privilege escalation in Microsoft Windows kernel
CVE-2021-33771
Buffer overflow
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33771
Remote code execution in SolarWinds Serv-U
CVE-2021-35211
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can send a specially crafted request to the Serv-U server, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
MicrosoftтАЩs research indicates this vulnerability exploit involves a limited, targeted set of customers and a single threat actor.
Software: Serv-U FTP Server
MicrosoftтАЩs research indicates this vulnerability exploit involves a limited, targeted set of customers and a single threat actor.
Links:
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211
Remote code execution in Kaseya VSA
CVE-2021-30116
Input validation error
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error. A remote attacker can compromise the affected system.
Note, the vulnerability is being actively exploited in the wild by the REvil ransomware.
Software: Kaseya VSA
Known/fameous malware:
REvil
Links:
https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689
Remote code execution in Microsoft Windows Print Spooler
CVE-2021-34527
Code Injection
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation within the RpcAddPrinterDriverEx() function. A remote user can send a specially crafted request to the Windows Print Spooler and execute arbitrary code with SYSTEM privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being considered a zero-day and dubbed PrintNightmare. This is a different vulnerability than #VU54508 (CVE-2021-1675).
The PoC-code for this vulnerability was being made publicly available by mistake before official patch release. The vulnerability is considered a zero-day.
Software: Windows Server
The PoC-code for this vulnerability was being made publicly available by mistake before official patch release. The vulnerability is considered a zero-day.
Improper access control in WD My Book Live and WD My Book Live Duo
CVE-2021-35941
Improper access control
The vulnerability allows a remote attacker to delete all data on the system.
The vulnerability exists due to improper access restrictions to the administrator API. A remote non-authenticated attacker can send a specially crafted HTTP request to the exposed API and perform a system factory restore, deleting all data on the NAS device.
Note, the vulnerability is being actively exploited in the wild along with vulnerability #VU15460.
Software: WD My Book Live Duo, WD My Book Live
Links:
https://www.westerndigital.com/support/productsecurity/wdc-21008-recommended-security-measures-wd-mybooklive-wd-mybookliveduo
Multiple vulnerabilities in Google Chrome
CVE-2021-30554
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebGL component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html
Multiple vulnerabilities in Apple iOS 12
CVE-2021-30762
Use-after-free
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content within the WebKit component in Apple iOS. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT212548
Multiple vulnerabilities in Apple iOS 12
CVE-2021-30761
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content within the WebKit component in Apple iOS. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT212548
Multiple vulnerabilities in Google Chrome
CVE-2021-30551
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Privilege escalation in Microsoft Enhanced Cryptographic Provider
CVE-2021-31201
Security restrictions bypass
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in Microsoft Enhanced Cryptographic Provider. A local user can bypass implemented security restrictions and read or modify otherwise restricted information.
Note, the vulnerability is being actively exploited in the wild and related to a zero-day vulnerability in Adobe Reader #VU53125 (CVE-2021-28550) patched on May 11.Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31201
Privilege escalation in Microsoft Enhanced Cryptographic Provider
CVE-2021-31199
Security restrictions bypass
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in Microsoft Enhanced Cryptographic Provider. A local user can bypass implemented security restrictions and read or modify otherwise restricted information.
Note, the vulnerability is being actively exploited in the wild and related to a zero-day vulnerability in Adobe Reader #VU53125 (CVE-2021-28550) patched on May 11.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31199
Remote code execution in Microsoft DWM Core Library
CVE-2021-33739
Improper Privilege Management
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper privilege management within the Microsoft DWM Core Library. A remote attacker can trick the victim to run a specially crafted executable or script and execute arbitrary code on the system.
The vulnerability was reported by DBAPPSecurity Lieying Lab.
Software: Windows
The vulnerability was reported by DBAPPSecurity Lieying Lab.
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33739
Remote code execution in Windows MSHTML Platform
CVE-2021-33742
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content within Windows MSHTML Platform. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
The vulnerability was reported by GoogleтАЩs Threat Analysis Group.
Software: Windows
The vulnerability was reported by GoogleтАЩs Threat Analysis Group.
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33742
Privilege escalation in Microsoft Windows NTFS
CVE-2021-31956
Permissions, Privileges, and Access Controls
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists within the NTFS subsystem in Microsoft Windows. A local user can run a specially crafted program to execute arbitrary code with elevated privileges.
The vulnerability was reported to Microsoft by Kaspersky Lab.
Software: Windows
The vulnerability was reported to Microsoft by Kaspersky Lab.
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31955
OS Kernel information disclosure Microsoft Windows
CVE-2021-31955
Improper Privilege Management
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper privilege management. A local unprivileged user can read contents of Kernel memory from a user mode process.
Note, the vulnerability is being actively exploited in the wild.
The vulnerability was reported to Microsoft by Kaspersky Lab.
Software: Windows
The vulnerability was reported to Microsoft by Kaspersky Lab.
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31955
Arbitrary file upload in Fancy Product Designer plugin for WordPress
CVE-2021-24370
Arbitrary file upload
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload in "wp-admin" or "wp-content/plugins/fancy-product-designer/inc". A remote attacker can upload a malicious file and execute it on the server.
Note, the vulnerability is being actively exploited in the wild.
The vulnerability was used to upload arbitrary files on the target system.
Software: Fancy Product Designer
The vulnerability was used to upload arbitrary files on the target system.
Links:
https://www.wordfence.com/blog/2021/06/critical-0-day-in-fancy-product-designer-under-active-attack/
Multiple vulnerabilities in Apple macOS Big Sur
CVE-2021-30713
Input validation error
The vulnerability allows a local user to bypass Privacy preferences.
The vulnerability exists due to insufficient validation of user-supplied input within the TCC subsystem. A malicious application can bypass Privacy preferences and gain full disk access, perform screen recording or gain other permissions without requiring user's explicit consent.
Note, the vulnerability is being actively exploited in the wild by XCSSET malware.
Software: macOS
Known/fameous malware:
XCSSET
Links:
https://support.apple.com/en-us/HT212529
https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-in-xcsset-malware/
Multiple vulnerabilities in Adobe Reader and Acrobat
CVE-2021-28550
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Adobe Reader
Links:
https://helpx.adobe.com/security/products/acrobat/apsb21-29.html
Multiple vulnerabilities in Google Android
CVE-2021-1906
Detection of Error Condition Without Action
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the Graphics component. A local user can trigger a new GPU address allocation failure and perform a denial of service attack.
Note, the vulnerability is being used in limited targeted attacks.
Software: Google Android
Links:
https://source.android.com/security/bulletin/2021-05-01
Multiple vulnerabilities in Google Android
CVE-2021-1905
Use-after-free
The vulnerability allows a local user to escalate privileges on the system
The vulnerability exists due to a use-after-free error in Graphics component when handling memory mapping of multiple processes simultaneously. A local user can escalate privileges on the system.
Note, the vulnerability is being used in limited targeted attacks.
Software: Google Android
Links:
https://source.android.com/security/bulletin/2021-05-01
Multiple vulnerabilities in Google Android
CVE-2021-28664
Buffer overflow
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Arm Mali GPU kernel driver. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r8p0 through r30p0. A local application can trigger memory corruption and execute arbitrary code on the system with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Android
Links:
https://source.android.com/security/bulletin/2021-05-01
Multiple vulnerabilities in Google Android
CVE-2021-28663
Use-after-free
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Arm Mali GPU kernel driver. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0. A local application can trigger a use-after-free error and execute arbitrary code on the system with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Android
Links:
https://source.android.com/security/bulletin/2021-05-01
Multiple vulnerabilities in Apple iOS 12.x
CVE-2021-30666
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT212341
Multiple vulnerabilities in Apple macOS
CVE-2021-30663
Integer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: macOS
Multiple vulnerabilities in Apple macOS
CVE-2021-30665
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: macOS
Multiple vulnerabilities in macOS
CVE-2021-30661
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing web content within the WebKit Storage component. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: macOS
Links:
https://support.apple.com/en-us/HT212325
Multiple vulnerabilities in macOS
CVE-2021-30657
Security features bypass
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to a logic issue within the Gatekeeper checks. A remote attacker can craft a specially crafted payload that is not checked by Gatekeeper and bypasses File Quarantine and Application Notarization protections as well. As a result, a malicious binary can be executed on the system.
Note, the vulnerability is being actively exploited in the wild.
The Jamf Protect detections team observed this exploit being used in the wild by a variant of the Shlayer adware dropper, as early as January 9th, 2021.
Software: macOS
Known/fameous malware:
Shlayer
Path traversal in SonicWall Email Security
CVE-2021-20023
Path traversal
The vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the "branding" feature. A remote authenticated user can send a specially crafted HTTP request and read arbitrary files on the system with NT AUTHORITY\SYSTEM account.
Request example:
https://<SonicWall ES host>/dload_apps?action=<any value>&path=..%2F..%2F..%2F..%2F..%2Fwindows%2Fsystem32%2Fcalc.exe&id=update
Note, the vulnerability is being actively exploited in the wild.
The vulnerability was used in a chained attack to compromise the vulnerable systems.
Software: SonicWall On-premise Email Security (ES)
Links:
Multiple vulnerabilities in Google Chrome
CVE-2021-21224
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 browser engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html
Remote code execution in Pulse Connect Secure
CVE-2021-22893
Improper Authentication
The vulnerability allows a remote attacker to bypass authentication process and compromise the affected device.
The vulnerability exists due to multiple issues in web interface. A remote non-authenticated attacker can bypass authentication process and gain unauthorized access to the application via license server web services.
Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Ivanti Connect Secure (formerly Pulse Connect Secure)
Links:
Privilege escalation in Microsoft Windows
CVE-2021-28310
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within win32k.sys driver in Microsoft Windows. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28310
Multiple vulnerabilities in SonicWall On-premise Email Security (ES) and Hosted Email Security (HES)
CVE-2021-20022
Arbitrary file upload
The vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload within the branding feature. A remote administrator can upload a malicious ZIP archive to the system to an arbitrary location using directory traversal sequences in the filenames inside the uploaded archive and compromise the affected system.
Note, the vulnerability is being actively exploited in the wild.
The vulnerability was used in a chained attack to compromise the affected system.
Software: SonicWall On-premise Email Security (ES)
Multiple vulnerabilities in SonicWall On-premise Email Security (ES) and Hosted Email Security (HES)
CVE-2021-20021
Improper Authentication
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests within the "/createou?data=", responsible for administration capabilities, specifically within the feature that allows application administrators to authorize an additional administrator account from a separate Microsoft Active Directory Organization Unit (AD OU). Requests to this form are not verified to require previous authentication to the appliance. A remote non-authenticated attacker can send a specially crafted XML document via HTTP GET or POST method, create a тАЬrole.ouadminтАЭ account and authenticate to the application as an administrator.
Note, the vulnerability is being actively exploited in the wild.
Software: SonicWall On-premise Email Security (ES)
Universal XSS in Apple iOS
CVE-2021-1879
Universal cross-site scripting
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within the WebKit engine. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of arbitrary website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT212256
Multiple vulnerabilities in Google Chrome
CVE-2021-21193
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Blink component in Google Chrome. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, this vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
Authentication bypass in The Plus Addons for Elementor for WordPress
CVE-2021-24175
Improper Authentication
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. A remote attacker can bypass authentication process and gain administrative access to the application.
Note, the vulnerability is being actively exploited in the wild.
Software: The Plus Addons for Elementor Page Builder
Links:
https://www.wordfence.com/blog/2021/03/critical-0-day-in-the-plus-addons-for-elementor-allows-site-takeover/
Multiple vulnerabilities in Samsung Mobile Firmware
CVE-2021-25370
Use-after-free
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the dpu driver. A local application can trigger a use-after-free error and execute arbitrary code with kernel privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Samsung Mobile Firmware
Links:
https://googleprojectzero.blogspot.com/2022/11/a-very-powerful-clipboard-samsung-in-the-wild-exploit-chain.html
Multiple vulnerabilities in Samsung Mobile Firmware
CVE-2021-25369
Improper access control
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions to the sec_log file. A local application can read the log file and obtain sensitive system information.
Note, the vulnerability is being actively exploited in the wild.
Software: Samsung Mobile Firmware
Links:
https://googleprojectzero.blogspot.com/2022/11/a-very-powerful-clipboard-samsung-in-the-wild-exploit-chain.html
Multiple vulnerabilities in Samsung Mobile Firmware
CVE-2021-25337
Permissions, Privileges, and Access Controls
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access control in clipboard service. A local application can use the clipboard service to read and write arbitrary files on the device.
Note, the vulnerability is being actively exploited in the wild.
Software: Samsung Mobile Firmware
Links:
https://googleprojectzero.blogspot.com/2022/11/a-very-powerful-clipboard-samsung-in-the-wild-exploit-chain.html
Security restrictions bypass in Supermicro X10 UP-series Denlow motherboards
Security restrictions bypass
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in BIOS firmware for X10 UP-series (H3 Single Socket тАЬDenlowтАЭ) motherboard. A local user can plant malware into motherboard firmware and establish permanent persistence on the system, even if OS is reinstalled.
Note, the vulnerability is being actively exploited in the wild by the TrickBoot malware.
Software: X10SLL-S/-SF, X10SL7-F, X10SLA-F, X10SLM+-LN4F, X10SLM+-F, X10SLL+-F, X10SLM-F, X10SLL-F, X10SLH-F
Known/fameous malware:
TrickBoot
Links:
https://www.supermicro.com/en/support/security/Trickbot
Multiple vulnerabilities in Microsoft Exchange Server
CVE-2021-26855
Server-Side Request Forgery (SSRF)
The vulnerability allows a remote attacker to execute arbitrary code on the system.The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted HTTP request to the Microsoft Exchange OWA interface, upload arbitrary file on the server and execute it.
Note, this vulnerability is being actively exploited in the wild.
Software: Microsoft Exchange Server
Multiple vulnerabilities in Microsoft Exchange Server
CVE-2021-26857
Input validation error
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.
Note, this vulnerability is being actively exploited in the wild.
Software: Microsoft Exchange Server
Multiple vulnerabilities in Microsoft Exchange Server
CVE-2021-26858
Input validation error
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.
Note, this vulnerability is being actively exploited in the wild.
Software: Microsoft Exchange Server
Multiple vulnerabilities in Microsoft Exchange Server
CVE-2021-27065
Input validation error
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.
Note, this vulnerability is being actively exploited in the wild.
Software: Microsoft Exchange Server
Multiple vulnerabilities in Google Chrome
CVE-2021-21166
Improper control of a resource through its lifetime
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper control of object lifetime in audio in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
Multiple vulnerabilities in Adobe Reader and Acrobat
CVE-2021-21017
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDf file, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Adobe Reader
Links:
https://helpx.adobe.com/security/products/acrobat/apsb21-09.html
Privilege escalation in Microsoft Windows
CVE-2021-1732
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when the Win32k.sys driver in Windows kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1732
Remote code execution in Microsoft Internet Explorer
CVE-2021-26411
Double Free
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing ".mht" files. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
The vulnerability was used by the Lazarus group to target security researchers worldwide.
Software: Microsoft Internet Explorer
The vulnerability was used by the Lazarus group to target security researchers worldwide.
Links:
https://enki.co.kr/blog/2021/02/04/ie_0day.html
https://twitter.com/dnpushme/status/1357264755333816320
Remote code execution in Google Chrome
CVE-2021-21148
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html
Multiple vulnerabilities in Apple iOS and iPadOS
CVE-2021-1870
Business Logic Errors
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a logic issue in the WebKit component. A remote attacker can trick a victim to visit a malicious website and execute arbitrary code on the system.
Note: The vulnerability is being actively exploited in the wild.
Software: Apple iOS, iPadOS
Multiple vulnerabilities in Apple iOS and iPadOS
CVE-2021-1871
Business Logic Errors
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a logic issue in the WebKit component. A remote attacker can trick a victim to visit a malicious website and execute arbitrary code on the system.
Note: The vulnerability is being actively exploited in the wild.
Software: Apple iOS, iPadOS
Multiple vulnerabilities in Apple iOS and iPadOS
CVE-2021-1782
Race condition
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to a race condition in the Kernel component. A remote attacker can use a malicious application and escalate privileges on the system.
Note: The vulnerability is being actively exploited in the wild.
Software: Apple iOS, iPadOS
SQL injection in SonicWall SMA100
CVE-2021-20016
SQL injection
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote non-authenticated attacker can send a specially crafted HTTP request to the SSL-VPN appliance and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to access usernames, passwords and other session related information.
Note, the vulnerability is being actively exploited in the wild.
SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting zero-day vulnerabilities on certain SonicWall secure remote access products.
At this point both SMA 100 and NetExtender VPN Client are considered affected. Investigation of the incident is still ongoing.
Software: SMA 100
SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting zero-day vulnerabilities on certain SonicWall secure remote access products.
At this point both SMA 100 and NetExtender VPN Client are considered affected. Investigation of the incident is still ongoing.
Links:
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001
https://www.sonicwall.com/support/product-notification/urgent-security-notice-netextender-vpn-client-10-x-sma-100-series-vulnerability-updated-jan-23-2021/210122173415410/
Remote code execution in Microsoft Defender
CVE-2021-1647
Input validation error
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows Defender
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1647
SQL injection in Accellion FTA
SQL injection
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data passed to the web interface. A remote non-authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
Note, the vulnerability is being actively exploited in the wild in mid-December 2020 and January 2021.
The vulnerability was used to compromise several companies worldwide, such as Reserve Bank of New Zealand, the Australian Securities and Investments Commission (ASIC), law firm Allens, the University of Colorado, the Washington State Auditor Office, and the QIMR Berghofer Medical Research Institute and Singtel.
The attacks were detected in the mid_December 2020 and continued in January 2021.
Software: Accellion FTA
The vulnerability was used to compromise several companies worldwide, such as Reserve Bank of New Zealand, the Australian Securities and Investments Commission (ASIC), law firm Allens, the University of Colorado, the Washington State Auditor Office, and the QIMR Berghofer Medical Research Institute and Singtel.
The attacks were detected in the mid_December 2020 and continued in January 2021.
Links:
https://www.accellion.com/company/press-releases/accellion-provides-update-to-recent-fta-security-incident/