Active threat advisories and known exploited vulnerabilities.

Critical CVE-2021-22600 Linux · Kernel Added Apr 11, 2022

Linux Kernel Privilege Escalation Vulnerability

Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2020-2509 QNAP · QNAP Network-Attached Storage (NAS) Added Apr 11, 2022

QNAP Network-Attached Storage (NAS) Command Injection Vulnerability

QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2017-11317 Telerik · User Interface (UI) for ASP.NET AJAX Added Apr 11, 2022

Telerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-3156 Sudo · Sudo Added Apr 6, 2022

Sudo Heap-Based Buffer Overflow Vulnerability

Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-31166 Microsoft · HTTP Protocol Stack Added Apr 6, 2022

Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability

Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2017-0148 Microsoft · SMBv1 server Added Apr 6, 2022

Microsoft SMBv1 Server Remote Code Execution Vulnerability

The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-22965 VMware · Spring Framework Added Apr 4, 2022

Spring Framework JDK 9+ Remote Code Execution Vulnerability

Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-22675 Apple · macOS Added Apr 4, 2022

Apple macOS Out-of-Bounds Write Vulnerability

macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-22674 Apple · macOS Added Apr 4, 2022

Apple macOS Out-of-Bounds Read Vulnerability

macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-45382 D-Link · Multiple Routers Added Apr 4, 2022

D-Link Multiple Routers Remote Code Execution Vulnerability

A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-26871 Trend Micro · Apex Central Added Mar 31, 2022

Trend Micro Apex Central Arbitrary File Upload Vulnerability

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-1040 Sophos · Firewall Added Mar 31, 2022

Sophos Firewall Authentication Bypass Vulnerability

An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-34484 Microsoft · Windows Added Mar 31, 2022

Microsoft Windows User Profile Service Privilege Escalation Vulnerability

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-28799 QNAP · Network Attached Storage (NAS) Added Mar 31, 2022

QNAP NAS Improper Authorization Vulnerability

QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-21551 Dell · dbutil Driver Added Mar 31, 2022

Dell dbutil Driver Insufficient Access Control Vulnerability

Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2018-10562 Dasan · Gigabit Passive Optical Network (GPON) Routers Added Mar 31, 2022

Dasan GPON Routers Command Injection Vulnerability

Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2018-10561 Dasan · Gigabit Passive Optical Network (GPON) Routers Added Mar 31, 2022

Dasan GPON Routers Authentication Bypass Vulnerability

Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-1096 Google · Chromium V8 Added Mar 28, 2022

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-0543 Redis · Debian-specific Redis Servers Added Mar 28, 2022

Debian-specific Redis Server Lua Sandbox Escape Vulnerability

Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-38646 Microsoft · Office Added Mar 28, 2022

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-34486 Microsoft · Windows Added Mar 28, 2022

Microsoft Windows Event Tracing Privilege Escalation Vulnerability

Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-26085 Atlassian · Confluence Server Added Mar 28, 2022

Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-20028 SonicWall · Secure Remote Access (SRA) Added Mar 28, 2022

SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability

SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-7483 SonicWall · SMA100 Added Mar 28, 2022

SonicWall SMA100 Directory Traversal Vulnerability

In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2018-8440 Microsoft · Windows Added Mar 28, 2022

Microsoft Windows Privilege Escalation Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).

NVD Detail ↗ CISA KEV ↗ Patch deadline passed