Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 89

Remote code execution in FreePBX Phone Apps module
CVE-2021-45461

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in the Phone Apps (restapps) module for FreePBX. A remote attacker can send specially crafted input to the application and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Phone Apps

Multiple vulnerabilities in Google Chrome
CVE-2021-4102

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the V8 engine. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Code injection in Ivanti Endpoint Manager
CVE-2021-44529

Embedded malicious code (backdoor)

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) within the "/opt/landesk/broker/webroot/lib/csrf-magic.php" file. A remote non-authenticated attacker can set specially crafted cookies and gain unauthorized access to the application.

Note, the vulnerability patched in 2021 by Ivanti is considered a backdoor.

i

This entry was added only on 19.2.2024. The vulnerability was addressed by the vendor on 02.12.2021, however it was not disclosued as a backdoor or a zero-day.

Software: Endpoint Manager

This entry was added only on 19.2.2024. The vulnerability was addressed by the vendor on 02.12.2021, however it was not disclosued as a backdoor or a zero-day.

Privilege escalation in Microsoft Windows
CVE-2021-43890

Permissions, Privileges, and Access Controls

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect permissions in windows installer service. A local user can run a specially crafted program to execute arbitrary code with SYSTEM privileges.

The vulnerability exists due to incomplete patch for #VU58061 (CVE-2021-41379).

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Known/fameous malware:

Emotet, Trickbot, Bazaloader

Arbitrary file upload in FatPipe WARP, MPVPN and IPVPN

Arbitrary file upload

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload in the web management interface. A remote attacker can upload a malicious file and execute it on the server.

Note, the vulnerability is being actively exploited in the wild.

i

The vulnerability allows multiple APT actors to gain access to an unrestricted file upload function and execute arbitrary code on the system.

Software: IPVPN, MPVPN, WARP

The vulnerability allows multiple APT actors to gain access to an unrestricted file upload function and execute arbitrary code on the system.

Remote code execution in Microsoft Excel
CVE-2021-42292

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation when processing Excel files. A remote attacker can create a specially crafted Excel file, trick the victim into opening it and execute arbitrary code on the system.

Note, the vulnerability is being exploited in the wild.

Software: Microsoft Office

Remote code execution in Microsoft Exchange Server
CVE-2021-42321

Input validation error

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to insufficient validation of cmdlet arguments. A remote user can run a specially crafted cmdlet and execute arbitrary commands on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Microsoft Exchange Server

Privilege escalation in Google Android
CVE-2021-1048

Use-after-free

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Android kernel component within the epoll_loop_check_proc() function. A malicious application can trigger a use-after-free error and execute arbitrary code with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Android

Multiple vulnerabilities in Google Chrome
CVE-2021-38003

Improperly implemented security check for standard

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Multiple vulnerabilities in Google Chrome
CVE-2021-38000

Exposed dangerous method or function

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insecure implementation in V8 engine in Google Chrome. A remote attacker can create a specially crafted website, trick the victim into visiting it and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

SQL injection in BQE BillQuick Web Suite
CVE-2021-42258

SQL injection

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Note, the vulnerability is being actively exploited in the wild.

i

The vulnerability allows a remote attacker to cause SQL injection, leading to remote code execution.

Software: BillQuick Web Suite

The vulnerability allows a remote attacker to cause SQL injection, leading to remote code execution.

Privilege escalation in Microsoft Windows kernel
CVE-2021-40449

Use-after-free

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Win32k NtGdiResetDC function in Microsoft Windows kernel. A local user can run a specially crafted program to trigger a use-after-free error, when the function ResetDC is executed a second time for the same handle during execution of its own callback, and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.
i

A Chinese-speaking hacking group exploited a zero-day vulnerability in the Windows Win32k kernel driver to deploy a previously unknown remote access trojan (RAT).

The attacks were noticed in late August and September 2021

Software: Windows

Known/fameous malware:

MysterySnail

A Chinese-speaking hacking group exploited a zero-day vulnerability in the Windows Win32k kernel driver to deploy a previously unknown remote access trojan (RAT).

The attacks were noticed in late August and September 2021

Privilege escalation in Apple iOS and iPadOS
CVE-2021-30883

Integer overflow

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the IOMobileFrameBuffer subsystem. A malicious application can trigger integer overflow and execute arbitrary code on with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.



Software: Apple iOS

Multiple vulnerabilities in Apache HTTP Server
CVE-2021-41773

Path traversal

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts.

The vulnerability can be used to execute arbitrary OS commands on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apache HTTP Server

Multiple vulnerabilities in Google Chrome
CVE-2021-37976

Information disclosure

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in core in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and gain access to sensitive information.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Multiple vulnerabilities in Google Chrome
CVE-2021-37975

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the V8 browser engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Remote code execution in Google Chrome
CVE-2021-37973

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content within the Portals component in Google Chrome. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Privilege escalation in Apple macOS Catalina
CVE-2021-30869

Type Confusion

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error within the XNU subsystem. A local user can run a specially crafted program to trigger a type confusion error and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: macOS

Multiple vulnerabilities in Apple macOS Big Sur
CVE-2021-31010

Deserialization of Untrusted Data

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insecure input validation when processing serialized data within the Core Telephony service. A local application can pass specially crafted data to the service and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Software: macOS

Remote code execution in EntroLink PPX-AnyLink devices

Code Injection

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote administrator can execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.
Not patched
i

The vulnerability was used by multiple ransomware gangs to remotely execute code to PPX-AnyLink devices 

Software: PPX-AnyLink 6004, PPX-AnyLink 6006, PPX-AnyLink 6900F, PPX-AnyLink 6900, PPX-AnyLink 6904, PPX-AnyLink 8000

The vulnerability was used by multiple ransomware gangs to remotely execute code to PPX-AnyLink devices 

Multiple vulnerabilities in Google Chrome
CVE-2021-30633

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Indexed DB API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in-the-wild.

Software: Google Chrome

Multiple vulnerabilities in Google Chrome
CVE-2021-30632

Out-of-bounds write

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in V8. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in-the-wild.

Software: Google Chrome

Remote code execution in Apple iOS
CVE-2021-30858

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in-the-wild.

Software: Apple iOS

Remote code execution in Zoho ADSelfService Plus
CVE-2021-40539

Improper access control

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper access restrictions to the "/RestAPI/LogonCustomization" and "/RestAPI/Connection" REST API endpoints. A remote non-authenticated attacker can send specially HTTP requests to the aforementioned REST API endpoints and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Zoho ManageEngine ADSelfService Plus

Remote code execution in Microsoft MSHTML
CVE-2021-40444

Code Injection

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation within the MSHTML component. A remote attacker can create a specially crafted Office document with a malicious ActiveX control inside, trick the victim into opening the document and execute arbitrary code on the system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in Apple iOS
CVE-2021-30860

Integer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when processing PDF files within the CoreGraphics component. A remote attacker can trick the victim to open a specially crafted PDF file, trigger integer overflow and execute arbitrary code on the target system.

Note, the vulnerability is being active exploited in-the-wild via the FORCEDENTRY tool against Bahraini activists.

i

The vulnerability is believed to be used against Bahraini activists.

Software: Apple iOS

Known/fameous malware:

FORCEDENTRY

The vulnerability is believed to be used against Bahraini activists.

Privilege escalation in Microsoft Windows Update Medic Service
CVE-2021-36948

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows Update Medic Service. A local user can run a specially crafted program to execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Multiple vulnerabilities in Trend Micro Apex One
CVE-2021-36742

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error. A local user can run a specially crafted program to trigger memory corruption and execute arability code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Apex One

Multiple vulnerabilities in Trend Micro Apex One
CVE-2021-36741

Arbitrary file upload

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload within the productтАЩs management console . A remote user can upload a malicious file and execute it on the server.

Note, the vulnerability is being actively exploited in the wild.

Software: Apex One

Privilege escalation in Apple iOS and iPadOS
CVE-2021-30807

Buffer overflow

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary within the IOMobileFrameBuffer subsystem. A local application can trigger memory corruption and execute arbitrary code on the target system with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Google Chrome
CVE-2021-30563

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

SQL injection in WooCommerce and WooCommerce Blocks plugin
CVE-2021-32789

SQL injection

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Note, the vulnerability is being actively exploited in the wild.

i

The vulnerability was used to compromise WooCommerce plugin.

Software: WooCommerce

The vulnerability was used to compromise WooCommerce plugin.

Privilege escalation in Microsoft Windows kernel
CVE-2021-31979

Buffer overflow

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Windows kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in Microsoft Scripting Engine
CVE-2021-34448

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content in Microsoft scripting engine. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Privilege escalation in Microsoft Windows kernel
CVE-2021-33771

Buffer overflow

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in SolarWinds Serv-U
CVE-2021-35211

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can send a specially crafted request to the Serv-U server, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

i

MicrosoftтАЩs research indicates this vulnerability exploit involves a limited, targeted set of customers and a single threat actor.

Software: Serv-U FTP Server

MicrosoftтАЩs research indicates this vulnerability exploit involves a limited, targeted set of customers and a single threat actor.

Remote code execution in Kaseya VSA
CVE-2021-30116

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to unspecified error. A remote attacker can compromise the affected system.

Note, the vulnerability is being actively exploited in the wild by the REvil ransomware.

Not patched

Software: Kaseya VSA

Known/fameous malware:

REvil

Remote code execution in Microsoft Windows Print Spooler
CVE-2021-34527

Code Injection

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation within the RpcAddPrinterDriverEx() function. A remote user can send a specially crafted request to the Windows Print Spooler and execute arbitrary code with SYSTEM privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being considered a zero-day and dubbed PrintNightmare. This is a different vulnerability than #VU54508 (CVE-2021-1675).


i

The PoC-code for this vulnerability was being made publicly available by mistake before official patch release. The vulnerability is considered a zero-day.

Software: Windows Server

The PoC-code for this vulnerability was being made publicly available by mistake before official patch release. The vulnerability is considered a zero-day.

Improper access control in WD My Book Live and WD My Book Live Duo
CVE-2021-35941

Improper access control

The vulnerability allows a remote attacker to delete all data on the system.

The vulnerability exists due to improper access restrictions to the administrator API. A remote non-authenticated attacker can send a specially crafted HTTP request to the exposed API and perform a system factory restore, deleting all data on the NAS device.

Note, the vulnerability is being actively exploited in the wild along with vulnerability #VU15460.

Not patched
i


Software: WD My Book Live Duo, WD My Book Live


Multiple vulnerabilities in Google Chrome
CVE-2021-30554

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the WebGL component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Multiple vulnerabilities in Apple iOS 12
CVE-2021-30762

Use-after-free

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content within the WebKit component in Apple iOS. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Apple iOS 12
CVE-2021-30761

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content within the WebKit component in Apple iOS. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

i


Software: Apple iOS


Multiple vulnerabilities in Google Chrome
CVE-2021-30551

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Privilege escalation in Microsoft Enhanced Cryptographic Provider
CVE-2021-31201

Security restrictions bypass

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions in Microsoft Enhanced Cryptographic Provider. A local user can bypass implemented security restrictions and read or modify otherwise restricted information.

Note, the vulnerability is being actively exploited in the wild and related to a zero-day vulnerability in Adobe Reader #VU53125 (CVE-2021-28550) patched on May 11.

Software: Windows

Privilege escalation in Microsoft Enhanced Cryptographic Provider
CVE-2021-31199

Security restrictions bypass

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions in Microsoft Enhanced Cryptographic Provider. A local user can bypass implemented security restrictions and read or modify otherwise restricted information.

Note, the vulnerability is being actively exploited in the wild and related to a zero-day vulnerability in Adobe Reader #VU53125 (CVE-2021-28550) patched on May 11.

Software: Windows

Remote code execution in Microsoft DWM Core Library
CVE-2021-33739

Improper Privilege Management

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper privilege management within the Microsoft DWM Core Library. A remote attacker can trick the victim to run a specially crafted executable or script and execute arbitrary code on the system.

i

The vulnerability was reported by DBAPPSecurity Lieying Lab.

Software: Windows

The vulnerability was reported by DBAPPSecurity Lieying Lab.

Remote code execution in Windows MSHTML Platform
CVE-2021-33742

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content within Windows MSHTML Platform. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

i

The vulnerability was reported by GoogleтАЩs Threat Analysis Group.

Software: Windows

The vulnerability was reported by GoogleтАЩs Threat Analysis Group.

Privilege escalation in Microsoft Windows NTFS
CVE-2021-31956

Permissions, Privileges, and Access Controls

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists within the NTFS subsystem in Microsoft Windows. A local user can run a specially crafted program to execute arbitrary code with elevated privileges.

i

The vulnerability was reported to Microsoft by Kaspersky Lab.

Software: Windows

The vulnerability was reported to Microsoft by Kaspersky Lab.

OS Kernel information disclosure Microsoft Windows
CVE-2021-31955

Improper Privilege Management

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper privilege management. A local unprivileged user can read contents of Kernel memory from a user mode process.

Note, the vulnerability is being actively exploited in the wild.

i

The vulnerability was reported to Microsoft by Kaspersky Lab.

Software: Windows

The vulnerability was reported to Microsoft by Kaspersky Lab.

Arbitrary file upload in Fancy Product Designer plugin for WordPress
CVE-2021-24370

Arbitrary file upload

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload in "wp-admin" or "wp-content/plugins/fancy-product-designer/inc". A remote attacker can upload a malicious file and execute it on the server.

Note, the vulnerability is being actively exploited in the wild.

i

The vulnerability was used to upload arbitrary files on the target system.

Software: Fancy Product Designer

The vulnerability was used to upload arbitrary files on the target system.

Multiple vulnerabilities in Apple macOS Big Sur
CVE-2021-30713

Input validation error

The vulnerability allows a local user to bypass Privacy preferences.

The vulnerability exists due to insufficient validation of user-supplied input within the TCC subsystem. A malicious application can  bypass Privacy preferences and gain full disk access, perform screen recording or gain other permissions without requiring user's explicit consent.

Note, the vulnerability is being actively exploited in the wild by XCSSET malware.

Software: macOS

Known/fameous malware:

XCSSET

Multiple vulnerabilities in Adobe Reader and Acrobat
CVE-2021-28550

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Adobe Reader

Multiple vulnerabilities in Google Android
CVE-2021-1906

Detection of Error Condition Without Action

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the Graphics component. A local user can trigger a new GPU address allocation failure and perform a denial of service attack.

Note, the vulnerability is being used in limited targeted attacks.

Software: Google Android

Multiple vulnerabilities in Google Android
CVE-2021-1905

Use-after-free

The vulnerability allows a local user to escalate privileges on the system

The vulnerability exists due to a use-after-free error in Graphics component when handling memory mapping of multiple processes simultaneously. A local user can escalate privileges on the system.

Note, the vulnerability is being used in limited targeted attacks.

Software: Google Android

Multiple vulnerabilities in Google Android
CVE-2021-28664

Buffer overflow

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Arm Mali GPU kernel driver. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r8p0 through r30p0. A local application can trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Android

Multiple vulnerabilities in Google Android
CVE-2021-28663

Use-after-free

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Arm Mali GPU kernel driver. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0. A local application can trigger a use-after-free error and execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Android

Multiple vulnerabilities in Apple iOS 12.x
CVE-2021-30666

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Apple macOS
CVE-2021-30663

Integer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: macOS

Multiple vulnerabilities in Apple macOS
CVE-2021-30665

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: macOS

Multiple vulnerabilities in macOS
CVE-2021-30661

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing web content within the WebKit Storage component. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: macOS

Multiple vulnerabilities in macOS
CVE-2021-30657

Security features bypass

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to a logic issue within the Gatekeeper checks. A remote attacker can craft a specially crafted payload that is not checked by Gatekeeper and bypasses File Quarantine and Application Notarization protections as well. As a result, a malicious binary can be executed on the system.

Note, the vulnerability is being actively exploited in the wild.

i

The Jamf Protect detections team observed this exploit being used in the wild by a variant of the Shlayer adware dropper, as early as January 9th, 2021.

Software: macOS

Known/fameous malware:

Shlayer

The Jamf Protect detections team observed this exploit being used in the wild by a variant of the Shlayer adware dropper, as early as January 9th, 2021.

Path traversal in SonicWall Email Security
CVE-2021-20023

Path traversal

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the "branding"  feature. A remote authenticated user can send a specially crafted HTTP request and read arbitrary files on the system with NT AUTHORITY\SYSTEM account.

Request example:

https://<SonicWall ES host>/dload_apps?action=<any value>&path=..%2F..%2F..%2F..%2F..%2Fwindows%2Fsystem32%2Fcalc.exe&id=update

Note, the vulnerability is being actively exploited in the wild.

i

The vulnerability was used in a chained attack to compromise the vulnerable systems.

Software: SonicWall On-premise Email Security (ES)

The vulnerability was used in a chained attack to compromise the vulnerable systems.

Multiple vulnerabilities in Google Chrome
CVE-2021-21224

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 browser engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Remote code execution in Pulse Connect Secure
CVE-2021-22893

Improper Authentication

The vulnerability allows a remote attacker to bypass authentication process and compromise the affected device.

The vulnerability exists due to multiple issues in web interface. A remote non-authenticated attacker can bypass authentication process and gain unauthorized access to the application via license server web services.

Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Pulse Connect Secure

Privilege escalation in Microsoft Windows
CVE-2021-28310

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within win32k.sys driver in Microsoft Windows. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Multiple vulnerabilities in SonicWall On-premise Email Security (ES) and Hosted Email Security (HES)
CVE-2021-20022

Arbitrary file upload

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload within the branding feature. A remote administrator can upload a malicious ZIP archive to the system to an arbitrary location using directory traversal sequences in the filenames inside the uploaded archive and compromise the affected system.

Note, the vulnerability is being actively exploited in the wild.

i

The vulnerability was used in a chained attack to compromise the affected system.

Software: SonicWall On-premise Email Security (ES)

The vulnerability was used in a chained attack to compromise the affected system.

Multiple vulnerabilities in SonicWall On-premise Email Security (ES) and Hosted Email Security (HES)
CVE-2021-20021

Improper Authentication

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests within the "/createou?data=", responsible for administration capabilities, specifically within the feature that allows application administrators to authorize an additional administrator account from a separate Microsoft Active Directory Organization Unit (AD OU). Requests to this form are not verified to require previous authentication to the appliance. A remote non-authenticated attacker can send a specially crafted XML document via HTTP GET or POST method, create a тАЬrole.ouadminтАЭ account and authenticate to the application as an administrator.

Note, the vulnerability is being actively exploited in the wild.

i

The vulnerability was used in a chained attack along with two other post-authentication vulnerabilities #VU52039 and #VU52377 to fully compromise the affected system.

Software: SonicWall On-premise Email Security (ES)

The vulnerability was used in a chained attack along with two other post-authentication vulnerabilities #VU52039 and #VU52377 to fully compromise the affected system.

Universal XSS in Apple iOS
CVE-2021-1879

Universal cross-site scripting

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the WebKit engine. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of arbitrary website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Google Chrome
CVE-2021-21193

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Blink component in Google Chrome. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, this vulnerability is being actively exploited in the wild.

Software: Google Chrome

Authentication bypass in The Plus Addons for Elementor for WordPress
CVE-2021-24175

Improper Authentication

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can bypass authentication process and gain administrative access to the application.

Note, the vulnerability is being actively exploited in the wild.

Software: The Plus Addons for Elementor Page Builder

Multiple vulnerabilities in Samsung Mobile Firmware
CVE-2021-25370

Use-after-free

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the dpu driver. A local application can trigger a use-after-free error and execute arbitrary code with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Samsung Mobile Firmware

Multiple vulnerabilities in Samsung Mobile Firmware
CVE-2021-25369

Improper access control

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions to the sec_log file. A local application can read the log file and obtain sensitive system information.

Note, the vulnerability is being actively exploited in the wild.

Software: Samsung Mobile Firmware

Multiple vulnerabilities in Samsung Mobile Firmware
CVE-2021-25337

Permissions, Privileges, and Access Controls

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper access control in clipboard service. A local application can use the clipboard service to read and write arbitrary files on the device.

Note, the vulnerability is being actively exploited in the wild.

Software: Samsung Mobile Firmware

Security restrictions bypass in Supermicro X10 UP-series Denlow motherboards

Security restrictions bypass

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in BIOS firmware for X10 UP-series (H3 Single Socket тАЬDenlowтАЭ) motherboard. A local user can plant malware into motherboard firmware and establish permanent persistence on the system, even if OS is reinstalled.

Note, the vulnerability is being actively exploited in the wild by the TrickBoot malware.

Software: X10SLL-S/-SF, X10SL7-F, X10SLA-F, X10SLM+-LN4F, X10SLM+-F, X10SLL+-F, X10SLM-F, X10SLL-F, X10SLH-F

Known/fameous malware:

TrickBoot

Multiple vulnerabilities in Microsoft Exchange Server
CVE-2021-26855

Server-Side Request Forgery (SSRF)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted HTTP request to the Microsoft Exchange OWA interface, upload arbitrary file on the server and execute it.

Note, this vulnerability is being actively exploited in the wild.

Software: Microsoft Exchange Server

Multiple vulnerabilities in Microsoft Exchange Server
CVE-2021-26857

Input validation error

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.

Note, this vulnerability is being actively exploited in the wild.

Software: Microsoft Exchange Server

Multiple vulnerabilities in Microsoft Exchange Server
CVE-2021-26858

Input validation error

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.

Note, this vulnerability is being actively exploited in the wild.

Software: Microsoft Exchange Server

Multiple vulnerabilities in Microsoft Exchange Server
CVE-2021-27065

Input validation error

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.

Note, this vulnerability is being actively exploited in the wild.

Software: Microsoft Exchange Server

Multiple vulnerabilities in Google Chrome
CVE-2021-21166

Improper control of a resource through its lifetime

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper control of object lifetime in audio in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Multiple vulnerabilities in Adobe Reader and Acrobat
CVE-2021-21017

Heap-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDf file, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Adobe Reader

Privilege escalation in Microsoft Windows
CVE-2021-1732

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when the Win32k.sys driver in Windows kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in Microsoft Internet Explorer
CVE-2021-26411

Double Free

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing ".mht" files. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

i

The vulnerability was used by the Lazarus group to target security researchers worldwide.

Software: Microsoft Internet Explorer

The vulnerability was used by the Lazarus group to target security researchers worldwide.

Remote code execution in Google Chrome
CVE-2021-21148

Heap-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Multiple vulnerabilities in Apple iOS and iPadOS
CVE-2021-1870

Business Logic Errors

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a logic issue in the WebKit component. A remote attacker can trick a victim to visit a malicious website and execute arbitrary code on the system.

Note: The vulnerability is being actively exploited in the wild.

Software: Apple iOS, iPadOS

Multiple vulnerabilities in Apple iOS and iPadOS
CVE-2021-1871

Business Logic Errors

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a logic issue in the WebKit component. A remote attacker can trick a victim to visit a malicious website and execute arbitrary code on the system.

Note: The vulnerability is being actively exploited in the wild.

Software: Apple iOS, iPadOS

Multiple vulnerabilities in Apple iOS and iPadOS
CVE-2021-1782

Race condition

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to a race condition in the Kernel component. A remote attacker can use a malicious application and escalate privileges on the system.

Note: The vulnerability is being actively exploited in the wild.

Software: Apple iOS, iPadOS

SQL injection in SonicWall SMA100
CVE-2021-20016

SQL injection

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote non-authenticated attacker can send a specially crafted HTTP request to the SSL-VPN appliance and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to access usernames, passwords and other session related information.

Note, the vulnerability is being actively exploited in the wild.

i

SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting zero-day vulnerabilities on certain SonicWall secure remote access products.

At this point both SMA 100 and NetExtender VPN Client are considered affected. Investigation of the incident is still ongoing.

Software: SMA 100

SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting zero-day vulnerabilities on certain SonicWall secure remote access products.

At this point both SMA 100 and NetExtender VPN Client are considered affected. Investigation of the incident is still ongoing.

Remote code execution in Microsoft Defender
CVE-2021-1647

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows Defender

SQL injection in Accellion FTA

SQL injection

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data passed to the web interface. A remote non-authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Note, the vulnerability is being actively exploited in the wild in mid-December 2020 and January 2021.

i

The vulnerability was used to compromise several companies worldwide, such as Reserve Bank of New Zealand, the Australian Securities and Investments Commission (ASIC), law firm Allens, the University of Colorado, the Washington State Auditor Office, and the QIMR Berghofer Medical Research Institute and Singtel.

The attacks were detected in the mid_December 2020 and continued in January 2021.

Software: Accellion FTA

The vulnerability was used to compromise several companies worldwide, such as Reserve Bank of New Zealand, the Australian Securities and Investments Commission (ASIC), law firm Allens, the University of Colorado, the Washington State Auditor Office, and the QIMR Berghofer Medical Research Institute and Singtel.

The attacks were detected in the mid_December 2020 and continued in January 2021.