NVD disclosure day

Published threat advisories for April 17, 2021

CVE-2021-3493

Linux Kernel Privilege Escalation Vulnerability in OverlayFS.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in the Linux kernel's overlayfs component allows local attackers to gain elevated privileges. This impacts organizations by potentially compromising system integrity and data confidentiality. The realistic business risk involves unauthorized access and control over affected systems.

NVD published: April 17, 2021 • CISA KEV

CVE advisoryKnown Exploit

CVE-2020-2509

QNAP NAS Command Injection Vulnerability

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A command injection vulnerability affects QNAP QTS and QuTS hero systems, potentially allowing attackers to execute arbitrary commands. This poses a business risk by enabling unauthorized actions on compromised applications. Organizations should identify and mitigate exposure, and apply vendor-provided fixes.

NVD published: April 17, 2021 • CISA KEV