NVD disclosure day
CVE-2021-22205
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
GitLab instances accepting image uploads are affected by a remote command execution vulnerability. This allows attackers to run unauthorized commands, potentially compromising systems and data, posing a significant business risk. Organizations should identify all instances and apply vendor updates.
CVE-2021-22204
Halo Surface Signal: 3 out of 5 — possibly public-facing.
A vulnerability exists in ExifTool's DjVu file processing, allowing arbitrary code execution when parsing malicious images. This poses a business risk by potentially compromising systems and data.
CVE-2021-22893
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A vulnerability in Ivanti Pulse Connect Secure allows unauthenticated remote code execution, impacting systems and data. The exploit has been observed in the wild, posing a significant business risk. Affected organizations should identify and isolate exposed assets, apply vendor fixes, and monitor for related issues.