NVD disclosure day
CVE-2021-22175
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A server-side request forgery vulnerability in GitLab enables unauthenticated attackers to make unauthorized requests to an organization's internal network. This could expose sensitive systems and data, leading to operational disruption and potential breaches. The business risk involves unauthorized access to internal
CVE-2021-25395
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A race condition in the MFC charger driver on certain Samsung Android devices allows local attackers with compromised radio privileges to bypass signature checks. This could impact affected devices by allowing unauthorized system and data access. The business risk is associated with potential data integrity and system
CVE-2021-25394
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A vulnerability in Samsung Android devices' MFC charger driver permits unauthorized data writing when a race condition occurs. This requires compromised radio privileges, posing a risk to data integrity and system security. Organizations should prioritize applying vendor updates to mitigate this internal threat.
CVE-2021-26829
Halo Surface Signal: 3 out of 5 — possibly public-facing.
A stored cross-site scripting vulnerability exists in OpenPLC ScadaBR, potentially allowing attackers to inject malicious code via system settings. This can impact system integrity and data confidentiality, affecting organizations by risking unauthorized access or data manipulation.
CVE-2021-26828
Halo Surface Signal: 3 out of 5 — possibly public-facing.
A vulnerability in OpenPLC ScadaBR permits authenticated users to upload and execute JSP files, potentially leading to unauthorized code execution. This can affect system integrity and data confidentiality for organizations. The risk to business operations and sensitive data is high.