NVD disclosure day
CVE-2021-33045
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
Certain Dahua products are affected by an identity authentication bypass vulnerability. Attackers can exploit this by sending malicious data packets, potentially leading to unauthorized access and control of these devices. This poses a business risk to organizations using these systems for security and surveillance.
CVE-2021-33044
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
An authentication bypass vulnerability exists in certain Dahua products, allowing attackers to circumvent identity verification through malicious data packets. This poses a business risk of unauthorized access to systems and data.
CVE-2021-40444
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
Microsoft Windows systems are affected by a remote code execution vulnerability in MSHTML. Attackers can exploit this by using specially crafted Office documents, potentially leading to unauthorized system access and data compromise. The risk to organizations includes disruption of business operations and unauthorized
CVE-2021-38649
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
The Open Management Infrastructure (OMI) has a privilege escalation vulnerability. This could allow an attacker with local access to gain elevated control over affected systems, posing a risk to data confidentiality and system integrity. Organizations using specific Microsoft Azure services should assess their exposure
CVE-2021-38648
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A vulnerability in Open Management Infrastructure (OMI) allows for privilege escalation, potentially impacting system confidentiality, integrity, and availability. This could lead to unauthorized access and control, posing a business risk to affected organizations.
CVE-2021-38647
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
The Open Management Infrastructure component in certain Microsoft Azure services is vulnerable, allowing remote code execution. This poses a risk of unauthorized access and control, potentially leading to data breaches or service disruptions. The primary business risk involves the compromise of affected systems and dat
CVE-2021-38646
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A vulnerability in Microsoft Office Access Connectivity Engine could allow attackers to execute code on affected systems. This impacts organizations using vulnerable versions of Microsoft Office and 365 apps. The business risk includes potential system compromise and data loss.
CVE-2021-38645
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
An elevation of privilege vulnerability exists in Microsoft's Open Management Infrastructure. Attackers with local access may escalate privileges, impacting affected systems and data. This poses a business risk due to potential unauthorized access and service disruption.
CVE-2021-36955
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A flaw in the Windows Common Log File System Driver can allow a user with limited access to gain elevated privileges on a system. This could lead to unauthorized access, data compromise, or service disruption, posing a business risk. Organizations should apply vendor security updates to mitigate this vulnerability.