NVD disclosure day
CVE-2021-20124
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A vulnerability in Draytek VigorConnect allows unauthorized file downloads from the operating system. This could expose sensitive organizational data. Organizations using the affected product face potential business risk due to data exposure and unauthorized access.
CVE-2021-20123
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A vulnerability in Draytek VigorConnect allows unauthorized access to download system files. This could expose sensitive data and impact system integrity, posing a business risk.
CVE-2021-41357
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A privilege escalation vulnerability in Win32k affects Microsoft Windows. This could allow an attacker with local access to gain elevated privileges on a system, potentially leading to unauthorized access and data compromise. The business risk involves loss of system control and data integrity.
CVE-2021-40450
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A vulnerability in Windows Win32k allows for privilege escalation, potentially impacting system control and data integrity for affected organizations. This requires an attacker to have prior local access to a system.
CVE-2021-40449
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A vulnerability in Windows Win32k allows local authenticated users to escalate privileges. This could lead to unauthorized system access and data compromise, increasing business risk. Organizations should apply vendor updates to mitigate this issue.