NVD disclosure day

Published threat advisories for January 10, 2022

CVE advisoryKnown Exploit

CVE-2022-22265

Android NPU Driver Vulnerability Allows Memory Write and Code Execution.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in the NPU driver can allow unauthorized memory writes and code execution. This impacts affected mobile devices, potentially leading to data compromise and operational disruption. The business risk involves unauthorized access and data breaches, requiring the implementation of vendor security updates.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2021-35247

SolarWinds Serv-U Web Authentication Input Validation Flaw

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

Serv-U's web login screen accepted unsanitized characters, creating a risk of unauthorized data modification. While downstream systems mitigated the impact, organizations using affected versions should update to ensure proper input validation.

NVD published: • CISA KEV