NVD disclosure day

Published threat advisories for January 28, 2022

CVE-2021-4034

Polkit pkexec Local Privilege Escalation

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in the polkit pkexec utility allows local users to gain administrative privileges. This flaw can enable an unprivileged user to execute arbitrary code, potentially impacting system security and data integrity. Organizations should review their systems for this vulnerability.

NVD published: January 28, 2022 • CISA KEV

CVE advisoryKnown Exploit

CVE-2021-40407

Reolink Camera Command Injection Vulnerability.

Halo Surface Signal: 3 out of 5 — possibly public-facing.

An OS command injection vulnerability exists in the network settings of Reolink RLC-410W devices, allowing attackers to execute commands via HTTP requests. This could lead to unauthorized access and control of the affected device.

NVD published: January 28, 2022 • CISA KEV