NVD disclosure day
CVE-2021-4102
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A vulnerability in Google Chrome's V8 engine can allow attackers to exploit heap corruption via a crafted HTML page. This could impact system integrity and availability, posing a risk to organizations. The issue is listed in the known exploited vulnerabilities catalog.
CVE-2022-0185
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A Linux kernel vulnerability allows a local user to escalate privileges by exploiting a flaw in parameter length verification within the Filesystem Context functionality. This can lead to unauthorized elevated access on a compromised system. The realistic business risk involves potential unauthorized system control and
CVE-2022-24112
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
Apache APISIX, an API gateway, has a vulnerability allowing remote code execution by bypassing IP restrictions on the Admin API. This impacts organizations using Apache APISIX, potentially leading to unauthorized system access and control. Attackers can exploit this by abusing the batch-requests plugin.