CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-33603 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-33603
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. Se ha detectado una vulnerabilidad de Denegación de Servicio (DoS) en F-Secure Atlant por la que el componente del módulo AVPACK usado en determinados productos de F-Secure puede bloquearse mientras se escanean archivos con problemas. La explotación puede ser desencadenada remotamente por un atacante. • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33603 •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-40440 – Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2021-40440
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability Una vulnerabilidad de tipo Cross-site Scripting de Microsoft Dynamics Business Central • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40440 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-38659 – Microsoft Office Graphics Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-38659
Microsoft Office Graphics Remote Code Execution Vulnerability Una Vulnerabilidad de Ejecución de Código Remota de Microsoft Office This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PPT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38659 https://www.zerodayinitiative.com/advisories/ZDI-21-1084 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38657 – Microsoft Office Graphics Component Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-38657
Microsoft Office Graphics Component Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información de Microsoft Office Graphics Component • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38657 •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-38656 – Microsoft Word Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-38656
Microsoft Word Remote Code Execution Vulnerability Una Vulnerabilidad de Ejecución de Código Remota en Microsoft Word This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOC files. Crafted data in a DOC file can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38656 https://www.zerodayinitiative.com/advisories/ZDI-21-1082 • CWE-416: Use After Free •