Nov 10, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2021-40519 Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials.

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2020-23873 pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::dump.

  • CVSS 9.8

New critical Science-miner Pdf2xml Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2020-23874 Science-miner Pdf2xml Buffer Overflow

  • CVSS 9.8

New critical Science-miner Pdf2xml Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-23873 CVSS 9.8

pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::dump.

CVE-2020-23874 CVSS 9.8

pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::addAttributsNode.

CVE-2020-23877 CVSS 9.8

pdf2xml v2.0 was discovered to contain a stack buffer overflow in the component getObjectStream.

CVE-2020-23878 CVSS 9.8

pdf2json v0.71 was discovered to contain a stack buffer overflow in the component XRef::fetch.

CVE-2021-3064 CVSS 9.8

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticate...

CVE-2021-33816 CVSS 9.8

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which sys...

CVE-2021-40519 CVSS 10

Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials.

CVE-2021-40520 CVSS 9.8

Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials.

CVE-2021-40521 CVSS 9.8

Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution.

CVE-2021-43573 CVSS 9.8

A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10.

View critical disclosures

cvelogic Threat Intelligence