Dec 22, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2021-21903 Garrett Ic Module Cma Buffer Overflow

  • CVSS 9.8

New critical Garrett Ic Module Cma Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-21952 Anker Eufy Homebase 2 Firmware Auth Bypass

  • CVSS 9.8
  • Authentication bypass — unauthenticated access risk

New critical Anker Eufy Homebase 2 Firmware Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-39306 Realtek Rtl8195am Firmware Buffer Overflow

  • CVSS 9.8

New critical Realtek Rtl8195am Firmware Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-20601 CVSS 9.8

An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.

CVE-2021-21903 CVSS 9.8

A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0.

CVE-2021-21952 CVSS 9.8

An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality of the home_security binary of Anker Eu...

CVE-2021-38013 CVSS 9.6

Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had comp...

CVE-2021-39306 CVSS 9.8

A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a b...

CVE-2021-40393 CVSS 9.8

An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit...

CVE-2021-40394 CVSS 9.8

An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit...

CVE-2021-40417 CVSS 9.8

When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that...

CVE-2021-40418 CVSS 9.8

When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a proper...

CVE-2021-45461 CVSS 9.8

FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to e...

View critical disclosures

cvelogic Threat Intelligence