[Content]
Forwarded from TWCERTCC-200-202603-00000007

【CVE-2026-22719】Broadcom VMware Aria Operations Command Injection Vulnerability (CVSS v3.1: 8.1)

【Whether Exploited by Ransomware: Unknown】 Broadcom VMware Aria Operations contains a command injection vulnerability. An unauthenticated attacker can exploit this vulnerability to execute arbitrary commands, which may lead to remote code execution during supported product migrations.

【CVE-2026-21385】Qualcomm Multiple Chipsets Memory Corruption Vulnerability (CVSS v3.1: 7.8)

【Whether Exploited by Ransomware: Unknown】 Multiple Qualcomm chipsets contain a memory corruption vulnerability when performing memory allocation alignment.

【CVE-2017-7921】Hikvision Multiple Products Improper Authentication Vulnerability (CVSS v3.1: 9.8)

【Whether Exploited by Ransomware: Unknown】 Multiple Hikvision products contain an improper authentication vulnerability. A malicious user may exploit this vulnerability to escalate system privileges and access sensitive information.

【CVE-2021-22681】Rockwell Multiple Products Insufficient Protected Credentials Vulnerability (CVSS v3.1: 9.8)

【Whether Exploited by Ransomware: Unknown】 Multiple Rockwell products contain an insufficiently protected credentials vulnerability. A key used to authenticate communications between Logix controllers and Rockwell Automation design software in Studio 5000 Logix Designer may be discovered. If successfully exploited, unauthorized applications may connect to the Logix controller.

【CVE-2023-43000】Apple Multiple Products Use-After-Free Vulnerability (CVSS v3.1: 8.8)

【Whether Exploited by Ransomware: Unknown】 Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability. When the system processes specially crafted malicious web content, it may lead to memory corruption.

【CVE-2021-30952】Apple Multiple Products Integer Overflow or Wraparound Vulnerability (CVSS v3.1: 8.8)

【Whether Exploited by Ransomware: Unknown】 Apple tvOS, macOS, Safari, iPadOS, and watchOS contain an integer overflow or wraparound vulnerability. When the system processes specially crafted malicious web content, it may lead to arbitrary code execution.

【CVE-2023-41974】Apple iOS and iPadOS Use-After-Free Vulnerability (CVSS v3.1: 7.8)

【Whether Exploited by Ransomware: Unknown】 Apple iOS and iPadOS contain a use-after-free vulnerability. Applications may exploit this vulnerability to execute arbitrary code with kernel privileges.

(Information Sharing Level: WHITE (Information content can be publicly disclosed)

[Affected Platform]

【CVE-2026-22719】Please refer to the affected versions listed by the official advisory:
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947

【CVE-2026-21385】Please refer to the affected versions listed by the official advisory:
https://docs.qualcomm.com/securitybulletin/march-2026-bulletin.html

【CVE-2017-7921】Please refer to the affected versions listed by the official advisory:
https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/

【CVE-2021-22681】Please refer to the affected versions listed by the official advisory:
https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03

【CVE-2023-43000】Please refer to the affected versions listed by the official advisories:
https://support.apple.com/en-us/120324
https://support.apple.com/en-us/120331
https://support.apple.com/en-us/120338

【CVE-2021-30952】Please refer to the affected versions listed by the official advisories:
https://support.apple.com/en-us/HT212975
https://support.apple.com/en-us/HT212976
https://support.apple.com/en-us/HT212978
https://support.apple.com/en-us/HT212980
https://support.apple.com/en-us/HT212982

【CVE-2023-41974】Please refer to the affected versions listed by the official advisory:
https://support.apple.com/en-us/HT213938

【CVE-2026-22719】 The vendor has released a remediation update for the vulnerability. Please update to the relevant version.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947

【CVE-2026-21385】 The vendor has released a remediation update for the vulnerability. Please update to the relevant version.
https://docs.qualcomm.com/securitybulletin/march-2026-bulletin.html

【CVE-2017-7921】 The vendor has released a remediation update for the vulnerability. Please update to the relevant version.
https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/

【CVE-2021-22681】 The vendor has released a remediation update for the vulnerability. Please update to the relevant version.
https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03

【CVE-2023-43000】 The vendor has released a remediation update for the vulnerability. Please update to the relevant version.
https://support.apple.com/en-us/120324
https://support.apple.com/en-us/120331
https://support.apple.com/en-us/120338

【CVE-2021-30952】 The vendor has released a remediation update for the vulnerability. Please update to the relevant version.
https://support.apple.com/en-us/HT212975
https://support.apple.com/en-us/HT212976
https://support.apple.com/en-us/HT212978
https://support.apple.com/en-us/HT212980
https://support.apple.com/en-us/HT212982

【CVE-2023-41974】 The vendor has released a remediation update for the vulnerability. Please update to the relevant version.
https://support.apple.com/en-us/HT213938