CVE STALKER

DAILY RANKING 2021-06-11

RANK
(yesterday)
NAME HEAT SCORE DESCRIPTION
👑➡️
(1)
CVE-2021-3560484N/A
2⬆️
(3)
CVE-2020-3628935Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.
3
(-)
CVE-2021-008930Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
4
(-)
CVE-2021-008630Improper permissions in the installer for the Intel(R) Brand Verification Tool before version 11.0.0.1225 may allow an authenticated user to potentially enable escalation of privilege via local access.
5⬇️
(2)
CVE-2021-3373914Microsoft DWM Core Library Elevation of Privilege Vulnerability
6⬇️
(4)
CVE-2021-3055112Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
7⬇️
(6)
CVE-2021-2686812Windows Graphics Component Elevation of Privilege Vulnerability
8
(-)
CVE-2021-2403510A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files.
9
(-)
CVE-2021-2881410An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.4.
10
(-)
CVE-2019-947510In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-9496886
11
(-)
CVE-2021-288059Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versions prior to 1.0.3 build 20210505 on QSW-M2108-2S; versions prior to 1.0.3 build 20210505 on QSW-M2108R-2C; versions prior to 1.0.12 build 20210506 on QSW-M408.
12
(-)
CVE-2021-268299OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.
13
(-)
CVE-2020-136639Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
14
(-)
CVE-2021-233938This affects the package Flask-Unchained before 0.9.0. When using the the _validate_redirect_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False.
15
(-)
CVE-2021-256848It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
16
(-)
CVE-2021-256838It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.
17
(-)
CVE-2021-256828It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.
18
(-)
CVE-2021-288018An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.2 build 20210122 on QSW-M2108-2C; versions prior to 1.0.2 build 20210122 on QSW-M2108-2S; versions prior to 1.0.2 build 20210122 on QSW-M2108R-2C.
19
(-)
CVE-2021-345408Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard.
20
(-)
CVE-2021-268288OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.