CVE STALKER

DAILY RANKING 2021-10-14

RANK
(yesterday)
NAME HEAT SCORE DESCRIPTION
👑➡️
(1)
CVE-2021-30883307** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.
2⬆️
(4)
CVE-2021-30858169** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.
3
(-)
CVE-2021-4201371It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
4
(-)
CVE-2021-4043853A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
5⬇️
(2)
CVE-2021-4044937N/A
6⬆️
(13)
CVE-2021-2296032N/A
7⬇️
(3)
CVE-2021-3798031N/A
8
(-)
CVE-2021-4133521N/A
9⬇️
(6)
CVE-2021-4177317A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions.
10
(-)
CVE-2014-836116The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.
11
(-)
CVE-2017-1721516Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.
12⬇️
(10)
CVE-2021-2608416In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if Allow people to sign up to create their account is enabled. To check whether this is enabled go to COG > User Management > User Signup Options. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
13⬇️
(9)
CVE-2021-4178013N/A
14
(-)
CVE-2020-1996112N/A
15
(-)
CVE-2020-2272411N/A
16
(-)
CVE-2021-4234210N/A
17
(-)
CVE-2021-410759N/A
18
(-)
CVE-2020-199649N/A
19
(-)
CVE-2021-404938N/A
20⬇️
(5)
CVE-2021-369708N/A