CVE STALKER

DAILY RANKING 2022-01-12

RANK
(yesterday)
NAME HEAT SCORE DESCRIPTION
👑⬆️
(3)
CVE-2022-21907273HTTP Protocol Stack Remote Code Execution Vulnerability.
2⬆️
(5)
CVE-2021-20038203A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.
3⬇️
(1)
CVE-2021-44228116Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. In previous releases (>2.10) this behavior can be mitigated by setting system property "log4j2.formatMsgNoLookups" to true or by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class). Java 8u121 (see https://www.oracle.com/java/technologies/javase/8u121-relnotes.html) protects against remote code execution by defaulting "com.sun.jndi.rmi.object.trustURLCodebase" and "com.sun.jndi.cosnaming.object.trustURLCodebase" to "false".
4
(-)
CVE-2021-4470147Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5⬆️
(19)
CVE-2022-2184938Windows IKE Extension Remote Code Execution Vulnerability.
6
(-)
CVE-2022-2196934Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21846, CVE-2022-21855.
7
(-)
CVE-2020-971532Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .
8⬆️
(9)
CVE-2021-4239223The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.
9⬇️
(7)
CVE-2021-4157719N/A
10
(-)
CVE-2021-385218growi is vulnerable to Authorization Bypass Through User-Controlled Key
11
(-)
CVE-2022-008715keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
12⬇️
(2)
CVE-2021-3097015A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, macOS Big Sur 11.6.2. A malicious application may be able to bypass Privacy preferences.
13
(-)
CVE-2022-015914orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
14
(-)
CVE-2022-017914snipe-it is vulnerable to Improper Access Control
15
(-)
CVE-2022-2184013Microsoft Office Remote Code Execution Vulnerability.
16
(-)
CVE-2021-408013crater is vulnerable to Unrestricted Upload of File with Dangerous Type
17⬇️
(15)
CVE-2021-4510512Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.
18
(-)
CVE-2022-2185112Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21850.
19
(-)
CVE-2021-4506712Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
20
(-)
CVE-2022-2311712Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller.