Security Vulnerabilities - CVEs Published In June 2021
Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admin privileges and carry out malicious activities such as creating a fake library and stealing user credentials.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-06-11
Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-06-11
ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-06-11
An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.2 build 20210122 on QSW-M2108-2C; versions prior to 1.0.2 build 20210122 on QSW-M2108-2S; versions prior to 1.0.2 build 20210122 on QSW-M2108R-2C.
CVSS Score
3.1
EPSS Score
0.003
Published
2021-06-11
Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versions prior to 1.0.3 build 20210505 on QSW-M2108-2S; versions prior to 1.0.3 build 20210505 on QSW-M2108R-2C; versions prior to 1.0.12 build 20210506 on QSW-M408.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-06-11
An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.4.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-06-11
A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files.
CVSS Score
9.1
EPSS Score
0.005
Published
2021-06-11
It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-06-11
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.
CVSS Score
8.8
EPSS Score
0.0
Published
2021-06-11
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
CVSS Score
8.8
EPSS Score
0.0
Published
2021-06-11