Search Results (Refine Search)

Search Parameters:
There are 155,749 matching records.
Displaying matches 761 through 780.
Vuln ID Summary CVSS Severity
CVE-2021-27621

Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access restricted information by entering malicious server name.

Published: June 09, 2021; 10:15:08 AM -0400
V3.1: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-27620

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method Ups::AddPart() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Published: June 09, 2021; 10:15:08 AM -0400
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-27615

SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. The lack of these headers in response can be exploited by the attacker to execute Cross-Site Scripting (XSS) attacks.

Published: June 09, 2021; 10:15:08 AM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2021-27607

SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThSncIn() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Published: June 09, 2021; 10:15:08 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-27606

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Published: June 09, 2021; 10:15:08 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-27597

SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method memmove() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Published: June 09, 2021; 10:15:08 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-21490

SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site scripting vulnerability, through which a malicious user can access data relating to the current session and use it to impersonate a user and access all information with the same rights as the target user.

Published: June 09, 2021; 10:15:08 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-21473

SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform.

Published: June 09, 2021; 10:15:07 AM -0400
V3.1: 6.3 MEDIUM
V2.0: 6.5 MEDIUM
CVE-2021-33668

Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application.

Published: June 09, 2021; 9:15:07 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-3533

A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

Published: June 09, 2021; 8:15:08 AM -0400
V3.1: 2.5 LOW
V2.0: 1.2 LOW
CVE-2021-3532

A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

Published: June 09, 2021; 8:15:08 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-34370

Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS.

Published: June 09, 2021; 8:15:08 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-34369

portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value.

Published: June 09, 2021; 8:15:08 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-33842

Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located.

Published: June 09, 2021; 8:15:07 AM -0400
V3.1: 8.8 HIGH
V2.0: 7.7 HIGH
CVE-2021-33841

SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges.

Published: June 09, 2021; 8:15:07 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2021-33829

A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.

Published: June 09, 2021; 8:15:07 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-26314

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.

Published: June 09, 2021; 8:15:07 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-26313

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.

Published: June 09, 2021; 8:15:07 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-34364

The Refined GitHub browser extension before 21.6.8 might allow XSS via a link in a document. NOTE: github.com sends Content-Security-Policy headers to, in general, address XSS and other concerns.

Published: June 09, 2021; 7:15:07 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-1937

Reachable assertion is possible while processing peer association WLAN message from host and nonstandard incoming packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: June 09, 2021; 3:15:08 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM