Search Results (363099 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-38179 1 Sap 1 Business One 2024-11-21 4.9 Medium
Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contents which may include User credentials.
CVE-2021-38178 1 Sap 2 Netweaver Abap, Netweaver Application Server Abap 2024-11-21 8.8 High
The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data.
CVE-2021-38177 1 Sap 1 Commoncryptolib 2024-11-21 7.5 High
SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, this causes the SAP application to crash and has high impact on the availability of the SAP system.
CVE-2021-38176 1 Sap 4 Landscape Transformation, Landscape Transformation Replication Server, S\/4hana and 1 more 2024-11-21 8.8 High
Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. On successful exploitation the threat actor could completely compromise confidentiality, integrity, and availability of the system.
CVE-2021-38175 1 Sap 1 Analysis For Microsoft Office 2024-11-21 6.5 Medium
SAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user interaction. The attack would not lead to an impact on the availability of the system, but there would be an impact on integrity and confidentiality.
CVE-2021-38174 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 6.5 Medium
When a user opens manipulated files received from untrusted sources in SAP 3D Visual Enterprise Viewer version - 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2021-38173 3 Debian, Digint, Fedoraproject 3 Debian Linux, Btrbk, Fedora 2024-11-21 9.8 Critical
Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.
CVE-2021-38172 1 Debian 1 Perm 2024-11-21 9.8 Critical
perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially fixed this in 0.4.0-7.)
CVE-2021-38171 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2024-11-21 9.8 Critical
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
CVE-2021-38169 1 Roxy-wi 1 Roxy-wi 2024-11-21 8.8 High
Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/api_funct.py.
CVE-2021-38168 1 Roxy-wi 1 Roxy-wi 2024-11-21 8.8 High
Roxy-WI through 5.2.2.0 allows authenticated SQL injection via select_servers.
CVE-2021-38167 1 Roxy-wi 1 Roxy-wi 2024-11-21 9.8 Critical
Roxy-WI through 5.2.2.0 allows SQL Injection via check_login. An unauthenticated attacker can extract a valid uuid to bypass authentication.
CVE-2021-38166 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2024-11-21 7.8 High
In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.
CVE-2021-38165 4 Debian, Fedoraproject, Lynx Project and 1 more 4 Debian Linux, Fedora, Lynx and 1 more 2024-11-21 5.3 Medium
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.
CVE-2021-38164 1 Sap 1 Erp Financial Accounting 2024-11-21 5.4 Medium
SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to.
CVE-2021-38161 2 Apache, Debian 2 Traffic Server, Debian Linux 2024-11-21 8.1 High
Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8.
CVE-2021-38159 1 Progress 1 Moveit Transfer 2024-11-21 9.8 Critical
In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or execute SQL statements that alter or delete database elements, via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8), 2019.1.7 (11.1.7), 2019.2.4 (11.2.4), 2020.0.7 (12.0.7), 2020.1.6 (12.1.6), and 2021.0.4 (13.0.4).
CVE-2021-38157 1 Leostream 1 Connection Broker 2024-11-21 6.1 Medium
LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-38156 1 Nagios 1 Nagios Xi 2024-11-21 5.4 Medium
In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.
CVE-2021-38155 1 Openstack 1 Keystone 2024-11-21 7.5 High
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected.