|
200621
|
8.8 |
HIGH
Network
|
sap
|
3d_visual_enterprise_viewer
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted sources which results in crashing of the application and becoming temporarily unavaila…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2021-21450
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200622
|
8.8 |
HIGH
Network
|
sap
|
3d_visual_enterprise_viewer
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavaila…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2021-21449
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200623
|
6.5 |
MEDIUM
Local
|
sap
|
graphical_user_interface
|
SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. Under certain conditions the attacker can acce…
|
NVD-CWE-noinfo
|
CVE-2021-21448
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200624
|
5.4 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence
|
SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, w…
|
CWE-79
Cross-site Scripting
|
CVE-2021-21447
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200625
|
7.5 |
HIGH
Network
|
sap
|
netweaver_application_server_abap
|
SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service,…
|
NVD-CWE-noinfo
|
CVE-2021-21446
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200626
|
5.4 |
MEDIUM
Network
|
sap
|
commerce_cloud
|
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, a…
|
CWE-444
HTTP Request Smuggling
|
CVE-2021-21445
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200627
|
8.8 |
HIGH
Network
|
mk-auth
|
mk-auth
|
MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executar_central.php?acao=altsenha_princ URI.
|
CWE-352
Origin Validation Error
|
CVE-2021-21495
|
2024-11-21 14:48 |
2021-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200628
|
4.8 |
MEDIUM
Network
|
mk-auth
|
mk-auth
|
MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. An attacker can leverage this to read the centralmka2 (session token) cookie, which is not set to HTTPOnly.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2021-21494
|
2024-11-21 14:48 |
2021-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200629
|
7.8 |
HIGH
Local
|
adobe
|
acrobat
acrobat_dc
acrobat_reader
acrobat_reader_dc
|
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated atta…
|
-
|
CVE-2021-21088
|
2024-11-21 14:47 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200630
|
5.4 |
MEDIUM
Network
|
google
|
chrome
|
Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low)
|
CWE-125
Out-of-bounds Read
|
CVE-2021-21200
|
2024-11-21 14:47 |
2023-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
