|
199561
|
8.8 |
HIGH
Network
|
sap
|
enterprise_financial_services
|
SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting …
|
CWE-862
Missing Authorization
|
CVE-2021-21486
|
2024-11-21 14:48 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199562
|
9.8 |
CRITICAL
Network
|
sap
|
hana
|
LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind.
|
CWE-863
Incorrect Authorization
|
CVE-2021-21484
|
2024-11-21 14:48 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199563
|
8.8 |
HIGH
Adjacent
|
sap
|
netweaver
|
The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access co…
|
CWE-863
Incorrect Authorization
|
CVE-2021-21481
|
2024-11-21 14:48 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199564
|
8.8 |
HIGH
Network
|
sap
|
manufacturing_integration_and_intelligence
|
SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can intercept a request to the server, inject malicious JSP code in…
|
CWE-94
Code Injection
|
CVE-2021-21480
|
2024-11-21 14:48 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199565
|
6.5 |
MEDIUM
Adjacent
|
vagrant_project
|
vagrant
|
The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in …
|
-
|
CVE-2021-21361
|
2024-11-21 14:48 |
2021-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199566
|
6.1 |
MEDIUM
Network
|
dell
|
idrac8_firmware
|
Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ hea…
|
CWE-74
Injection
|
CVE-2021-21510
|
2024-11-21 14:48 |
2021-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199567
|
8.8 |
HIGH
Network
|
dell
|
emc_powerscale_onefs
|
PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. An un-authtenticated with ISI_PRIV_SYS_SUPPORT and ISI_PRIV_LOGIN_PAPI privileges could potent…
|
CWE-20
Improper Input Validation
|
CVE-2021-21506
|
2024-11-21 14:48 |
2021-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199568
|
5.3 |
MEDIUM
Network
|
zope
|
products.genericsetup
|
Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts. In Products.GenericSetup before version 2.1.1 there is an information di…
|
-
|
CVE-2021-21360
|
2024-11-21 14:48 |
2021-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199569
|
7.8 |
HIGH
Local
|
dell
|
emc_powerscale_onefs
|
PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges esc…
|
CWE-78
OS Command
|
CVE-2021-21503
|
2024-11-21 14:48 |
2021-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199570
|
6.1 |
MEDIUM
Network
|
zope
|
products.pluggableauthservice
|
Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an open redirect vulnerability. A maliciou…
|
-
|
CVE-2021-21337
|
2024-11-21 14:48 |
2021-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
