Export limit exceeded: 351439 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80923 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-33731 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 7.2 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | ||||
| CVE-2021-33730 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 7.2 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | ||||
| CVE-2021-33729 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database. | ||||
| CVE-2021-33728 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 7.2 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges. | ||||
| CVE-2021-33726 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory. | ||||
| CVE-2021-33721 | 1 Siemens | 1 Sinec Network Management System | 2024-11-21 | 7.2 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection. An authenticated remote attacker with administrative privileges could exploit this vulnerability to execute arbitrary code on the system with system privileges. | ||||
| CVE-2021-33720 | 1 Siemens | 3 Siprotec 5 With Cpu Variant Cp050, Siprotec 5 With Cpu Variant Cp100, Siprotec 5 With Cpu Variant Cp300 | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition. | ||||
| CVE-2021-33712 | 1 Mendix | 1 Saml | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). The configuration of the SAML module does not properly check various restrictions and validations imposed by an identity provider. This could allow a remote authenticated attacker to escalate privileges. | ||||
| CVE-2021-33708 | 1 Kyma-project | 1 Kyma | 2024-11-21 | 8.8 High |
| Due to insufficient input validation in Kyma, authenticated users can pass a Header of their choice and escalate privileges. | ||||
| CVE-2021-33705 | 1 Sap | 1 Netweaver Portal | 2024-11-21 | 8.1 High |
| The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery (SSRF) vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request (e.g. POST, GET) to any internal or external server. This can result in the accessing or modification of data accessible from the Portal but will not affect its availability. | ||||
| CVE-2021-33704 | 1 Sap | 1 Business One | 2024-11-21 | 8.8 High |
| The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack, the attacker may be able to read, modify or delete restricted data. The impact is that missing authorization can result of abuse of functionality usually restricted to specific users. | ||||
| CVE-2021-33700 | 1 Sap | 1 Business One | 2024-11-21 | 7.8 High |
| SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take substantial control of the vulnerable application. | ||||
| CVE-2021-33698 | 1 Sap | 1 Business One | 2024-11-21 | 8.8 High |
| SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation. | ||||
| CVE-2021-33692 | 1 Sap | 1 Cloud Connector | 2024-11-21 | 7.5 High |
| SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as '..' and '/' separators, for attackers to escape outside of the restricted location to access files or directories. | ||||
| CVE-2021-33677 | 1 Sap | 2 Netweaver Abap, Netweaver Application Server Abap | 2024-11-21 | 7.5 High |
| SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure. | ||||
| CVE-2021-33676 | 1 Sap | 1 Customer Relationship Management | 2024-11-21 | 7.2 High |
| A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system. | ||||
| CVE-2021-33671 | 1 Sap | 1 Netweaver Guided Procedures | 2024-11-21 | 8.8 High |
| SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The impact of missing authorization could result to abuse of functionality restricted to a particular user group, and could allow unauthorized users to read, modify or delete restricted data. | ||||
| CVE-2021-33670 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 7.5 High |
| SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability. | ||||
| CVE-2021-33669 | 1 Sap | 1 Mobile Sdk Certificate Provider | 2024-11-21 | 7.8 High |
| Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage. For a successful exploitation user interaction from another user is required and could lead to complete impact of confidentiality integrity and availability. | ||||
| CVE-2021-33668 | 1 Sap | 1 Infrabox | 2024-11-21 | 7.5 High |
| Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application. | ||||