PT-2021-6433 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.27 and prior Description: The issue is related to insufficient input validation in the MySQL Server component, specifically in the Server: Components Services. This can be exploited by a remote attacker to cause a...

PT-2021-6986 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.28 and prior Description: The issue is related to insufficient input validation in the Server: Optimizer component of the MySQL Server system management database. This can be exploited by a remote attacker to gain...

PT-2021-6663 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.27 and prior Description: The issue is related to insufficient input validation in the Server: Optimizer component of MySQL Server, allowing a low-privileged attacker with network access via multiple protocols to...

Siemens Climatix POL909 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable remotely Vendor: Siemens --------- Begin Update A Part 1 of 3 --------- Equipment: Climatix POL909 AWM and AWB modules --------- End Update A Part 1 of 3 --------- Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION...

Authorization

SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker...

Improper privilege management in Keycloak

A flaw was found in Keycloak, where it would permit a user with a view-profile role to manage the resources in the new account console. This flaw allows a user with a view-profile role to access and modify data for which the user does not have adequate permission...

NetApp Clustered Data ONTAP Vulnerabilities - Lenovo Support US

No description provided...

CVE-2021-40366

A vulnerability has been identified in Climatix POL909 AWB module All versions V11.42, Climatix POL909 AWM module All versions V11.34. The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to...

Siemens Climatix POL909 安全漏洞

Siemens Climatix Pol909 is an intelligent network module from Siemens, Germany. security vulnerability exists in versions prior to Siemens Climatix POL909 AWM module V11.34, which stems from the fact that the web server of the affected device does not use TLS encryption when transmitting data. An...

Hitachi Energy Relion 670/650/SAM600-IO

SUMMARY Hitachi Energy is aware of a vulnerability report from U.S. Department of Energy CyTRICS researcher of a vulnerability in the Relion® 670/650/SAM600-IO series versions listed below. Remediation is available for some versions. Recommended actions for each affected version are listed in...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).

...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).

...

CVE-2021-38453

Some API functions allow interaction with the registry, which includes reading values as well as data modification...

Input validation

Some API functions allow interaction with the registry, which includes reading values as well as data modification...

CVE-2021-38453 AUVESY Versiondog

Some API functions allow interaction with the registry, which includes reading values as well as data modification...

CVE-2021-38453

CVE-2021-38453 affects AUVESY Versiondog. The vulnerability arises from API functions that interact with the registry, allowing reading values and modifying data via external control of system/configuration settings. Connected sources assign CVSSv3 base score 9.1 (CRITICAL) with network attack ve...

AUVESY Versiondog has an unspecified vulnerability (CNVD-2021-82926)

AUVESY Versiondog is an automated production data and change management software solution from the German company AUVESY. a security vulnerability exists in AUVESY Versiondog, which can be exploited by attackers to read values and modify data...

CVE-2021-35665

Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion component: Repository. The supported version that is affected is 11.2.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Financial Reporting...

CVE-2021-35651

Vulnerability in the Essbase Administration Services product of Oracle Essbase component: EAS Console. The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...