CVE-2021-41554

ARCHIBUS Web Central 21.3.3.815 a version from 2014 does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw,...

Cybozu Remote Service 权限许可和访问控制问题漏洞

Cybozu Remote Service is a remote service management software used to access Cybozu's internal systems. a bypass vulnerability exists in the Cybozu Remote Service management interface. A remote authenticated attacker can use this vulnerability to change the data in the management interface...

mysql: C API unspecified vulnerability (CPU Jan 2021)

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...

mysql: InnoDB unspecified vulnerability (CPU Jan 2021)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

CVE-2021-33705

The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery SSRF vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request e.g. POST, G...

CVE-2021-33705

The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery SSRF vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request e.g. POST, G...

The vulnerability of the Library component of the Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows attackers to modify data.

The vulnerability of the Library component of the Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to modify, add, or delete...

CVE-2021-38175

SAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user interaction. The attack would not lead to an impact on the availability of the system, but there...

CVE-2021-28567

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are vulnerable to an Improper Authorization vulnerability in the customers module. Successful exploitation could allow a low-privileged user to modify customer data. Access to the admin console is required for...

Solarwinds Orion Platform SQL注入漏洞

SolarWinds Orion Platform is a network fault and network performance management platform from SolarWinds, Inc. The platform provides real-time monitoring and profiling of network devices and supports custom web interfaces, multiple user opinions, and map-based browsing of the entire network. The...

Mitel Networks MiCollab has an unspecified vulnerability

Mitel Networks MiCollab is a mobile application from Mitel Networks Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees.A security vulnerability exists in versions of Mitel Networks MiCollab prior to 9.3, which stems from a component that could be...

CVE-2021-32069

The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and modify data...

CVE-2021-32068

The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls. A successful exploit could allow an attacker to modify applicatio...

CVE-2021-32071

The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of service for users...

CVE-2021-32069

The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and modify data...

CVE-2021-32069

The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and modify data...

Mitel Networks MiCollab 信任管理问题漏洞

Mitel Networks MiCollab is a mobile application from Mitel Networks Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees.A security vulnerability exists in versions of Mitel Networks MiCollab prior to 9.3, which stems from a component that could be...

Mitel Networks MiCollab 安全漏洞

Mitel MiCollab is a mobile application from Mitel Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees. A security vulnerability exists in Mitel Networks MiCollab that stems from the product's MiCollab Client service lacking system access validatio...

Mitel Networks MiCollab 安全漏洞

Mitel MiCollab is an enterprise collaboration software and tools platform solution. A man-in-the-middle attack vulnerability exists in the AWV and MiCollab Client Service components in Mitel MiCollab versions prior to 9.3. The vulnerability stems from insufficient control over TLS sessions. An...

CVE-2021-37214

The employee management page of Flygo contains Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID in specific parameters to arbitrary access employee's data, modify it, and then obtain administrator...