CVE-2021-4117

yetiforcecrm is vulnerable to Business Logic Errors...

CVE-2021-4117

yetiforcecrm is vulnerable to Business Logic Errors...

CVE-2021-4117

yetiforcecrm is vulnerable to Business Logic Errors...

Code injection

yetiforcecrm is vulnerable to Business Logic Errors...

CVE-2021-4117

CVE-2021-4117 affects Yetiforcecrm / YetiForceCRM. Multiple connected sources describe a business logic error related to weight handling in the product data, with explicit notes that the weight value can be negative and that the issue stems from processing/validation logic. CVE entries and adviso...

CVE-2021-4117 Business Logic Errors in yetiforcecompany/yetiforcecrm

yetiforcecrm is vulnerable to Business Logic Errors...

CVE-2021-4111

yetiforcecrm is vulnerable to Business Logic Errors...

CVE-2021-4111

yetiforcecrm is vulnerable to Business Logic Errors...

CVE-2021-4111

yetiforcecrm is vulnerable to Business Logic Errors...

Code injection

yetiforcecrm is vulnerable to Business Logic Errors...

CVE-2021-4111 Business Logic Errors in yetiforcecompany/yetiforcecrm

yetiforcecrm is vulnerable to Business Logic Errors...

PT-2021-23144 · Unknown · Yetiforcecrm

Name of the Vulnerable Software and Affected Versions: YetiForceCRM affected versions not specified Description: The issue concerns Business Logic Errors in YetiForceCRM, specifically related to the Weight of a Product. The problem arises because the weight value can be set to a negative number...

SUSE SLES12 Security Update : kernel (Live Patch 25 for SLE 12 SP5) (SUSE-SU-2021:4021-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4021-1 advisory. - In ip6xmit of ip6output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege...

SUSE SLES15 Security Update : kernel (Live Patch 15 for SLE 15 SP2) (SUSE-SU-2021:4090-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4090-1 advisory. - In bpfskbchangehead of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of...

SUSE SLES12 Security Update : kernel (Live Patch 40 for SLE 12 SP3) (SUSE-SU-2021:4057-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2021:4057-1 advisory. - A flaw in the processing of received ICMP errors ICMP fragment needed and ICMP redirect in the Linux kernel functionality was found to all...

SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 22 for SLE 12 SP4) (SUSE-SU-2021:4038-1)

The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4038-1 advisory. - In bpfskbchangehead of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation...

undertow: special character in query results in server errors

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability...

CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl

Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO...

Business Logic Errors in yetiforcecompany/yetiforcecrm

Description YetiForceCRM application is vulnerable to Business Logic Errors in the Weight of a Product since that value can be a negative number. Proof of Concept 1.After login, in the left menu bar, click Databases - Products 2.Click any product to go to the product details. 3.In the product...

Invalid handling of `X509_verify_cert()` internal errors in libssl

Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO...