CVE-2021-27609

SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to SAP without the intended authorization...

CVE-2021-27609

SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to SAP without the intended authorization...

Authorization

SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to SAP without the intended authorization...

CVE-2021-27609

SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to SAP without the intended authorization...

CVE-2021-27609

CVE-2021-27609 concerns SAP Focused RUN versions 200 and 300, where an authenticated user can skip proper authorization checks on the oData service and manipulate the activation of the SAP EarlyWatch Alert data collection and transmission. Multiple connected sources (including RH, CNVD, CVE listi...

OS Command Injection in curling

npm package curling before version 1.1.0 is vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization...

GHSA-XMXH-G7WJ-8M4M OS Command Injection in curling

npm package curling before version 1.1.0 is vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization...

Description of the security update for Outlook 2016: April 13, 2021 (KB4504712)

Description of the security update for Outlook 2016: April 13, 2021 KB4504712 Summary This security update resolves a Microsoft Outlook memory corruption vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2021-28452. Note: To apply this...

SAP Focused Run 安全漏洞

Designed for organizations that require extensive system and application monitoring, alerting and analysis, SAP Focused Run supports hosting all customers in a scalable, secure and automated environment. An improper authorization vulnerability exists in SAP Focused RUN versions 200 and 300. The...

Dream Report platform privilege escalation vulnerability

Summary Multiple privilege escalation vulnerabilities exist in Dream Report 5 R20-2. A specially crafted executable can cause elevated capabilities. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Dream Report 5 R20-2 Product URLs https://dreamreport.net/...

cobalt-bin (>=0.7.4 <=0.17.5), hyper-static-server (>=0.1.1 <=0.5.1) +10 more potentially affected by unknown CVE via sass-rs (=0.2.2)

sass-rs CARGO version =0.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on sass-rs and may be impacted: - cobalt-bin =0.7.4, =0.1.1, =0.1.6, =0.1.0, =0.1.0, =0.1.2, =0.1.1-alpha1, =0.7.0, =0.1.0, =0.1.2, =0.1.8 Source cves: unknown CVE Source advisor...

Impossible to call withdrawReward fails due to run out of gas

Handle s1m0 Vulnerability details Impact The withdrawReward fails due to the loop at . From my testing the dayDiff would be 18724 and with a gasLimit of 9500000 it stops at iteration 270 due to the fact that lastUpdatedDay is not initialized so is 0. Other than that it could run out of gas also f...

ClamAV 代码问题漏洞

ClamAV Clam AntiVirus is a free and open source antivirus program from the Clamav team. The software is used to detect Trojans, viruses, malware and other malicious threats. ClamAV Windows suffers from a code issue vulnerability that can be exploited by an attacker who can create a malicious DLL ...

The vulnerability of the Chrony daemon in the implementation of the Network Time Protocol (NTP) allows a attacker to cause a service failure.

The vulnerability of the Chrony daemon in the implementation of the Network Time Protocol NTP is related to an incorrect definition of the link before accessing the file in the /var/run/chrony directory. Exploiting this vulnerability could allow a attacker to cause a service failure by using a...

CVE-2021-1375

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and...

CVE-2021-1390 Cisco IOS XE Software Local Privilege Escalation Vulnerability

A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege level 15. This...

MangaDex Site Offline Following Hacking Incident

MangaDex, the online repository of manga animation comics, will be closed until further notice following a hacking incident. Last week, the site reported that a cyberattacker had gained access to an administrative account, “through the reuse of a session token found in an old database leak throug...

Hackers Infecting Apple App Developers With Trojanized Xcode Projects

Cybersecurity researchers on Thursday disclosed a new attack wherein threat actors are leveraging Xcode as an attack vector to compromise Apple platform developers with a backdoor, adding to a growing trend that involves targeting developers and researchers with malicious attacks. Dubbed...

The vulnerability of the Click-to-Run component of the Microsoft 365 Apps for Enterprise suite, related to improper code generation management, allows a malicious actor to execute arbitrary code.

The vulnerability of the Click-to-Run component of the Microsoft 365 Apps for Enterprise suite is related to improper code generation management. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

DLLHSC - DLL Hijack SCanner A Tool To Assist With The Discovery Of Suitable Candidates For DLL Hijacking

DLL Hijack SCanner - A tool to generate leads and automate the discovery of candidates for DLL Search Order Hijacking Contents of this repository This repository hosts the Visual Studio project file for the tool DLLHSC, the project file for the API hooking functionality detour, the project file f...