Monthly Archive: April 2021

Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability Date published : 2021-04-13 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28316

Windows Media Video Decoder Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-27095. Date published : 2021-04-13 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28315

Windows Hyper-V Elevation of Privilege Vulnerability Date published : 2021-04-13 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28314

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28321, CVE-2021-28322. Date published : 2021-04-13 http://seclists.org/fulldisclosure/2021/Apr/40 http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html

Windows NTFS Denial of Service Vulnerability Date published : 2021-04-13 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28312

Windows Application Compatibility Cache Denial of Service Vulnerability Date published : 2021-04-13 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28311

Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-27072. Date published : 2021-04-13 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28310

Windows Kernel Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-27093. Date published : 2021-04-13 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28309

The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index...

SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert...

SAP’s HCM Travel Management Fiori Apps V2, version – 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in escalation of privileges. However,...

An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions – 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function...

SAP Commerce, versions – 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An...

SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. When a victim tries to open this file, it results in...