Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within...
SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges. Date published : 2021-06-09 https://www.incibe-cert.es/en/early-warning/ics-advisories/circutor-sge-plc1000-os-command-injection
ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA). Date published : 2021-06-09 https://security.gentoo.org/glsa/202107-29 https://lore.kernel.org/connman/
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because –!> is mishandled....
Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage. For a successful exploitation user interaction from another user is required and could lead...
Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application. Date published : 2021-06-09 https://github.com/SAP/scimono/security/advisories/GHSA-wg9g-w4fg-3qqc
When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffing, which, in certain circumstances, could be used to facilitate an XSS attack or malware proliferation. Date published :...
SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), versions – KRNL64NUC – 7.49, KRNL64UC – 7.49,7.53, KERNEL – 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS)...
SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions – SAP_UI – 750,752,753,754,755, SAP_BASIS – 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Date published...
SAP NetWeaver AS ABAP, versions – KRNL32NUC – 7.22,7.22EXT, KRNL32UC – 7.22,7.22EXT, KRNL64NUC – 7.22,7.22EXT,7.49, KRNL64UC – 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL – 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83,7.84, allows an unauthorized attacker to insert cleartext commands due to improper restriction of...
Under certain conditions, the installation of SAP Business One, version – 10.0, discloses sensitive information on the file system allowing an attacker to access information which would otherwise be restricted. Date published : 2021-06-09...
SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user...
SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated FLI file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user...
SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user...