CVE-2021-35469

The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.

Source: CVE-2021-35469

CVE-2021-33681

SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated CGM file received from untrusted sources which causes out of bounds write and causes the application to crash and becoming temporarily unavailable until the user restarts the application.

Source: CVE-2021-33681

CVE-2021-33680

SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated CGM file received from untrusted sources which causes buffer overflow and causes the application to crash and becoming temporarily unavailable until the user restarts the application.

Source: CVE-2021-33680

CVE-2021-33678

A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions – 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable.

Source: CVE-2021-33678

CVE-2021-33676

A missing authority check in SAP CRM, versions – 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system.

Source: CVE-2021-33676

CVE-2021-33671

SAP NetWeaver Guided Procedures (Administration Workset), versions – 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The impact of missing authorization could result to abuse of functionality restricted to a particular user group, and could allow unauthorized users to read, modify or delete restricted data.

Source: CVE-2021-33671

CVE-2021-33677

SAP NetWeaver ABAP Server and ABAP Platform, versions – 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure.

Source: CVE-2021-33677

CVE-2021-33667

Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions – 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a part of the frontend application, which would otherwise be restricted.

Source: CVE-2021-33667

CVE-2021-33670

SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.

Source: CVE-2021-33670

CVE-2021-22318

A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulnerability. Local attackers may exploit this vulnerability to cause system denial of service.

Source: CVE-2021-22318