CWE-863

CVE-2021-40654

February 23, 2023 by

An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page

CVE-2021-40655

February 23, 2023 by

An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page

CVE-2021-40692

February 23, 2023 by

Insufficient capability checks made it possible for teachers to download users outside of their courses.

thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required.

CVE-2021-40504

February 23, 2023 by

A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform – versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions.

CVE-2021-40325

February 23, 2023 by

Cobbler before 3.3.0 allows authorization bypass for modification of settings.