ABAP Platform & Server (KRNL64NUC) Security Vulnerabilities

CVE-2024-28794

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2024-28794

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2023-50964

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2023-50964

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2024-28797

IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2024-28797

IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2024-31898

IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: ...

CVE-2024-31898

IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: ...

CVE-2023-50953

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2023-50952

IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: ...

CVE-2023-50953

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2023-50952

IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: ...

CVE-2023-50964 IBM InfoSphere Information Server cross-site scripting

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2024-28794 IBM InfoSphere Information Server cross-site scripting

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2023-50953 IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2023-50952 IBM InfoSphere Information Server server-side request forgery

IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: ...

CVE-2024-28797 IBM InfoSphere Information Server cross-site scripting

IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2024-31898 IBM InfoSphere Information Server data modification

IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: ...

CVE-2024-35119

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2024-35119

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2024-28798

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2023-50954

IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2024-28798

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2024-31902

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: ...

CVE-2023-50954

IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2024-31902

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: ...

Exploit for CVE-2024-34102

CVE-2024-34102 Usage ```bash python3 CVE-2024-34102.py...

CVE-2023-50954 IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2024-31902 IBM InfoSphere Information Server cross-site request forgery

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: ...

CVE-2024-35119 IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2023-35022

IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: ...

CVE-2024-28795

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2023-35022

IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: ...

CVE-2024-28795

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2024-28798 IBM InfoSphere Information Server cross-site scripting

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2023-35022 IBM InfoSphere Information Server improper authentication

IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: ...

CVE-2024-28795 IBM InfoSphere Information Server cross-site scripting

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

tryton-server - security update

Bulletin has no...

CVE-2024-39840

Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake...

CVE-2024-39840

Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake...

Google to Block Entrust Certificates in Chrome Starting November 2024

Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several...

platform-l.org Cross Site Scripting vulnerability OBB-3939546

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

[SECURITY] Fedora 39 Update: kitty-0.31.0-3.fc39

Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics (images), unicode, true-col or, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and ...

CVE-2024-39840

Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake...

SUSE SLES15 Security Update : frr (SUSE-SU-2024:2245-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2245-1 advisory. - CVE-2023-38406: Fixed nlri length of zero mishandling, aka 'flowspec overflow'. (bsc#1216900) - CVE-2023-47235: Fixed a crash on.....

Exploit for CVE-2024-34102

🚨 CVE-2024-34102 Exploit Script 🚨 Description This...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site request forgery (CVE-2024-31902)

Summary A cross-site request forgery vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-31902 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and.....

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Oracle MySQL Connectors (CVE-2023-22102)

Summary A vulnerability in Oracle MySQL Connectors used by InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-22102 DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Connectors related to the Connector/J component could allow a remote attacker to cause.....

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Open Container Initiative runc

Summary Multiple vulnerabilities in Open Container Initiative runc used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2024-21626 DESCRIPTION: **Open Container Initiative runc could allow a remote attacker to bypass security restrictions, caused by an...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site scripting (CVE-2023-50964)

Summary A cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-50964 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript...