Diary & Availability Calendar Security Vulnerabilities

CVE-2024-4046

Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-33950

Administrator Cross Site Scripting (XSS) in Archives Calendar Widget <= 1.0.15...

CVE-2024-33950

Administrator Cross Site Scripting (XSS) in Archives Calendar Widget <= 1.0.15...

CVE-2024-32998

NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32999

Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32998

NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32999

Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32996

Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32997

Race condition vulnerability in the binder driver module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32996

Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32997

Race condition vulnerability in the binder driver module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32993

Out-of-bounds access vulnerability in the memory module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32995

Denial of service (DoS) vulnerability in the AMS module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32993

Out-of-bounds access vulnerability in the memory module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32995

Denial of service (DoS) vulnerability in the AMS module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32991

Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32991

Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32992

Insufficient verification vulnerability in the baseband module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32992

Insufficient verification vulnerability in the baseband module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32989

Insufficient verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32990

Permission verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32990

Permission verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32989

Insufficient verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect...

CVE-2023-52720

Race condition vulnerability in the soundtrigger module Impact: Successful exploitation of this vulnerability will affect...

CVE-2023-52720

Race condition vulnerability in the soundtrigger module Impact: Successful exploitation of this vulnerability will affect...

CVE-2023-52384

Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect...

CVE-2023-52384

Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect...

CVE-2023-52383

Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect...

CVE-2023-52383

Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect...

Exploit for CVE-2024-27804

CVE-2024-27804 bash ./build.sh ./panic.sh ```bash...

CVE-2024-33494

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager...

CVE-2024-33494

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager...

CVE-2024-30207

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager...

CVE-2024-30207

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager...

Advisory ROSA-SA-2024-2420

Software: jackson-databind 2.10.0 OS: ROSA Virtualization 2.1 package_evr_string: jackson-databind-2.10.0 CVE-ID: CVE-2020-35490 BDU-ID: 2022-03804 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the org.apache.commons.dbcp2.datasources.PerUserPoolDataSource component of the Jackson-databind library.....

CVE-2024-28134 PHOENIX CONTACT: MitM attack gains privileges of the current logged in user in CHARX Series

An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as...

CVE-2024-28134 PHOENIX CONTACT: MitM attack gains privileges of the current logged in user in CHARX Series

An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as...

CVE-2024-33004 Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices)

SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on...

CVE-2024-33004 Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices)

SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on...

CVE-2024-34687 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data,...

CVE-2024-34687 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data,...

CVE-2024-4138 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application....

CVE-2024-4139 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and...

CVE-2024-4139 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and...

CVE-2024-33008 Memory Corruption vulnerability in SAP Replication Server

SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the...

CVE-2024-33008 Memory Corruption vulnerability in SAP Replication Server

SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the...

CVE-2024-32733 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify.....

CVE-2024-32731 Missing Authorization check in SAP My Travel Requests

SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker can upload a malicious attachment to a business trip request which will lead to a low impact on the confidentiality,...

Email Subscribers by Icegram Express < 5.7.20 - Missing Authorization in handle_ajax_request

Description The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it possible.....

Moodle < 4.1.10, 4.2.x < 4.2.7, 4.3.x < 4.3.4 Multiple Vulnerabilities

Moodle is prone to multiple...