Diary & Availability Calendar Security Vulnerabilities

KLA68918 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in Media Session can be exploited to cause denial of service or execute...

CVE-2024-27309

A flaw was found in Apache Kafka during the migration from ZooKeeper (ZK) to KRaft mode that affects Access Control List (ACL) enforcement. Specifically, when an ACL is removed from a resource and the resource retains two or more other ACLs, Kafka may incorrectly treat the resource as having only.....

Rockwell Automation ControlLogix, GuardLogix, and CompactLogix

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix, CompactLogix Vulnerability: Always-Incorrect Control Flow Implementation 2. RISK EVALUATION Successful exploitation of this vulnerability could compromise...

Security Bulletin: IBM Workload Automation potentially affected by multiple vulnerabilities in Java.

Summary IBM Workload Automation potentially vulnerable to multiple vulnerabilities in Java that can cause integrity, availability, information disclosure issues (CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597)...

Update 24.1 for Microsoft Dynamics 365 Business Central (on-premises) 2024 Release Wave 1 (Application Build 24.1.19498, Platform Build 24.0.19487)

Update 24.1 for Microsoft Dynamics 365 Business Central (on-premises) 2024 Release Wave 1 (Application Build 24.1.19498, Platform Build 24.0.19487) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes vulnerabilities. For...

Description of the security update for SharePoint Server Subscription Edition: June 11, 2024 (KB5002603)

Description of the security update for SharePoint Server Subscription Edition: June 11, 2024 (KB5002603) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and...

Update 23.7 for Microsoft Dynamics 365 Business Central (on-premises) 2023 Release Wave 2 (Application Build 23.7.18957, Platform Build 23.0.18933)

Update 23.7 for Microsoft Dynamics 365 Business Central (on-premises) 2023 Release Wave 2 (Application Build 23.7.18957, Platform Build 23.0.18933) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes vulnerabilities. For...

CVE-2024-37176

SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low...

CVE-2024-37176

SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low...

CVE-2024-34688

Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availability....

CVE-2024-34691

Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the...

CVE-2024-34686

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...

CVE-2024-34691

Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the...

CVE-2024-34688

Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availability....

CVE-2024-34686

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...

CVE-2024-33001

SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate....

CVE-2024-33001

SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate....

CVE-2024-34691 Missing Authorization check in SAP S/4HANA (Manage Incoming Payment Files)

Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the...

CVE-2024-37176 Missing Authorization check in SAP BW/4HANA Transformation and DTP

SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low...

CVE-2024-37176 Missing Authorization check in SAP BW/4HANA Transformation and DTP

SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low...

CVE-2024-34686 Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...

CVE-2024-34686 Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...

CVE-2024-33001 Denial of service (DOS) in SAP NetWeaver and ABAP platform

SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate....

CVE-2024-34688 Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository)

Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availability....

CVE-2024-34688 Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository)

Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availability....

Mitel MiVoice <= 8.1 SP1 Information Disclosure and DoS (22-0001)

According to its version number, the Mitel MiVoice software is R8.1 or prior. It is, therefore, affected by the following vulnerability: A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive...

KLA68920 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: Security vulnerability when...

KLA68916 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in Azure Science Virtual Machine (DSVM) can be exploited...

Mitel MiCollab <= 9.4 SP1 Information Disclosure and DoS (22-0001)

According to its version number, the Mitel MiCollab software is 9.4 SP1 (9.4.107) or prior. It is, therefore, affected by the following vulnerability: A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to...

KLA68913 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: Use after free vulnerability in PDFium can be exploited to cause...

KLA68921 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service, obtain sensitive information, perform cross-site scripting attack. Below is a complete list of...

Events Manager – Calendar, Bookings, Tickets, and more! < 6.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via event, location, and event_category Shortcodes

Description The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'event_category' shortcodes in all versions up to, and including, 6.4.7.3 due to insufficient input sanitization and...

KLA68914 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: A denial of service vulnerability in DNS...

KLA68915 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in...

Security Bulletin: Updating Java in Identity Insight 9.0.0.1 for security update

Summary Identity Insight customers are advised to update OpenJDK 8 to version 8.0.412 for the security update in Java. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) | Version(s) ---|--- IBM...

Security Bulletin: Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation for message queueing. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-5072 DESCRIPTION:...

Security Bulletin: Updating Java in Identity Insight 10.0.0.0 for security update

Summary Identity Insight customers are advised to update OpenJDK 17 to version 17.0.11.0 for the security update in Java. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) | Version(s) ---|--- IBM...

CVE-2024-22279

Improper handling of requests in Routing Release &gt; v0.273.0 and &lt;= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at...

CVE-2024-22279

Improper handling of requests in Routing Release &gt; v0.273.0 and &lt;= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at...

CVE-2024-22279 GoRouter Denial of Service Attack

Improper handling of requests in Routing Release &gt; v0.273.0 and &lt;= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at...

CVE-2024-22279 GoRouter Denial of Service Attack

Improper handling of requests in Routing Release &gt; v0.273.0 and &lt;= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at...

Kiuwan Local Analyzer / SAST / SaaS XML Injection / XSS / IDOR

...

CVE-2024-31275

Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...

CVE-2024-31275

Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...

CVE-2024-31275 WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability

Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...

CVE-2024-31275 WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability

Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Confluence Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 1.0 of Confluence Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N...

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Confluence Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 1.0 of Confluence Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N...

ROS-20240607-03

A vulnerability in the lrzip.c:initialize_control component of the Irzip software tool is caused by a buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely, affect confidentiality, integrity and availability.....

Server-Side Request Forgery in langchain

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....