Diary & Availability Calendar Security Vulnerabilities

CVE-2024-34687 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data,...

CVE-2024-34687 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data,...

CVE-2024-4138 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application....

CVE-2024-4139 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and...

CVE-2024-4139 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and...

CVE-2024-33008 Memory Corruption vulnerability in SAP Replication Server

SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the...

CVE-2024-33008 Memory Corruption vulnerability in SAP Replication Server

SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the...

CVE-2024-32733 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify.....

CVE-2024-32731 Missing Authorization check in SAP My Travel Requests

SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker can upload a malicious attachment to a business trip request which will lead to a low impact on the confidentiality,...

Email Subscribers by Icegram Express < 5.7.20 - Missing Authorization in handle_ajax_request

Description The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it possible.....

Moodle < 4.1.10, 4.2.x < 4.2.7, 4.3.x < 4.3.4 Multiple Vulnerabilities

Moodle is prone to multiple...

K000139608: MySQL Server vulnerability CVE-2024-21087

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access....

KLA67434 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, bypass security restrictions, cause denial of service, obtain sensitive information. Below is a complete list of...

KLA67588 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: Use after free...

The Events Calendar < 6.4.0.1 - Reflected XSS

Description The plugin does not properly sanitize user-submitted content when rendering some views via AJAX....

K000139607: MySQL Server vulnerabilities CVE-2024-21013 and CVE-2024-21062

Security Advisory Description CVE-2024-21013 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network...

K000139606: MySQL Server vulnerabiliity CVE-2024-21047

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to....

KLA67587 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: Use after free vulnerability can be...

KLA67433 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: A remote code...

Rocky Linux 9 : edk2 (RLSA-2024:2264)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2264 advisory. EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local...

The Events Calendar < 6.4.0.1 - Reflected XSS

Description The plugin does not properly sanitize user-submitted content when rendering some views via...

KLA67403 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability can be exploited remotely...

Microsoft is again named a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management​​

We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management (SIEM).1 We believe our position in the Leaders quadrant validates our vision and continued investments in Microsoft Sentinel making it a...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2024 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...

RCE (Remote Code Execution) org.eclipse.jgit:org.eclipse.jgit Dependency in Bamboo Data Center and Server

This High severity org.eclipse.jgit:org.eclipse.jgit Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server. The latest LTS Bamboo 9.6.0 is not impacted by this Vulnerability. This org.eclipse.jgit:org.eclipse.jgit...

K000139590: MySQL Server vulnerabilities CVE-2024-20994, CVE-2024-21015, CVE-2024-21050, and CVE-2024-21057

Security Advisory Description CVE-2024-20994 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with...

CVE-2024-4046

Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32999

Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32999

Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32998

NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32998

NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect...

CVE-2023-52720

Race condition vulnerability in the soundtrigger module Impact: Successful exploitation of this vulnerability will affect...

CVE-2023-52720

Race condition vulnerability in the soundtrigger module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32997

Race condition vulnerability in the binder driver module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32997

Race condition vulnerability in the binder driver module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32996

Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32996

Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32995

Denial of service (DoS) vulnerability in the AMS module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32995

Denial of service (DoS) vulnerability in the AMS module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32993

Out-of-bounds access vulnerability in the memory module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32993

Out-of-bounds access vulnerability in the memory module Impact: Successful exploitation of this vulnerability will affect...

CVE-2023-52384

Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect...

CVE-2023-52384

Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect...

CVE-2023-52383

Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect...

CVE-2023-52383

Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32992

Insufficient verification vulnerability in the baseband module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32992

Insufficient verification vulnerability in the baseband module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32991

Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32991

Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32990

Permission verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect...