Lucene search

K

Diary & Availability Calendar Security Vulnerabilities

cvelist
cvelist

CVE-2024-34687 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data,...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-05-14 03:56 AM
vulnrichment
vulnrichment

CVE-2024-34687 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data,...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-05-14 03:56 AM
cvelist
cvelist

CVE-2024-4138 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application....

4.3CVSS

5.4AI Score

0.0004EPSS

2024-05-14 03:53 AM
cvelist
cvelist

CVE-2024-4139 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and...

4.3CVSS

5.4AI Score

0.0004EPSS

2024-05-14 03:51 AM
vulnrichment
vulnrichment

CVE-2024-4139 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and...

4.3CVSS

7.3AI Score

0.0004EPSS

2024-05-14 03:51 AM
cvelist
cvelist

CVE-2024-33008 Memory Corruption vulnerability in SAP Replication Server

SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the...

4.9CVSS

5.9AI Score

0.0004EPSS

2024-05-14 03:46 AM
vulnrichment
vulnrichment

CVE-2024-33008 Memory Corruption vulnerability in SAP Replication Server

SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the...

4.9CVSS

7.4AI Score

0.0004EPSS

2024-05-14 03:46 AM
cvelist
cvelist

CVE-2024-32733 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify.....

6.1CVSS

6.6AI Score

0.0004EPSS

2024-05-14 03:38 AM
cvelist
cvelist

CVE-2024-32731 Missing Authorization check in SAP My Travel Requests

SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker can upload a malicious attachment to a business trip request which will lead to a low impact on the confidentiality,...

5.5CVSS

6AI Score

0.0004EPSS

2024-05-14 03:07 AM
wpvulndb
wpvulndb

Email Subscribers by Icegram Express < 5.7.20 - Missing Authorization in handle_ajax_request

Description The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it possible.....

8.8CVSS

7.3AI Score

0.001EPSS

2024-05-14 12:00 AM
4
openvas

6.3AI Score

0.0004EPSS

2024-05-14 12:00 AM
12
f5
f5

K000139608: MySQL Server vulnerability CVE-2024-21087

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access....

5.7AI Score

0.0004EPSS

2024-05-14 12:00 AM
4
kaspersky
kaspersky

KLA67434 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, bypass security restrictions, cause denial of service, obtain sensitive information. Below is a complete list of...

8.8CVSS

9.7AI Score

0.002EPSS

2024-05-14 12:00 AM
2
kaspersky
kaspersky

KLA67588 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: Use after free...

9.3AI Score

0.0004EPSS

2024-05-14 12:00 AM
5
wpvulndb
wpvulndb

The Events Calendar < 6.4.0.1 - Reflected XSS

Description The plugin does not properly sanitize user-submitted content when rendering some views via AJAX....

6.6AI Score

0.0004EPSS

2024-05-14 12:00 AM
4
f5
f5

K000139607: MySQL Server vulnerabilities CVE-2024-21013 and CVE-2024-21062

Security Advisory Description CVE-2024-21013 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network...

5.6AI Score

0.0004EPSS

2024-05-14 12:00 AM
4
f5
f5

K000139606: MySQL Server vulnerabiliity CVE-2024-21047

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to....

5.7AI Score

0.0004EPSS

2024-05-14 12:00 AM
5
kaspersky
kaspersky

KLA67587 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: Use after free vulnerability can be...

9.6AI Score

0.0004EPSS

2024-05-14 12:00 AM
1
kaspersky
kaspersky

KLA67433 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: A remote code...

8.8CVSS

9.8AI Score

0.008EPSS

2024-05-14 12:00 AM
1
nessus
nessus

Rocky Linux 9 : edk2 (RLSA-2024:2264)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2264 advisory. EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local...

8.8CVSS

8.2AI Score

0.006EPSS

2024-05-14 12:00 AM
3
wpexploit
wpexploit

The Events Calendar < 6.4.0.1 - Reflected XSS

Description The plugin does not properly sanitize user-submitted content when rendering some views via...

6.8AI Score

0.0004EPSS

2024-05-14 12:00 AM
19
kaspersky
kaspersky

KLA67403 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability can be exploited remotely...

9CVSS

8.8AI Score

0.001EPSS

2024-05-14 12:00 AM
5
mssecure
mssecure

Microsoft is again named a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management​​

We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management (SIEM).1 We believe our position in the Leaders quadrant validates our vision and continued investments in Microsoft Sentinel making it a...

7AI Score

2024-05-13 04:00 PM
5
ibm
ibm

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2024 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...

5.9CVSS

7.4AI Score

0.001EPSS

2024-05-13 02:27 PM
12
atlassian
atlassian

RCE (Remote Code Execution) org.eclipse.jgit:org.eclipse.jgit Dependency in Bamboo Data Center and Server

This High severity org.eclipse.jgit:org.eclipse.jgit Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server. The latest LTS Bamboo 9.6.0 is not impacted by this Vulnerability. This org.eclipse.jgit:org.eclipse.jgit...

8.8CVSS

7.3AI Score

0.001EPSS

2024-05-13 10:10 AM
13
f5
f5

K000139590: MySQL Server vulnerabilities CVE-2024-20994, CVE-2024-21015, CVE-2024-21050, and CVE-2024-21057

Security Advisory Description CVE-2024-20994 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with...

5.7AI Score

0.0004EPSS

2024-05-13 12:00 AM
9
cvelist
cvelist

CVE-2024-4046

Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect...

6.4CVSS

6.6AI Score

0.0004EPSS

2024-05-11 10:14 AM
cvelist
cvelist

CVE-2024-32999

Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect...

6.8CVSS

6.8AI Score

0.0004EPSS

2024-05-11 10:12 AM
2
vulnrichment
vulnrichment

CVE-2024-32999

Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect...

6.8CVSS

7AI Score

0.0004EPSS

2024-05-11 10:12 AM
1
cvelist
cvelist

CVE-2024-32998

NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect...

5.9CVSS

5.9AI Score

0.0004EPSS

2024-05-11 10:08 AM
vulnrichment
vulnrichment

CVE-2024-32998

NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect...

5.9CVSS

6.9AI Score

0.0004EPSS

2024-05-11 10:08 AM
cvelist
cvelist

CVE-2023-52720

Race condition vulnerability in the soundtrigger module Impact: Successful exploitation of this vulnerability will affect...

4.1CVSS

4.8AI Score

0.0004EPSS

2024-05-11 10:06 AM
vulnrichment
vulnrichment

CVE-2023-52720

Race condition vulnerability in the soundtrigger module Impact: Successful exploitation of this vulnerability will affect...

4.1CVSS

6.9AI Score

0.0004EPSS

2024-05-11 10:06 AM
1
cvelist
cvelist

CVE-2024-32997

Race condition vulnerability in the binder driver module Impact: Successful exploitation of this vulnerability will affect...

8.4CVSS

8.5AI Score

0.0004EPSS

2024-05-11 10:04 AM
vulnrichment
vulnrichment

CVE-2024-32997

Race condition vulnerability in the binder driver module Impact: Successful exploitation of this vulnerability will affect...

8.4CVSS

6.9AI Score

0.0004EPSS

2024-05-11 10:04 AM
vulnrichment
vulnrichment

CVE-2024-32996

Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect...

6.2CVSS

7.2AI Score

0.0004EPSS

2024-05-11 10:02 AM
cvelist
cvelist

CVE-2024-32996

Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect...

6.2CVSS

6.8AI Score

0.0004EPSS

2024-05-11 10:02 AM
vulnrichment
vulnrichment

CVE-2024-32995

Denial of service (DoS) vulnerability in the AMS module Impact: Successful exploitation of this vulnerability will affect...

6.2CVSS

6.9AI Score

0.0004EPSS

2024-05-11 10:00 AM
cvelist
cvelist

CVE-2024-32995

Denial of service (DoS) vulnerability in the AMS module Impact: Successful exploitation of this vulnerability will affect...

6.2CVSS

6.5AI Score

0.0004EPSS

2024-05-11 10:00 AM
1
cvelist
cvelist

CVE-2024-32993

Out-of-bounds access vulnerability in the memory module Impact: Successful exploitation of this vulnerability will affect...

5.6CVSS

5.8AI Score

0.0004EPSS

2024-05-11 09:56 AM
vulnrichment
vulnrichment

CVE-2024-32993

Out-of-bounds access vulnerability in the memory module Impact: Successful exploitation of this vulnerability will affect...

5.6CVSS

6.9AI Score

0.0004EPSS

2024-05-11 09:56 AM
cvelist
cvelist

CVE-2023-52384

Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect...

4.7CVSS

5.1AI Score

0.0004EPSS

2024-05-11 09:53 AM
vulnrichment
vulnrichment

CVE-2023-52384

Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect...

4.7CVSS

6.9AI Score

0.0004EPSS

2024-05-11 09:53 AM
cvelist
cvelist

CVE-2023-52383

Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect...

4.7CVSS

5.1AI Score

0.0004EPSS

2024-05-11 09:52 AM
vulnrichment
vulnrichment

CVE-2023-52383

Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect...

4.7CVSS

6.9AI Score

0.0004EPSS

2024-05-11 09:52 AM
vulnrichment
vulnrichment

CVE-2024-32992

Insufficient verification vulnerability in the baseband module Impact: Successful exploitation of this vulnerability will affect...

7.5CVSS

6.9AI Score

0.0004EPSS

2024-05-11 09:49 AM
cvelist
cvelist

CVE-2024-32992

Insufficient verification vulnerability in the baseband module Impact: Successful exploitation of this vulnerability will affect...

7.5CVSS

7.7AI Score

0.0004EPSS

2024-05-11 09:49 AM
1
cvelist
cvelist

CVE-2024-32991

Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation of this vulnerability will affect...

7.5CVSS

7.7AI Score

0.0004EPSS

2024-05-11 09:46 AM
1
vulnrichment
vulnrichment

CVE-2024-32991

Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation of this vulnerability will affect...

7.5CVSS

6.9AI Score

0.0004EPSS

2024-05-11 09:46 AM
cvelist
cvelist

CVE-2024-32990

Permission verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect...

6.1CVSS

6.5AI Score

0.0004EPSS

2024-05-11 09:44 AM
Total number of security vulnerabilities57573