SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1659-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1659-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi:...
7.8CVSS
7.7AI Score
0.0005EPSS
Debian dla-3815 : firefox-esr - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3815 advisory. A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects...
7.7AI Score
0.0004EPSS
[SECURITY] [DSA 5691-1] firefox-esr security update
Debian Security Advisory DSA-5691-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2024 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2024-4367 CVE-2024-4767...
7.4AI Score
0.0004EPSS
AIX is vulnerable to arbitrary command execution due to invscout (CVE-2024-27260)
IBM SECURITY ADVISORY First Issued: Wed May 15 17:28:09 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/invscout_advisory6.asc Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout...
8.4CVSS
7.2AI Score
0.0004EPSS
Google Launches AI-Powered Theft and Data Protection Features for Android Devices
Google has announced a slew of privacy and security features in Android, including a suite of advanced protection features to help secure users' devices and data in the event of a theft. These features aim to help protect data before, during and after a theft attempt, the tech giant said, adding...
7AI Score
Apple and Google join forces to stop unwanted tracking
Apple and Google have announced an industry specification for Bluetooth tracking devices which help alert users to unwanted tracking. The specification, called Detecting Unwanted Location Trackers, will make it possible to alert users across both iOS and Android if a device is unknowingly being...
6.7AI Score
Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days
Microsoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, including two zero-days which have been actively exploited in the wild. Of the 61 flaws, one is rated Critical, 59 are rated Important, and one is rated Moderate in severity.....
9.6CVSS
9.6AI Score
0.008EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6766-2)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6766-2 advisory. In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able...
7.8CVSS
7.5AI Score
EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1644-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1644-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if...
7.8CVSS
6.9AI Score
EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1648-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1648-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory ...
7.8CVSS
7.2AI Score
EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1646-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1646-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array...
7.8CVSS
7.2AI Score
EPSS
Debian dsa-5691 : firefox-esr - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5691 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5691-1 [email protected] ...
7.5AI Score
0.0004EPSS
7.4CVSS
7.1AI Score
0.0004EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1643-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1643-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two...
7.8CVSS
7.2AI Score
EPSS
Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and...
4.3CVSS
7.3AI Score
0.0004EPSS
Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and...
4.3CVSS
5AI Score
0.0004EPSS
Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application....
4.3CVSS
7.3AI Score
0.0004EPSS
Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application....
4.3CVSS
5AI Score
0.0004EPSS
SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data,...
6.5CVSS
6.4AI Score
0.0004EPSS
SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data,...
6.5CVSS
6.3AI Score
0.0004EPSS
SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the...
4.9CVSS
7.3AI Score
0.0004EPSS
SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the...
4.9CVSS
5.5AI Score
0.0004EPSS
SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the.....
4.2CVSS
7.6AI Score
0.0004EPSS
SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the.....
4.2CVSS
5AI Score
0.0004EPSS
PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript (or any harmful client-side script), the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential...
3.5CVSS
4.2AI Score
0.0004EPSS
An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise...
9.6CVSS
6.9AI Score
0.0004EPSS
An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise...
9.6CVSS
9.4AI Score
0.0004EPSS
PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript (or any harmful client-side script), the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential...
3.5CVSS
7AI Score
0.0004EPSS
SAP Bank Account Management does not perform necessary authorization check for an authorized user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality to the...
3.5CVSS
4.2AI Score
0.0004EPSS
SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on...
4.3CVSS
4.7AI Score
0.0004EPSS
Document Service handler (obsolete) in Data Provisioning Service does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability with low impact on Confidentiality and Integrity of the...
6.1CVSS
6AI Score
0.0004EPSS
SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on...
4.3CVSS
6.6AI Score
0.0004EPSS
SAP Bank Account Management does not perform necessary authorization check for an authorized user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality to the...
3.5CVSS
7.1AI Score
0.0004EPSS
Document Service handler (obsolete) in Data Provisioning Service does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability with low impact on Confidentiality and Integrity of the...
6.1CVSS
6.1AI Score
0.0004EPSS
Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify.....
6.1CVSS
6.7AI Score
0.0004EPSS
Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify.....
6.1CVSS
6.3AI Score
0.0004EPSS
SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker can upload a malicious attachment to a business trip request which will lead to a low impact on the confidentiality,...
5.5CVSS
7AI Score
0.0004EPSS
SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker can upload a malicious attachment to a business trip request which will lead to a low impact on the confidentiality,...
5.5CVSS
5.7AI Score
0.0004EPSS
SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of the...
8.1CVSS
7.8AI Score
0.0004EPSS
SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of the...
8.1CVSS
5.8AI Score
0.0004EPSS
SAP Enable Now Manager does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker with the role 'Learner' could gain access to other user's data in manager which will lead to a high impact to the...
6.5CVSS
6.7AI Score
0.0004EPSS
SAP Enable Now Manager does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker with the role 'Learner' could gain access to other user's data in manager which will lead to a high impact to the...
6.5CVSS
7.1AI Score
0.0004EPSS
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.5, macOS Ventura 13.6.5, macOS Sonoma 14.4. A malicious application may be able to access Find My...
6.3AI Score
0.0004EPSS
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.5, macOS Ventura 13.6.5, macOS Sonoma 14.4. A malicious application may be able to access Find My...
6.5AI Score
0.0004EPSS
CVE-2024-33006 File upload vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise...
9.6CVSS
7AI Score
0.0004EPSS
CVE-2024-33006 File upload vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise...
9.6CVSS
9.5AI Score
0.0004EPSS
SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on...
4.3CVSS
6.7AI Score
0.0004EPSS
SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on...
4.3CVSS
5AI Score
0.0004EPSS
CVE-2024-33009 SQL injection vulnerability in SAP Global Label Management (GLM)
SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the.....
4.2CVSS
7.7AI Score
0.0004EPSS
CVE-2024-33009 SQL injection vulnerability in SAP Global Label Management (GLM)
SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the.....
4.2CVSS
5.5AI Score
0.0004EPSS