CVE-2024-21019

The CVE-2024-21019 issue affects Oracle E-Business Suite, specifically the Complex Maintenance, Repair, and Overhaul (LOV) component, with affected versions 12.2.3–12.2.13. The vulnerability allows an unauthenticated attacker, with network access over HTTP, to compromise data confidentiality and ...

CVE-2024-21018

CVE-2024-21018 affects Oracle E-Business Suite, specifically the Oracle Complex Maintenance, Repair, and Overhaul (LOV) component. Affected versions are 12.2.3–12.2.13. The issue allows an unauthenticated attacker with network access via HTTP, with required human interaction, to compromise LOV an...

CVE-2024-21015

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.34 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2024-21011

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracl...

CVE-2024-20993

CVE-2024-20993 affects Oracle MySQL Server, specifically the Optimizer component. Affected versions are MySQL 8.0.35 and earlier and 8.2.0 and earlier. The vulnerability is exploitable by an attacker with network access via multiple protocols and is described as capable of causing a hang or a fre...

Electrolink FM/DAB/TV Transmitter

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Electrolink Equipment : FM/DAB/TV Transmitter Vulnerabilities : Authentication Bypass by Assumed-Immutable Data, Reliance on Cookies without Validation and...

CVE-2024-3522

A vulnerability classified as critical has been found in Campcodes Online Event Management System 1.0. This affects an unknown part of the file /api/process.php. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-30215

The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page. In a successful attack, some information could be obtained and/or modified. However, the attacker does not have control over what information is...

CVE-2024-30215

SAP Business Connector is affected by CVE-2024-30215, a cross-site scripting (XSS) vulnerability on the Resource Settings page. The issue allows a high-privilege attacker to load an exploitable payload that is stored and reflected when users visit the page, with potential information disclosure o...

CVE-2024-30215 Cross-Site Scripting (XSS) vulnerability in SAP Business Connector

The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page. In a successful attack, some information could be obtained and/or modified. However, the attacker does not have control over what information is...

CVE-2024-30215 Cross-Site Scripting (XSS) vulnerability in SAP Business Connector

The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page. In a successful attack, some information could be obtained and/or modified. However, the attacker does not have control over what information is...

agest.cl Cross Site Scripting vulnerability OBB-3907820

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

BIT-APACHE-2023-38709 Apache HTTP Server: HTTP response splitting

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58...

CVE-2024-3356

A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/modsettings/controller.php?action=add. The manipulation of the argument type leads to sql injection...

GHSA-W5W5-8VFH-XCJQ whoami stack buffer overflow on several Unix platforms

With versions of the whoami crate = 0.5.3 and = 0.5.3 and 1.0.1, calling any of the above functions also leads to a stack buffer overflow on these platforms: - Bitrig - DragonFlyBSD - FreeBSD - NetBSD - OpenBSD This occurs because of an incorrect definition of the passwd struct on those platforms...

AZL-39791 CVE-2024-31852 affecting package compiler-rt for versions less than 18.1.2-2

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

AZL-39842 CVE-2024-31852 affecting package rust for versions less than 1.72.0-8

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

CVE-2024-31852

CVE-2024-31852 affects LLVM/Clang with an ARM backend miscompile: LLVM before 18.1.3 can overwrite LR register without saving to stack, enabling an exploitable flow-control issue in some cases. The vulnerability is demonstrated using Clang; vendor notes suggest the miscompile is likely to crash o...

CVE-2023-38709

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58...

CVE-2023-38709

CVE-2023-38709 describes HTTP response splitting in the core of Apache HTTP Server caused by faulty input validation. It affects Apache HTTP Server up to version 2.4.58; multiple advisories (e.g., Astra Linux, AlmaLinux, Alpine Linux) note that upgrading to 2.4.64 fixes the issue. Some sources in...