CVE-2025-42899

SAP S4CORE Manage journal entries does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. This has low impact on confidentiality of the application with no impact on integrity and availability of the application...

EUVD-2025-60982

SAP S4CORE Manage journal entries does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. This has low impact on confidentiality of the application with no impact on integrity and availability of the application...

CVE-2025-42899

SAP S4CORE Manage journal entries does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. This has low impact on confidentiality of the application with no impact on integrity and availability of the application...

CVE-2025-42899 Missing Authorization check in SAP S4CORE (Manage Journal Entries)

SAP S4CORE Manage journal entries does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. This has low impact on confidentiality of the application with no impact on integrity and availability of the application...

CVE-2025-42899

CVE-2025-42899 affects SAP S4CORE (Manage journal entries). The authenticated user can exploit missing authorization checks to escalate privileges within the application. The described impact is limited to confidentiality (low) with no noted impact on integrity or availability. According to the p...

PT-2025-46237

Name of the Vulnerable Software and Affected Versions SAP S4CORE affected versions not specified Description The software does not perform required authorization checks for authenticated users when managing journal entries, potentially allowing for privilege escalation. The issue has a low impact...

EUVD-2012-5513

Malware in sbrugna...

CVE-2024-54997

MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit...

PT-2025-3087 · Monicahq · Monicahq

Name of the Vulnerable Software and Affected Versions: MonicaHQ version 4.1.1 Description: The issue is related to an authenticated Client-Side Injection vulnerability. This vulnerability can be triggered by an authenticated user through the entry text field at the "/journal/entries/ID/edit" API...

DEBIAN-CVE-2024-35948

In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note that we don't yet have repair code for this case - repair code for individual items is generally low...

UBUNTU-CVE-2024-35948

In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note that we don't yet have repair code for this case - repair code for individual items is generally low...

CVE-2024-35948

In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note that we don't yet have repair code for this case - repair code for individual items is generally low...

BIT-ODOO-2021-44461

Cross-site scripting XSS issue in Accounting app of Odoo Enterprise 13.0 through 15.0, allows remote attackers who are able to control the contents of accounting journal entries to inject arbitrary web script in the browser of a victim...

CVE-2021-44461

Cross-site scripting XSS issue in Accounting app of Odoo Enterprise 13.0 through 15.0, allows remote attackers who are able to control the contents of accounting journal entries to inject arbitrary web script in the browser of a victim...

PT-2023-12546 · Odoo · Odoo Enterprise

Name of the Vulnerable Software and Affected Versions: Odoo Enterprise versions 13.0 through 15.0 Description: The issue is a cross-site scripting XSS problem in the Accounting app, allowing remote attackers who can control the contents of accounting journal entries to inject arbitrary web script...

Update 15.17 for Microsoft Dynamics 365 Business Central 2019 Release Wave 2 (Application Build 15.17.49440, Platform Build 15.0.49431)

Update 15.17 for Microsoft Dynamics 365 Business Central 2019 Release Wave 2 Application Build 15.17.49440, Platform Build 15.0.49431 This article applies to Microsoft Dynamics 365 Business Central 2019 Release Wave 2 for all countries and all language locales. Overview This update replaces...

Fedora 28 : systemd (2018-24bd6c9d4a)

Fix a local vulnerability from a race condition in chown-recursive CVE-2018-15687, 1643367 - Fix a local vulnerability from invalid handling of long lines in state deserialization CVE-2018-15686, 1643372 - Fix a remote vulnerability in DHCPv6 in systemd-networkd CVE-2018-15688, 1643362 -...

Fedora 29 : systemd (2018-c402eea18b)

Fix a local vulnerability from a race condition in chown-recursive CVE-2018-15687, 1639076 - Fix a local vulnerability from invalid handling of long lines in state deserialization CVE-2018-15686, 1639071 - Fix a remote vulnerability in DHCPv6 in systemd-networkd CVE-2018-15688, 1639067 - The DHCP...

Design/Logic Flaw

gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries...

CVE-2012-5628

gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries...