289 matches found
CVE-2024-34651
Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files...
CVE-2024-34651
Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files...
CVE-2024-34651
Samsung My Files on Samsung Mobile devices is affected by CVE-2024-34651 due to improper authorization that allows local attackers to access restricted data. The vulnerability affects My Files prior to the SMR Sep-2024 Release 1; remediation is to apply SMR Sep-2024 Release 1 or later updates. Co...
PT-2024-26071 · M Files · My Files
Name of the Vulnerable Software and Affected Versions: My Files versions prior to SMR Sep-2024 Release 1 Description: The issue is related to improper authorization in My Files, allowing local attackers to access restricted data. This can be exploited by local attackers. Recommendations: For...
Improper Authorization
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Authorization via improper authorization. An attacker can gain access to restricted information by bypassing security controls without requiring user interaction...
PT-2024-29546 · Sap · Sap Permit To Work
Name of the Vulnerable Software and Affected Versions: SAP Permit to Work affected versions not specified Description: The issue allows an authenticated attacker to access information that would otherwise be restricted, causing low impact on the confidentiality of the application. There is no...
PT-2024-9333 · Sap · Sap Businessobjects Business Intelligence Platform
Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence platform affected versions not specified Description: The issue allows an attacker to access information that would otherwise be restricted under certain conditions. This has a low impact on...
CVE-2024-30161
A flaw was found in the qt6 package where the WebAssembly wasm component may access the network reply header due to a dangling pointer. This issue may allow an attacker to gain access to restricted data, impacting data confidentiality and integrity...
CVE-2024-28163
Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration PI - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application...
CVE-2024-25644
Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application...
SAP NetWeaver Information Disclosure Vulnerability
SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An information disclosure vulnerability exists in SAP NetWeaver that arises from allowing an attacker to access...
PT-2024-20770 · Unknown · Tuleap Community Edition +1
Name of the Vulnerable Software and Affected Versions: Tuleap Community Edition versions prior to 15.5.99.76 Tuleap Enterprise Edition versions prior to 15.5-4 Tuleap Enterprise Edition versions prior to 15.4-7 Description: Tuleap is an open source suite to improve management of software...
PT-2024-3864 · Sap · Sap Fiori App
Name of the Vulnerable Software and Affected Versions: SAP Fiori app My Overtime Request version 605 Description: The issue is related to the absence of necessary authorization checks for authenticated users, which may lead to an escalation of privileges. It is possible to manipulate the URLs of...
Tuleap Information Disclosure Vulnerability
Tuleap is an open source application lifecycle management system that facilitates agile software development, design projects, V-modeling, requirements management and IT service management. Tuleap suffers from an information disclosure vulnerability that stems from the fact that when a process...
CVE-2024-20920
Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the...
CVE-2024-22125
Under certain conditions the Microsoft Edge browser extension SAP GUI connector for Microsoft Edge - version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confidentiality...
CVE-2023-3629
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions...
CVE-2023-49581
SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase...
CVE-2023-49580
SAP GUI for Windows and SAP GUI for Java - versions SAPBASIS 755, SAPBASIS 756, SAPBASIS 757, SAPBASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to create...
PT-2023-31266 · Sap · Sap Gui For Windows +1
Name of the Vulnerable Software and Affected Versions: SAP GUI for Windows affected versions not specified SAP GUI for Java affected versions not specified Description: The issue allows an unauthenticated attacker to access restricted and confidential information. Additionally, it enables the...