Linux Distros Unpatched Vulnerability : CVE-2020-27763

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior...

Linux Distros Unpatched Vulnerability : CVE-2020-27751

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined...

Linux Distros Unpatched Vulnerability : CVE-2020-27770

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to a missing check for 0 value of replaceextent, it is possible for offset p to overflow in SubstituteString, causing potential impact to application...

CVE-2022-41214

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the integri...

BIT-PYTHON-MIN-2021-3733

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

CVE-2024-47582

Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application...

CVE-2024-47582 XML Entity Expansion Vulnerability in SAP NetWeaver AS JAVA

Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application...

CVE-2024-47582

CVE-2024-47582 affects SAP NetWeaver Application Server for Java. The root cause is missing validation of XML input, enabling an unauthenticated attacker to send malicious XML to an endpoint, triggering an XML Entity Expansion attack with limited impact on availability. The vulnerability is descr...

PT-2024-32663 · Sap Se · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to missing validation of XML input, which allows an unauthenticated attacker to send malicious input to an endpoint. This leads to ...

Denial Of Service (DoS)

System.Formats.Nrbf is vulnerable to Denial of Service DoS. The vulnerability is due to incorrect input validation in the NrbfDecoder component, which could allow an attacker to disrupt application availability...

Red Hat OpenShift 资源管理错误漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. Red Hat OpenShift suffers from a Resource Management Error vulnerability that stems from the presence of a Denial of Service DoS...

CVE-2024-45279 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)

Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this link, the script will be executed in the victim'...

NewStart CGSL MAIN 6.02 : sip Vulnerability (NS-SA-2024-0063)

The remote NewStart CGSL host, running version MAIN 6.02, has sip packages installed that are affected by a vulnerability: - A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelperp.h in Qt/Qtbase. While rendering and...

CVE-2024-22121

A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application...

Netscaler High Availability issues

Introduction This article provides a list of Knowledge Base resources on how to investigate, troubleshoot, and prevent the most common issues with Netscaler High Availability HA. Overview of the Issue NetScaler High Availability HA offers seamless failover capabilities to maintain uninterrupted...

CVE-2024-37173

CVE-2024-37173 affects SAP CRM WebClient UI. The issue is due to insufficient input validation that allows an unauthenticated attacker to craft a URL embedding a malicious script. When a user clicks the link, the script executes in the victim’s browser, enabling the attacker to access and/or modi...

CVE-2024-37176

CVE-2024-37176 concerns SAP BW/4HANA Transformation and Data Transfer Process (DTP). The connected sources describe an authentication-required path where improper authorization checks allow an attacker to elevate privileges within the SAP BW/4HANA DTP, with no impact to data confidentiality and l...

CVE-2024-34686 Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...

CVE-2024-34686 Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...

CVE-2024-34688 Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository)

Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availabilit...