551 matches found
CVE-2024-34688 Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository)
Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availabilit...
EDK2 Security Vulnerability
EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2, which stems from the fact that S3 is activated during sleep, and can be exploited by an attacker to cause a loss of...
CVE-2024-1249
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origi...
PT-2024-17623 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in Keycloak's OIDC component in the checkLoginIframe, which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of request...
CVE-2024-22133 Improper Access Control in SAP Fiori Front End Server
SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only field when sending leave request information. This could lead to creation of request with incorrect approver causing low impact on Confidentiality and Integrity with no impact on Availability of the...
BIT-PYTHON-2021-3733
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...
CVE-2024-26142
A flaw was found in actionpack rubygem during the parsing of the Accept header. This issue ma allow a malicious actor to craft a header which will lead the action dispatch component to take an unexpected amount of time, leading to a Denial of Service, impacting the application's availability...
Rocky Linux 8 : qt5 (RLSA-2021:4172)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4172 advisory. - A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelperp.h in Qt/Qtbase. While...
CVE-2023-4039
DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...
pacemaker bug fix update
An update is available for pacemaker. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Pacemaker cluster resource manager is a collection of technologies...
CVE-2023-37487 Security misconfiguration vulnerability in SAP Business One (Service Layer)
SAP Business One Service Layer - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application...
Amazon Linux 2 : OpenEXR (ALAS-2023-2078)
The version of OpenEXR installed on the remote host is prior to 1.7.1-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2078 advisory. A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by...
Medium: OpenEXR
Issue Overview: A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability. CVE-2021-20298 A flaw foun...
CVE-2023-32111 Memory Corruption vulnerability in SAP PowerDesigner (Proxy)
In SAP PowerDesigner Proxy - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. This leads to a high impact on availability of the application...
Amazon Linux 2 : jasper (ALAS-2023-2018)
The version of jasper installed on the remote host is prior to 1.900.1-33. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2018 advisory. A flaw was found in the Jasper tool's jpc encoder. This flaw allows an attacker to craft input provided to Jasper, causi...
CVE-2023-27897
Affected software: SAP CRM versions 700–713. Vulnerability: An attacker authenticated with a non-administrative role and common remote-execution authorization can use a vulnerable interface to execute a function, performing actions they normally could not. This can have limited impact on confiden...
Ubuntu 16.04 ESM / 18.04 LTS : OpenJPEG vulnerabilities (USN-5952-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5952-1 advisory. Sebastian Poeplau discovered that OpenJPEG incorrectly handled certain inputs. If a user or an automated system were tricked into opening a...
CVE-2023-27893
An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems ST-PI - versions 20881700, 20081710, 740, can use a vulnerable interface to execute an application function to perform actions which they...
Debian dla-3236 : libopenexr-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3236 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3236-1 [email protected]...
Debian DSA-5299-1 : openexr - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5299 advisory. Multiple security vulnerabilities have been found in OpenEXR, command-line tools and a library for the OpenEXR image format. Buffer overflows or out-of-bound read...