Lucene search
K

551 matches found

Cvelist
Cvelist
added 2024/06/11 2:2 a.m.45 views

CVE-2024-34688 Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository)

Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availabilit...

7.5CVSS0.00541EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/30 12:0 a.m.5 views

EDK2 Security Vulnerability

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2, which stems from the fact that S3 is activated during sleep, and can be exploited by an attacker to cause a loss of...

6CVSS8.5AI score0.00217EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/04/17 1:2 p.m.42 views

CVE-2024-1249

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origi...

7.4CVSS7.3AI score0.00448EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.3 views

PT-2024-17623 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in Keycloak's OIDC component in the checkLoginIframe, which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of request...

7.4CVSS7AI score0.00448EPSS
Exploits0References27
Cvelist
Cvelist
added 2024/03/12 12:32 a.m.31 views

CVE-2024-22133 Improper Access Control in SAP Fiori Front End Server

SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only field when sending leave request information. This could lead to creation of request with incorrect approver causing low impact on Confidentiality and Integrity with no impact on Availability of the...

4.6CVSS5.2AI score0.003EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:6 a.m.40 views

BIT-PYTHON-2021-3733

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

6.5CVSS6.8AI score0.04675EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2024/02/27 5:12 p.m.26 views

CVE-2024-26142

A flaw was found in actionpack rubygem during the parsing of the Accept header. This issue ma allow a malicious actor to craft a header which will lead the action dispatch component to take an unexpected amount of time, leading to a Denial of Service, impacting the application's availability...

5.9CVSS7.4AI score0.01498EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.29 views

Rocky Linux 8 : qt5 (RLSA-2021:4172)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4172 advisory. - A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelperp.h in Qt/Qtbase. While...

7.1CVSS6.7AI score0.00511EPSS
Exploits1References33
OSV
OSV
added 2023/09/13 9:15 a.m.7 views

CVE-2023-4039

DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...

4.8CVSS5.4AI score
Exploits0References2
Rockylinux
Rockylinux
added 2023/08/31 4:55 p.m.22 views

pacemaker bug fix update

An update is available for pacemaker. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Pacemaker cluster resource manager is a collection of technologies...

6.8AI score
Exploits0
Cvelist
Cvelist
added 2023/08/08 12:42 a.m.25 views

CVE-2023-37487 Security misconfiguration vulnerability in SAP Business One (Service Layer)

SAP Business One Service Layer - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application...

5.3CVSS5.5AI score0.00414EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/06/08 12:0 a.m.28 views

Amazon Linux 2 : OpenEXR (ALAS-2023-2078)

The version of OpenEXR installed on the remote host is prior to 1.7.1-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2078 advisory. A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by...

7.5CVSS6.6AI score0.01848EPSS
Exploits1References12
Amazon
Amazon
added 2023/06/07 12:0 a.m.28 views

Medium: OpenEXR

Issue Overview: A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability. CVE-2021-20298 A flaw foun...

7.5CVSS6.5AI score0.01848EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2023/05/09 1:38 a.m.8 views

CVE-2023-32111 Memory Corruption vulnerability in SAP PowerDesigner (Proxy)

In SAP PowerDesigner Proxy - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. This leads to a high impact on availability of the application...

7.5CVSS7.5AI score0.00635EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/04/20 12:0 a.m.43 views

Amazon Linux 2 : jasper (ALAS-2023-2018)

The version of jasper installed on the remote host is prior to 1.900.1-33. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2018 advisory. A flaw was found in the Jasper tool's jpc encoder. This flaw allows an attacker to craft input provided to Jasper, causi...

7.8CVSS7AI score0.01371EPSS
Exploits5References14
CVE
CVE
added 2023/04/11 2:50 a.m.45 views

CVE-2023-27897

Affected software: SAP CRM versions 700–713. Vulnerability: An attacker authenticated with a non-administrative role and common remote-execution authorization can use a vulnerable interface to execute a function, performing actions they normally could not. This can have limited impact on confiden...

6.3CVSS6.3AI score0.00651EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/15 12:0 a.m.59 views

Ubuntu 16.04 ESM / 18.04 LTS : OpenJPEG vulnerabilities (USN-5952-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5952-1 advisory. Sebastian Poeplau discovered that OpenJPEG incorrectly handled certain inputs. If a user or an automated system were tricked into opening a...

8.8CVSS7.5AI score0.04932EPSS
Exploits3References11
NVD
NVD
added 2023/03/14 6:15 a.m.15 views

CVE-2023-27893

An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems ST-PI - versions 20881700, 20081710, 740, can use a vulnerable interface to execute an application function to perform actions which they...

8.8CVSS8.7AI score0.01184EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/12/19 12:0 a.m.43 views

Debian dla-3236 : libopenexr-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3236 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3236-1 [email protected]...

7.5CVSS6.5AI score0.01848EPSS
Exploits5References46
Tenable Nessus
Tenable Nessus
added 2022/12/11 12:0 a.m.40 views

Debian DSA-5299-1 : openexr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5299 advisory. Multiple security vulnerabilities have been found in OpenEXR, command-line tools and a library for the OpenEXR image format. Buffer overflows or out-of-bound read...

6.5CVSS6.4AI score0.01772EPSS
Exploits2References18
Rows per page
Query Builder