36956 matches found
expat: Large number of prefixed XML attributes on a single tag can crash libexpat
expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to buffer overrun. The highest threat from this vulnerability is to availability...
CVE-2025-66334
Denial of service DoS vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-66332
Denial of service DoS vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-66323
Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-66333
Denial of service DoS vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-66321
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-66320
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-66331
Denial of service DoS vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-66326
Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-66328
Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-66322
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-42877 Memory Corruption vulnerability in SAP Web Dispatcher, Internet Communication Manager and SAP Content Server
SAP Web Dispatcher, Internet Communication Manager ICM, and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption vulnerability. This results in high impact on the availability with no impact on confidentiality or integrity of the application...
CVE-2025-42877 Memory Corruption vulnerability in SAP Web Dispatcher, Internet Communication Manager and SAP Content Server
SAP Web Dispatcher, Internet Communication Manager ICM, and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption vulnerability. This results in high impact on the availability with no impact on confidentiality or integrity of the application...
CVE-2025-42873
SAPUI5 (and OpenUI5) packages include the markdown-it component with outdated third‑party libraries, enabling an infinite loop on specially malformed input. This DoS causes high CPU use and unresponsiveness by blocking the processing thread, with no confidentiality or integrity impact reported. N...
CVE-2025-42872
CVE-2025-42872 describes a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal. An unauthenticated attacker can inject scripts that run in other users’ browsers, potentially stealing session cookies, tokens, and other sensitive information. The impact is characterized as l...
PT-2025-49770
Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on...
PT-2025-49765
The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the...
PT-2025-49843
A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected device stores sensitive information in the firmware. This could allow an attacker to access and misuse this information, potentially impacting the device’s confidentiality, integrity, and availability...
PT-2025-49980
Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 8.0.16 MongoDB Server versions prior to 7.0.26 MongoDB Server versions prior to 8.2.2 Description A flaw exists in the network two-phase commit protocol used for cross-shard transactions. This issue can lead to...
SAP多款产品 缓冲区错误漏洞
SAP Web Dispatcher and others are products of SAP, Germany.SAP Web Dispatcher is a core component of Load Balancing, which supports load balancing and provides reverse proxy functionality, enabling external network users to access internal applications.SAP Internet Communication Manager SAP ICM i...