36980 matches found
CVE-2024-13089 Authenticated RCE in update functionality in Guardian/CMC before 24.6.0
An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these...
CVE-2025-42994
SAP MDM Server ReadString function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and integrity of the...
CVE-2025-42995
SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and integrity of the...
CVE-2025-42989
RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and availability of the application...
CVE-2025-42996 Multiple vulnerabilities in SAP MDM Server
SAP MDM Server allows an attacker to gain control of existing client sessions and execute certain functions without having to re-authenticate giving the ability to access or modify non-sensitive information or consume sufficient resources which could degrade the performance of the server causing...
CVE-2025-42995 Multiple vulnerabilities in SAP MDM Server
SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and integrity of the...
CVE-2025-42995 Multiple vulnerabilities in SAP MDM Server
SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and integrity of the...
CVE-2025-42995
CVE-2025-42995: SAP MDM Server is affected by a vulnerability in the Read function where specially crafted packets can trigger a memory read access violation, causing the server process to fail and exit. The documented impact is high availability disruption with no confidentiality or integrity im...
CVE-2025-42994 Multiple vulnerabilities in SAP MDM Server
SAP MDM Server ReadString function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and integrity of the...
CVE-2025-42994 Multiple vulnerabilities in SAP MDM Server
SAP MDM Server ReadString function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and integrity of the...
CVE-2025-42994
The CVE-2025-42994 entry concerns SAP MDM Server where the ReadString function can be triggered by specially crafted packets to cause a memory read access violation, leading to a server crash and high availability impact. The initial description assigns a CVSS v3.1 base score of 7.5 (HIGH) with N...
CVE-2025-42989 Missing Authorization check in SAP NetWeaver Application Server for ABAP
RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and availability of the application...
CVE-2025-42989
Summary (CVE-2025-42989) : SAP NetWeaver Application Server for ABAP (RFC inbound processing) may lack necessary authorization checks for authenticated users, enabling privilege escalation. Reported impact includes potential disruption to integrity and availability. The initial documents do not s...
CVE-2025-42989 Missing Authorization check in SAP NetWeaver Application Server for ABAP
RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and availability of the application...
CVE-2025-42982 Information Disclosure in SAP GRC (AC Plugin)
SAP GRC allows a non-administrative user to access and initiate transaction which could allow them to modify or control the transmitted system credentials. This causes high impact on confidentiality, integrity and availability of the application...
CVE-2025-23192 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (BI Workspace)
SAP BusinessObjects Business Intelligence BI Workspace allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session...
PT-2025-24596 · Sap · Sap Mdm Server
Name of the Vulnerable Software and Affected Versions: SAP MDM Server affected versions not specified Description: The issue allows an attacker to send specially crafted packets, triggering a memory read access violation in the server process. This causes the server to fail and exit unexpectedly,...
PT-2025-24595 · Sap · Sap Mdm Server
Name of the Vulnerable Software and Affected Versions: SAP MDM Server affected versions not specified Description: The issue allows an attacker to send specially crafted packets to the SAP MDM Server, triggering a memory read access violation in the server process. This causes the server to fail...
PT-2025-24594 · Sap · Sap S/4Hana
Name of the Vulnerable Software and Affected Versions: SAP S/4HANA affected versions not specified Description: The issue is related to a missing authorization check in the Enterprise Event Enablement component. An attacker with access to the Inbound Binding Configuration can create an RFC...
Nozomi Networks Guardian 操作系统命令注入漏洞
Nozomi Networks Guardian is an Internet of Things IoT device and software inspection system from Nozomi Networks, USA. Nozomi Networks Guardian suffers from an operating system command injection vulnerability that stems from improper signature validation, which could result in an authenticated...