Lucene search
K

36999 matches found

RedHat Linux
RedHat Linux
added 2025/05/13 8:28 a.m.6 views

kernel: parport: Proper fix for array out-of-bounds access

An out-of-bounds array access memory flaw was found in the Linux kernel. When snprintf returns the would-be-printed size, not the actual output size, the length calculation can still go over the given limit and cause an overflow, resulting in loss of availability of the system...

7.8CVSS7.2AI score0.00232EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/13 8:28 a.m.3 views

kernel: wifi: cfg80211: Set correct chandef when starting CAC

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Set correct chandef when starting CAC When starting CAC in a mode other than AP mode, it return a "WARNING: CPU: 0 PID: 63 at cfg80211chandefdfsusable+0x20/0xaf cfg80211" caused by the chandef.chan being null at t...

5.5CVSS6.5AI score0.00234EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/13 8:28 a.m.4 views

kernel: Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()

A use-after-free vulnerability exists in the Bluetooth stack of the Linux kernel. The l2capconnect does not return void during the function return, potentially leading to a loss of system availability...

6.8CVSS7.2AI score0.00457EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/13 8:28 a.m.3 views

kernel: wifi: cfg80211: clear link ID from bitmap during link delete after clean up

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear link ID from bitmap during link delete after clean up Currently, during link deletion, the link ID is first removed from the validlinks bitmap before performing any clean-up operations. However, some functio...

3.3CVSS6.7AI score0.0018EPSS
Exploits0References5
NVD
NVD
added 2025/05/13 1:15 a.m.46 views

CVE-2025-43010

SAP S/4HANA Cloud Private Edition or on Premise SCM Master Data Layer MDL allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation an...

8.3CVSS0.00414EPSS
Exploits0References2
NVD
NVD
added 2025/05/13 1:15 a.m.29 views

CVE-2025-42997

Under certain conditions, SAP Gateway Client allows a high-privileged user to access restricted information beyond the scope of the application. Due to the possibility of influencing application behavior or performance through misuse of the exposed data, this may potentially lead to low impact on...

6.6CVSS0.00236EPSS
Exploits0References2
OSV
OSV
added 2025/05/13 1:15 a.m.2 views

CVE-2025-42999

SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system...

9.1CVSS5.8AI score0.99359EPSS
Exploits19References4
NVD
NVD
added 2025/05/13 1:15 a.m.12 views

CVE-2025-43000

Under certain conditions Promotion Management Wizard PMW allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity and Availability of the application...

7.9CVSS0.00142EPSS
Exploits0References2
OSV
OSV
added 2025/05/13 1:15 a.m.4 views

CVE-2025-30010

The Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft a malicious link, which when clicked by a victim, redirects the browser to a malicious site. On successfu...

6.1CVSS5.8AI score0.00261EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/13 12:19 a.m.6 views

CVE-2025-43010 Code injection vulnerability in SAP S/4HANA Cloud Private Edition or On Premise(SCM Master Data Layer (MDL))

SAP S/4HANA Cloud Private Edition or on Premise SCM Master Data Layer MDL allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation an...

8.3CVSS8.3AI score0.00414EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/13 12:19 a.m.40 views

CVE-2025-43010 Code injection vulnerability in SAP S/4HANA Cloud Private Edition or On Premise(SCM Master Data Layer (MDL))

SAP S/4HANA Cloud Private Edition or on Premise SCM Master Data Layer MDL allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation an...

8.3CVSS0.00414EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/13 12:19 a.m.8 views

CVE-2025-43008 Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal

Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability...

5.8CVSS5.6AI score0.00307EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/13 12:17 a.m.21 views

CVE-2025-43000 Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (PMW)

Under certain conditions Promotion Management Wizard PMW allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity and Availability of the application...

7.9CVSS0.00142EPSS
Exploits0References2
OSV
OSV
added 2025/05/13 12:0 a.m.2 views

OPENSUSE-SU-2025:15084-1 cpp-httplib-devel-0.20.1-1.1 on GA media

These are all security issues fixed in the cpp-httplib-devel-0.20.1-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00603EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2025/05/13 12:0 a.m.10 views

CVE-2025-42999

SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system. Recent assessments: Assessed Attacker...

9.1CVSS6.9AI score0.11222EPSS
In wildExploits3References3
Tenable Nessus
Tenable Nessus
added 2025/05/13 12:0 a.m.7 views

Amazon Linux 2 : edk2 (ALAS-2025-2852)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2852 advisory. EDK2 contains a vulnerability in the HashPeImageByType. A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this...

4.6CVSS6AI score0.00214EPSS
Exploits0References4
Amazon
Amazon
added 2025/05/13 12:0 a.m.12 views

Medium: edk2

Issue Overview: EDK2 contains a vulnerability in the HashPeImageByType. A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability. CVE-2024-38797...

4.6CVSS6.8AI score0.00214EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.3 views

PT-2025-20822 · Sap · Sap S/4Hana Cloud Private Edition +1

Name of the Vulnerable Software and Affected Versions: SAP S/4HANA Cloud Private Edition affected versions not specified Description: The issue allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs,...

8.3CVSS6.4AI score0.00414EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/05/13 12:0 a.m.14 views

Photon OS 4.0: Apache PHSA-2025-4.0-0777

An update of the apache package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0777. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

10CVSS9.4AI score0.99945EPSS
Exploits46References2
ICS
ICS
added 2025/05/13 12:0 a.m.10 views

Siemens SIMATIC IPC RS-828A

SUMMARY SIMATIC IPC RS-828A is affected by an authentication bypass vulnerability in the Redfish interface of its Baseboard Management Controller BMC that could allow an attacker to gain unauthorized access and compromise confidentiality, integrity and availability of the BMC and thus the entire...

10CVSS7.6AI score0.61202EPSS
Exploits0References10
Rows per page
Query Builder