30 matches found
CVE-2026-44744
Affected software : SAP S/4HANA On-Premise. Vulnerability : SQL injection in a remote-enabled function module component. Root cause / what’s vulnerable : An authenticated attacker could influence SQL queries via the affected function module, potentially enabling unauthorized database queries. Imp...
CVE-2026-21963
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...
CVE-2021-2297
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...
EUVD-2023-29555
Malicious code in bioql PyPI...
BIT-LIBPYTHON-2021-3426
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to...
SAP NetWeaver Application Server ABAP 安全漏洞
SAP NetWeaver Application Server ABAP is a platform for running and developing applications based on the ABAP language from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server ABAP that stems from a lack of authorization checking, which could allow an overprivileged...
Linux Distros Unpatched Vulnerability : CVE-2020-14331
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux kernel's implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an...
CVE-2024-21234
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic...
The vulnerability of the qcom-geni-serial component in the Linux operating system allows for interference with the confidentiality and accessibility of protected information.
The vulnerability of the qcom-geni-serial component in the Linux operating system is related to it exceeding the buffer limits of the RX FIFO. Exploiting this vulnerability could allow an attacker to influence the confidentiality and accessibility of the protected information...
CVE-2024-8285
A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perfor...
kernel: Local information disclosure on Intel(R) Atom(R) processors
A vulnerability was found in some Intel Atom Processor's microcode. This issue may allow a malicious actor to achieve a local information disclosure, impacting the data confidentiality of the targeted system...
CVE-2024-23451
An incorrect authorization flaw was found in the API key based security model for Remote Cluster Security in the elasticsearch package. A malicious user with a valid API key can leverage this issue to gain access to read any documents from any index in the remote cluster, exposing possible...
SAP NetWeaver ABAP Server 跨站脚本漏洞
SAP NetWeaver ABAP Server is a German SAP SAP company used as a Web application server for SAP products. A cross-site scripting vulnerability exists in SAP NetWeaver ABAP Server, which stems from a cross-site scripting XSS vulnerability due to insufficient encoding of user-controlled input. An...
OpenJDK: incorrect enqueue of references in garbage collector (8298191)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...
SUSE CVE-2018-2972
Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. The supported version that is affected is Java SE: 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of th...
SUSE CVE-2021-20288
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated...
CVE-2022-41599
The system service has a vulnerability that causes incorrect return values. Successful exploitation of this vulnerability may affect data confidentiality...
CVE-2022-38985
The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality...
CVE-2022-35169
SAP BusinessObjects Business Intelligence Platform LCM - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on...
ceph: Unauthorized global_id reuse in cephx
An authentication flaw was found in ceph. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated with another user, as ceph...