CVE-2024-45285

The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any...

CVE-2024-45285

CVE-2024-45285 refers to a vulnerability in SAP NetWeaver AS ABAP/ABAP Platform where an RFC-enabled function module allows a low-privileged user to perform a denial-of-service and to change or delete users’ favourite nodes. The impact is described as low for integrity and availability; the attac...

CVE-2024-44117 Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform

The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application...

CVE-2024-44117

CVE-2024-44117 describes a vulnerability in SAP NetWeaver AS ABAP/ABAP Platform where an RFC-enabled function module allows a low-privileged user to perform actions such as modifying the URLs of any user’s favourite nodes and workbook ID. The published metrics indicate a low impact on integrity a...

CVE-2024-44112

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...

CVE-2024-44112 Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...

CVE-2024-44112 Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...

CVE-2024-44115

The RFC enabled function module allows a low privileged user to add URLs to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces, and nodes. There is low impact on integrity of the application...

CVE-2024-44116

The RFC enabled function module allows a low privileged user to add any workbook to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces. There is low impact on integrity of the application...

CVE-2024-42380

The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each node. Usernames can be enumerated by exploiting vulnerability. There is low impact on confidentiality of the application...

CVE-2024-44115

The CVE-2024-44115 issue affects SAP NetWeaver AS ABAP/ABAP Platform via an RFC-enabled function module that allows a low-privileged user to add URLs to any user’s workplace Favourites. This can enable gathering usernames and access information about targeted users’ workplaces and nodes, with low...

PT-2024-31565 · Overleaf · Overleaf Server Pro

Name of the Vulnerable Software and Affected Versions: Overleaf Server Pro versions prior to 2024-07-17 Overleaf Server Pro using legacy docker-compose.yml versions prior to 2024-08-28 Description: Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf...

CVE-2024-6551

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.15.1. This is due to the plugin utilizing Symfony and leaving displayerrors on within test files. This makes it possible for unauthenticated...

CVE-2024-45232

An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference IDOR. An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the...

Basecamp: Critical Data Breach - Big Data for all domains

The researcher provided an Excel sheet that appeared to be a dump of a breach database. The origin of the data entries in the database was unclear. A small number of valid HEY accounts with enabled 2FA were found, as well as a slightly larger number of other product accounts with valid passwords...

CVE-2024-45038 Device crash via malformed MQTT packet when downlink is enabled in Meshtastic device firmware

Meshtastic device firmware is a firmware for meshtastic devices to run an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic device firmware is subject to a denial of serivce vulnerability in MQTT handling, fixed in version 2.4.1 of the...

UBUNTU-CVE-2024-43444

Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a possible memory leak due to a duplicate call to the ipv6mcdown function when IPv6 is enabled and disabled ...

UBUNTU-CVE-2024-43411

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 and above. In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the dmaengine/idxd component should fail when the work queue is not enabled...