345 matches found
CVE-2024-54198 Information Disclosure vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP
In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that originates from allowing an authenticated attacker to craft a Remote Function Call RFC request to a restricted destination, which could be used to...
PT-2024-9678 · Sap · Sap Netweaver Application Server Abap
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP affected versions not specified Description: The issue allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, potentially exposing credentials for a remot...
PT-2024-41065 · Git +1 · Shaderc
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A crash occurs due to a container-overflow READ 8 issue. The crash involves the glslang::HlslParseContext::decomposeIntrinsic and glslang::HlslParseContext::handleFunctionCall functions, as...
CVE-2024-8938
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in memory...
CVE-2024-8937
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in the...
CVE-2024-8936
CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper with memory...
CVE-2024-8936
CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper with memory...
CVE-2024-8938
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in memory...
CVE-2024-8937
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in the...
CVE-2024-8937
CVE-2024-8937 affects Schneider Electric’s Modicon M340, MC80, and Momentum Unity M1E PLCs. The vulnerability is described as CWE-119: Improper restriction of operations within the bounds of a memory buffer, potentially enabling arbitrary code execution. The attack scenario reported involves a su...
PT-2024-8142 · Schneider Electric · Schneider Electric Modicon Mc80 Bmkc80 +2
Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon M340 CPU BMXP34 versions affected versions not specified Schneider Electric Modicon MC80 BMKC80 versions affected versions not specified Schneider Electric Modicon Momentum Unity M1E Processor 171CBU versions affect...
CVE-2024-7883
When using Arm Cortex-M Security Extensions CMSE, Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state...
CVE-2024-7883 CMSE secure state may leak from stack to floating-point registers
When using Arm Cortex-M Security Extensions CMSE, Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state...
WordPress Advanced Custom Fields PRO plugin <= 6.3.7 - Administrator+ Limited Arbitrary Function Call vulnerability
Administrator+ Limited Arbitrary Function Call vulnerability discovered by Automattic Security Team in WordPress Plugin Advanced Custom Fields PRO versions = 6.3.7...
WordPress Advanced Custom Fields plugin <= 6.3.6 - Administrator+ Limited Arbitrary Function Call vulnerability
Administrator+ Limited Arbitrary Function Call vulnerability discovered by Automattic Security Team in WordPress Plugin Advanced Custom Fields versions = 6.3.6...
CVE-2024-44112
Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...
CVE-2024-8268 Frontend Dashboard <= 2.2.4 - Authenticated (Subscriber+) Arbitrary Function Call
The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajaxrequest function in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with subscriber-level...
WordPress Frontend Dashboard plugin <= 2.2.4 - Authenticated (Subscriber+) Arbitrary Function Call vulnerability
Authenticated Subscriber+ Arbitrary Function Call vulnerability discovered by Lucio Sá in WordPress Plugin Frontend Dashboard versions = 2.2.4...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from an RFC-enabled function module that allows a low-privileged user to add any workbook to any user's workplace favorites...