CVE-2024-56563

In the Linux kernel, the following vulnerability has been resolved: ceph: fix cred leak in cephmdscheckaccess getcurrentcred increments the reference counter, but the putcred call was missing...

CVE-2020-9089

There is an information vulnerability in Huawei smartphones. A function in a module can be called without verifying the caller's access. Attackers with user access can exploit this vulnerability to obtain some information. This can lead to information leak. Vulnerability ID: HWPSIRT-2019-12141 Th...

The vulnerability of the Remote Function Call interface in the SAP NetWeaver AS ABAP software integration platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Remote Function Call interface in the SAP NetWeaver AS ABAP software integration platform is related to insufficient control over dynamically defined variables. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protect...

SAP NetWeaver AS ABAP Information Disclosure (3469791)

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...

The vulnerability of the PowerScale OneFS operating system, related to calling a function with an intentionally incorrect argument, allows attackers to disclose sensitive information that should be protected.

The vulnerability of the PowerScale OneFS operating system lies in the execution of a function with an intentionally incorrect argument. Exploiting this vulnerability allows a remote attacker to disclose sensitive information that is protected by the system’s security measures...

CVE-2024-54198

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...

CVE-2024-54198

CVE-2024-54198 affects SAP NetWeaver Application Server ABAP. In certain conditions, an authenticated attacker can craft a Remote Function Call (RFC) to restricted destinations, exposing credentials for a remote service and potentially allowing complete compromise of that service. Affected compon...

CVE-2024-54198 Information Disclosure vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...

CVE-2024-54198 Information Disclosure vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that originates from allowing an authenticated attacker to craft a Remote Function Call RFC request to a restricted destination, which could be used to...

PT-2024-9678 · Sap · Sap Netweaver Application Server Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP affected versions not specified Description: The issue allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, potentially exposing credentials for a remot...

PT-2024-41065 · Git +1 · Shaderc

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A crash occurs due to a container-overflow READ 8 issue. The crash involves the glslang::HlslParseContext::decomposeIntrinsic and glslang::HlslParseContext::handleFunctionCall functions, as...

CVE-2024-8938

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in memory...

CVE-2024-8937

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in the...

CVE-2024-8936

CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper with memory...

CVE-2024-8936

CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper with memory...

CVE-2024-8938

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in memory...

CVE-2024-8937

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in the...

CVE-2024-8937

CVE-2024-8937 affects Schneider Electric’s Modicon M340, MC80, and Momentum Unity M1E PLCs. The vulnerability is described as CWE-119: Improper restriction of operations within the bounds of a memory buffer, potentially enabling arbitrary code execution. The attack scenario reported involves a su...

PT-2024-8142 · Schneider Electric · Schneider Electric Modicon Mc80 Bmkc80 +2

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon M340 CPU BMXP34 versions affected versions not specified Schneider Electric Modicon MC80 BMKC80 versions affected versions not specified Schneider Electric Modicon Momentum Unity M1E Processor 171CBU versions affect...