355 matches found
CVE-2024-7883
When using Arm Cortex-M Security Extensions CMSE, Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state...
CVE-2024-7883 CMSE secure state may leak from stack to floating-point registers
When using Arm Cortex-M Security Extensions CMSE, Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state...
WordPress Advanced Custom Fields PRO plugin <= 6.3.7 - Administrator+ Limited Arbitrary Function Call vulnerability
Administrator+ Limited Arbitrary Function Call vulnerability discovered by Automattic Security Team in WordPress Plugin Advanced Custom Fields PRO versions = 6.3.7...
WordPress Advanced Custom Fields plugin <= 6.3.6 - Administrator+ Limited Arbitrary Function Call vulnerability
Administrator+ Limited Arbitrary Function Call vulnerability discovered by Automattic Security Team in WordPress Plugin Advanced Custom Fields versions = 6.3.6...
CVE-2024-44112
Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...
CVE-2024-8268 Frontend Dashboard <= 2.2.4 - Authenticated (Subscriber+) Arbitrary Function Call
The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajaxrequest function in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with subscriber-level...
WordPress Frontend Dashboard plugin <= 2.2.4 - Authenticated (Subscriber+) Arbitrary Function Call vulnerability
Authenticated Subscriber+ Arbitrary Function Call vulnerability discovered by Lucio Sá in WordPress Plugin Frontend Dashboard versions = 2.2.4...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from an RFC-enabled function module that allows a low-privileged user to add any workbook to any user's workplace favorites...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from an RFC-enabled function module that allows a low-privileged user to read any user's workplace favorites and user menus, as well as all...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from an RFC-enabled function module that allows a less-privileged user to perform a denial of service to any user and also to change or delet...
PT-2024-29908 · Sap · Sap Systems
Name of the Vulnerable Software and Affected Versions: SAP Systems affected versions not specified Description: The RFC enabled function module in SAP Systems allows a low-privileged user to read any user's workplace favorites and user menu, along with specific data of each node. This issue enabl...
SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...
SAP /sap/bc/soap/rfc SOAP Service SXPG_COMMAND_EXEC Function Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...
CVE-2024-43851 soc: xilinx: rename cpu_number1 to dummy_cpu_number
In the Linux kernel, the following vulnerability has been resolved: soc: xilinx: rename cpunumber1 to dummycpunumber The per cpu variable cpunumber1 is passed to xlnxeventhandler as argument "devid", but it is not used in this function. So drop the initialization of this variable and rename it to...
Linux kernel security vulnerabilities
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a missing call to the csdspremove function in the cs35l56hdacommonprobe function error path...
RHEL 6 : graphviz (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - graphviz: stack-based buffer overflow in chkNum CVE-2014-1236 - graphviz: recursive function call in...
CVE-2021-47201
In the Linux kernel, the following vulnerability has been resolved: iavf: free qvectors before queues in iavfdisablevf iavffreequeues clears adapter-numactivequeues, which iavffreeqvectors relies on, so swap the order of these two function calls in iavfdisablevf. This resolves a panic encountered...
CVE-2024-26709 powerpc/iommu: Fix the missing iommu_group_put() during platform domain attach
In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Fix the missing iommugroupput during platform domain attach The function spaprtceplatformiommuattachdev is missing to call iommugroupput when the domain is already set. This refcount leak shows up with BUGON during...
Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover
Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances. "The vulnerability allows remote code execution with SYSTEM privileges on all Windows...
Denial Of Service (DOS)
pocketmine/pocketmine-mp is vulnerable to Denial Of Service. The vulnerability is due to a lack of bounds checking when accessing inventory slots while calling function BaseInventory-getItem. This leads to an unhandled exception and potentially leads to Denial of service via malformed...