Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several SAP products, including Business Objects, HANA, CRM and NetWeaver. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Bypassing authentication - Cross-Site...

SAP BusinessObjects Business Intelligence Platform Information Disclosure Vulnerability

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...

CVE-2024-5307

Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target mus...

CVE-2024-5307

CVE-2024-5307 affects Kofax Power PDF, specifically the AcroForm Annotation handling. The vulnerability is an out-of-bounds read that can disclose sensitive information from a vulnerable installation due to insufficient validation of user-supplied data in Annotation objects. User interaction is r...

CVE-2024-5452 RCE via Property/Class Pollution in lightning-ai/pytorch-lightning

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

CVE-2024-2017 Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.7.8 - Missing Authorization to Authenticated (Subscriber+) PHP Object Injection

The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attacker...

PT-2024-36377 · Unknown +1 · Pytorch-Lightning +1

Name of the Vulnerable Software and Affected Versions: pytorch-lightning version 2.2.1 Description: A remote code execution issue exists due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to...

GHSA-M2HP-5X78-74MG Insecure Unserialize Vulnerability in FLOW3

Due to a missing signature HMAC for a request argument, an attacker could unserialize arbitrary objects within FLOW3. To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be...

[SECURITY] Fedora 40 Update: qt5-qtremoteobjects-5.15.14-1.fc40

Qt Remote Objects QtRO is an inter-process communication IPC module devel oped for Qt...

GO-2024-2581 User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository in github.com/treeverse/lakefs

User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository in github.com/treeverse/lakefs...

IT threat evolution in Q1 2024. Non-mobile statistics

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly...

PT-2024-40787 · Unknown · Javaparser

Name of the Vulnerable Software and Affected Versions: JavaParser affected versions not specified Description: The issue is related to a security exception in the CommentsInserter class. The crash occurs in the insertComments function, which is part of the JavaParser library. The error is also...

[SECURITY] Fedora 40 Update: qt6-qtremoteobjects-6.7.1-1.fc40

Qt Remote Objects QtRO is an inter-process communication IPC module devel oped for Qt...

The vulnerability of the automation_get_new_graphs_sql function in the Cacti network monitoring software allows a hacker to execute arbitrary SQL queries.

The vulnerability of the automationgetnewgraphssql function in the Cacti network monitoring software is related to the lack of validation for XML object sequences. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

SUSE CVE-2021-47490

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix memleak in ttmtransfereddestroy We need to cleanup the fences for ghost objects as well. Bug: https://bugzilla.kernel.org/showbug.cgi?id=214029 Bug: https://bugzilla.kernel.org/showbug.cgi?id=214447...

USN-6793-1 git vulnerabilities

It was discovered that Git incorrectly handled certain submodules. An attacker could possibly use this issue to execute arbitrary code. This issue was fixed in Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS. CVE-2024-32002 It was discovered that Git incorrectly handled certain cloned...

PT-2024-26899 · Nautobot · Nautobot

Name of the Vulnerable Software and Affected Versions: Nautobot versions 1.3.0 through 1.6.22 Nautobot versions 2.0.0 through 2.2.4 Description: A user with extras.view dynamicgroup permission can use the Dynamic Group detail UI view /extras/dynamic-groups// and/or the members REST API view...

Threat landscape for industrial automation systems, Q1 2024

Global statistics Statistics across all threats In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Percentage of IC...

sssd: Race condition during authorization leads to GPO policies functioning inconsistently

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately...

DEBIAN-CVE-2021-47490

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix memleak in ttmtransfereddestroy We need to cleanup the fences for ghost objects as well. Bug: https://bugzilla.kernel.org/showbug.cgi?id=214029 Bug: https://bugzilla.kernel.org/showbug.cgi?id=214447...