CVE-2024-4138 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application...

CVE-2024-4139

Brings CVE-2024-4139: SAP S/4HANA Manage Bank Statement ReProcessing Rules suffers from missing authorization checks for authenticated users, enabling privilege escalation. Affected component is the rule management module; attacker can delete other users’ rules, compromising integrity. Confidenti...

CVE-2024-4139 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and...

CVE-2024-4139 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and...

PT-2024-29385 · Unknown · Manage Bank Statement Reprocessing Rules

Name of the Vulnerable Software and Affected Versions: Manage Bank Statement ReProcessing Rules affected versions not specified Description: The issue is related to insufficient authorization checks for authenticated users, leading to potential escalation of privileges. An attacker can exploit th...

CVE-2024-31444 Cacti XSS vulnerability in lib/html.php by reading dirty data stored in database

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerulesformsave function in automationtreerules.php is not thoroughly checked and is used to concatenate the HTML statement in formconfirm function from...

CVE-2024-31443

Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in formsave function in dataqueries.php is not thoroughly checked and is used to concatenate the HTML statement in growrightpanetree function from lib/html.php , finally resulting in...

RHEL 6 : postgresql-jdbc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - postgresql-jdbc: Arbitrary File Write Vulnerability CVE-2022-26520 - pgjdbc is an open source postgresql...

CVE-2024-34527

spacesplugin/app.py in SolidUI 0.4.0 has an unnecessary print statement for an OpenAI key. The printed string might be logged...

CVE-2024-34527

spacesplugin/app.py in SolidUI 0.4.0 has an unnecessary print statement for an OpenAI key. The printed string might be logged...

CVE-2024-34527

SolidUI 0.4.0 is affected by CVE-2024-34527 due to an unnecessary print statement in spaces_plugin/app.py that prints an OpenAI key, which could be logged. Core impact is potential exposure of sensitive information (OpenAI keys) via logs. Root cause: leaking sensitive value through a verbose prin...

PT-2024-25949 · Solidui · Solidui

Name of the Vulnerable Software and Affected Versions: SolidUI version 0.4.0 Description: The issue concerns an unnecessary print statement in the spaces plugin/app.py file for an OpenAI key. This printed string might be logged, potentially exposing sensitive information. Recommendations: For...

Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities

Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from the European Union E.U., the North Atlantic Treaty Organization NATO, the U.K., and the U.S. The Cze...

Range-Based Loop Execution

vyper is vulnerable to Range-Based Loop Execution. The vulnerability is due to incorrect assertion handling in the code generation of the range statement stmt.parseForrange within file stmt.py, which allows attackers to manipulate loop parameters...

PYSEC-2024-246

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. This issue is caused by an incorrect assertion...

CVE-2024-32481 vyper's range(start, start + N) reverts for negative numbers

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. This issue is caused by an incorrect assertion...

CVE-2024-32481 vyper's range(start, start + N) reverts for negative numbers

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. This issue is caused by an incorrect assertion...

SQL Injection

librenms/librenms is vulnerable to SQL Injection. The vulnerability is due to inadequate validation of the order parameter sourced from the $request in the file apifunctions.inc.php where the parameter value is directly incorporated into an SQL statement and concatenated. This allows attackers to...

Mozilla: Out-of-bounds-read after mis-optimized switch statement

The Mozilla Foundation Security Advisory describes this flaw as: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads...

Mozilla: Out-of-bounds-read after mis-optimized switch statement

The Mozilla Foundation Security Advisory describes this flaw as: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads...