90 matches found
KLA77561 DoS vulnerability in Wireshark
Denial of service vulnerability was found in Wireshark. Malicious users can exploit this vulnerability to cause denial of service. Original advisories wnpa-sec-2024-14 · FiveCo RAP dissector infinite loop Related products Wireshark CVE list CVE-2024-11595 high Solution Update to the latest versio...
kernel: of: module: add buffer overflow check in of_modalias()
A buffer overflow flaw was found in ofmodalias in the Linux kernel, occurring after the first snprintf call. This issue could result in loss of availability of the system...
kernel: of: module: add buffer overflow check in of_modalias()
A buffer overflow flaw was found in ofmodalias in the Linux kernel, occurring after the first snprintf call. This issue could result in loss of availability of the system...
CVE-2024-6038
A Regular Expression Denial of Service ReDoS vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filterhistory function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history...
PT-2024-37336 · Unknown · Gaizhenbiao/Chuanhuchatgpt
Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt affected versions not specified Description: A Regular Expression Denial of Service ReDoS issue exists, located in the filter history function within the utils.py module. This function uses a regular expression sear...
Privilege escalation
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform FTSP. If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read an...
CVE-2024-22131
In SAP ABA Application Basis - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions...
Authorization
In SAP ABA Application Basis - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions...
CVE-2024-22131 Code Injection vulnerability in SAP ABA (Application Basis)
In SAP ABA Application Basis - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions...
Design/Logic Flaw
An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time. See product Instruction Manual Appendix A dated 20230830 for more...
CVE-2023-37491
The ACL Access Control List of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the...
CVE-2023-28762
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting int...
CVE-2023-28762 Information Disclosure in SAP BusinessObjects Intelligence Platform
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting int...
CVE-2023-28762
Affected product: SAP BusinessObjects Business Intelligence Platform (versions 420 and 430). Vulnerability summary: An authenticated attacker with administrator privileges can obtain the login token of any logged-in BI user over the network without user interaction, enabling impersonation of any ...
PT-2023-22189 · Sap · Sap Netweaver
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver BI CONT ADDON versions 707, 737, 747, 757 Description: The issue allows an attacker to exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Although data cannot be read, a remote attack...
CVE-2023-23857 Improper Access Control in SAP NetWeaver AS for Java
Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services...
CVE-2022-39013
Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the applicatio...
PT-2022-24669 · Sap Se +1 · Sap Businessobjects Business Intelligence Platform
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue allows an authenticated attacker to access OS credentials under certain conditions. This access enables the attacker to modify system data and potentially make the system...
CVE-2022-39013
Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the applicatio...
ChainlinkInceptionPriceFeed can report stale price
Lines of code Vulnerability details As stale price is determined by time since last timestamp, the price that is most recent, but wasn't updated for more than PRICEORACLESTALETHRESHOLD say there were no trades on the market will be rejected, which makes system unavailable in such a case. This can...