Lucene search

K

ESET, Spol. S R.o. Security Vulnerabilities

cvelist
cvelist

CVE-2024-30216 Missing Authorization check in SAP S/4 HANA (Cash Management)

Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affecting the integrity of the...

4.3CVSS

5.4AI Score

0.0004EPSS

2024-04-09 01:02 AM
2
zdt
zdt

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference Vulnerability

Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure...

7.5AI Score

2024-04-22 12:00 AM
60
cvelist
cvelist

CVE-2024-34691 Missing Authorization check in SAP S/4HANA (Manage Incoming Payment Files)

Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the...

6.5CVSS

0.0004EPSS

2024-06-11 02:22 AM
4
zeroscience
zeroscience

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass

Title: Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Advisory ID: ZSL-2024-5814 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary The SIGNUM controller from Elber satellite equipment...

7.7AI Score

2024-04-17 12:00 AM
40
zeroscience
zeroscience

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config

Title: Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config Advisory ID: ZSL-2024-5815 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary The SIGNUM controller from Elber satellite equipment demodulates...

7.3AI Score

2024-04-17 12:00 AM
66
osv
osv

App can set discoverable timeout of device' s Bluetooth without showing system dialog to user.

In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

7.8CVSS

6.8AI Score

0.0004EPSS

2022-06-01 12:00 AM
8
osv
osv

App can set Scan Mode of device' s Bluetooth without showing system dialog to user.

In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

7.3CVSS

7.1AI Score

0.0004EPSS

2022-06-01 12:00 AM
10
cvelist
cvelist

CVE-2023-28018 HCL Connections s vulnerable to possible denial of service for certain users

HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially-crafted request an attacker could exploit this vulnerability to cause denial of service for affected...

5.5CVSS

5.8AI Score

0.0004EPSS

2024-02-12 10:46 PM
wpvulndb
wpvulndb

Media Library Folders < 8.2.1 - Reflected Cross-Site Scripting via 's'

Description The Media Library Folders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 8.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS

6.3AI Score

0.0004EPSS

2024-04-18 12:00 AM
3
osv
osv

BIT-nginx-2024-24989

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS

6.2AI Score

0.0004EPSS

2024-06-04 09:50 AM
7
osv
osv

BIT-nginx-2024-24990

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS

6.2AI Score

0.0004EPSS

2024-06-04 09:50 AM
18
osv
osv

CVE-2023-32262

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Item/Configure permission to access and capture credentials they are not entitled to. See the following Jenkins security advisory for details: * ...

6.5CVSS

7AI Score

0.001EPSS

2023-07-19 04:15 PM
1
cvelist
cvelist

CVE-2024-4139 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and...

4.3CVSS

5.4AI Score

0.0004EPSS

2024-05-14 03:51 AM
osv
osv

CVE-2024-24990

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS

6.2AI Score

0.0004EPSS

2024-02-14 05:15 PM
1
osv
osv

CVE-2024-24989

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS

6.2AI Score

0.0004EPSS

2024-02-14 05:15 PM
2
osv
osv

CVE-2023-32261

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * ...

6.5CVSS

6.7AI Score

0.001EPSS

2023-07-19 04:15 PM
3
osv
osv

[Android Auto] App permissions reset after upgrade on device from R build to S build

In parse of RoleParser.java, there is a possible way for default apps to get permissions explicitly denied by the user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS

7.5AI Score

0.0004EPSS

2022-03-01 12:00 AM
7
cvelist
cvelist

CVE-2024-4138 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application....

4.3CVSS

5.4AI Score

0.0004EPSS

2024-05-14 03:53 AM
vulnrichment
vulnrichment

CVE-2024-4139 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and...

4.3CVSS

7.3AI Score

0.0004EPSS

2024-05-14 03:51 AM
nuclei
nuclei

SolarWinds Serv-U 15.3 - Directory Traversal

SolarWinds Serv-U 15.3 is susceptible to local file inclusion, which may allow an attacker access to installation and server files and also make it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected...

7.5CVSS

7.5AI Score

0.049EPSS

2023-04-15 12:38 PM
47
osv
osv

CVE-2023-33265

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions...

8.8CVSS

7.2AI Score

0.001EPSS

2023-07-18 04:15 PM
3
osv
osv

[S-Preview2] connecting and disconnecting a keyboard with hwasan build of aosp master triggers a crash .

In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for...

6.8CVSS

6.8AI Score

0.0004EPSS

2021-10-01 12:00 AM
12
cvelist
cvelist

CVE-2024-33002 Cross-Site Scripting (XSS) Vulnerability in SAP S/4HANA (Document Service Handler for DPS)

Document Service handler (obsolete) in Data Provisioning Service does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability with low impact on Confidentiality and Integrity of the...

6.1CVSS

6.2AI Score

0.0004EPSS

2024-05-14 03:49 AM
wpvulndb
wpvulndb

Customer Reviews for WooCommerce < 5.48.0 - Reflected Cross-Site Scripting via 's'

Description The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers.....

6.3AI Score

0.0004EPSS

2024-04-18 12:00 AM
6
osv
osv

CVE-2022-2986

Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF...

8.8CVSS

6.7AI Score

0.001EPSS

2022-10-06 06:16 PM
7
githubexploit
githubexploit

Exploit for OS Command Injection in Proscend M330-W Firmware

CVE-2022-36779 exploit code for Unauthenticated OS...

9.8CVSS

7.3AI Score

0.002EPSS

2024-06-03 10:25 PM
64
cvelist
cvelist

CVE-2024-32663 Suricata 's http2 parser contains an improper compressed header handling can lead to resource starvation

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19....

7.5CVSS

7.7AI Score

0.0004EPSS

2024-05-07 02:48 PM
1
githubexploit
githubexploit

Exploit for Cross-site Scripting in Helpsystems Cobalt Strike

CVE-2022-39197 RCE POC Usage Prepare Payload...

6.1CVSS

-0.1AI Score

0.008EPSS

2022-10-14 11:46 AM
212
osv
osv

CVE-2023-5077

The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault...

7.6CVSS

7.1AI Score

0.0005EPSS

2023-09-29 12:15 AM
6
ibm
ibm

Security Bulletin: IBM Maximo Application Suite uses gunicorn-21.2.0-py3-none-any.whl which is vulnerable to CVE-2024-1135.

Summary IBM Maximo Application Suite uses gunicorn-21.2.0-py3-none-any.whl which is vulnerable to CVE-2024-1135. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-1135 DESCRIPTION: **Gunicorn is vulnerable to HTTP request...

7.5CVSS

7.3AI Score

0.0004EPSS

2024-06-07 06:46 AM
githubexploit
githubexploit

Exploit for Missing Authentication for Critical Function in Linuxfoundation Harbor

CVE-2022-46463 (Harbor public镜像下载) Harbor是一款开源的镜像托管平台。...

7.5CVSS

7.6AI Score

0.055EPSS

2023-03-21 10:40 AM
281
osv
osv

Important: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es) and Enhancement(s): ...

7.3AI Score

0.0004EPSS

2024-06-14 02:00 PM
5
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty could provide weaker than expected security which is vulnerable to CVE-2023-50312

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty which is vulnerable to CVE-2023-50312.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2023-50312 DESCRIPTION: **IBM WebSphere...

5.3CVSS

6.4AI Score

0.0004EPSS

2024-06-12 12:54 PM
1
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses :IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j which is vulnerable to CVE-2023-51775

Summary IBM Maximo Application Suite Predict Component uses :IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j which is vulnerable to CVE-2023-51775. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details **...

7.2AI Score

0.0004EPSS

2024-06-12 01:42 PM
1
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable to CVE-2024-27268

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable to CVE-2024-27268 .This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID:...

5.9CVSS

7AI Score

0.0004EPSS

2024-06-12 01:40 PM
1
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting (CVE-2024-27270).

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting (CVE-2024-27270). This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-27270 DESCRIPTION:...

4.7CVSS

5.9AI Score

0.0004EPSS

2024-06-12 01:34 PM
2
ibm
ibm

Security Bulletin: Gunicorn-20.1.0-py3-none-any.whl is vulnerable to CVE-2024-1135 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses Gunicorn-20.1.0-py3-none-any.whl which is vulnerable to CVE-2024-1135 Vulnerability Details ** CVEID: CVE-2024-1135 DESCRIPTION: **Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP...

7.5CVSS

5.3AI Score

0.0004EPSS

2024-06-03 12:13 PM
3
ibm
ibm

Security Bulletin: mio-0.8.10.crate, and mio-0.8.8.crate is vulnerable to CVE-2024-27308 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses mio-0.8.10.crate and mio-0.8.8.crate which is vulnerable to CVE-2024-27308 Vulnerability Details ** CVEID: CVE-2024-27308 DESCRIPTION: **Tokio Mio s vulnerable to a denial of service, caused by a use-after-free flaw due to tokens for.....

7.5CVSS

6.9AI Score

0.0004EPSS

2024-06-03 12:13 PM
4
ibm
ibm

Security Bulletin: IBM Asset Data Dictionary Component uses jose4j-0.9.3.jar which is vulnerable to CVE-2023-51775.

Summary IBM Asset Data Dictionary Component uses jose4j-0.9.3.jar which is vulnerable to CVE-2023-51775. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details ** CVEID: CVE-2023-51775 DESCRIPTION: **jose4j is vulnerable to a denial of service,...

7AI Score

0.0004EPSS

2024-06-07 06:47 AM
2
osv
osv

Moderate: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): nghttp2: CONTINUATION frames DoS (CVE-2024-28182) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

5.3CVSS

5.7AI Score

0.0004EPSS

2024-06-14 02:00 PM
3
osv
osv

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): libxml2: use-after-free in XMLReader (CVE-2024-25062) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS

6.8AI Score

0.0005EPSS

2024-06-14 01:59 PM
1
githubexploit
githubexploit

Exploit for CVE-2024-2961

iconvfix Bash script to patch for...

7.2AI Score

2024-05-30 01:45 PM
47
ibm
ibm

Security Bulletin: IBM Maximo Application Suite uses bcprov-jdk18on-1.74.jar which is vulnerable to CVE-2024-30171

Summary IBM Maximo Application Suite uses bcprov-jdk18on-1.74.jar which is vulnerable to CVE-2024-30171.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-30171 DESCRIPTION: **The Bouncy Castle Crypto Package For Java could...

6.4AI Score

0.0004EPSS

2024-06-12 01:46 PM
2
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354).

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354).This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details **...

7CVSS

7.1AI Score

0.0004EPSS

2024-06-12 01:44 PM
1
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service when using the openidConnectClient-1.0 or socialLogin-1.0 feature which is vulnerable to CVE-2024-22353

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service when using the openidConnectClient-1.0 or socialLogin-1.0 feature which is vulnerable toCVE-2024-22353.This bulletin contains information regarding the...

7.5CVSS

7.1AI Score

0.0004EPSS

2024-06-12 01:38 PM
2
ibm
ibm

Security Bulletin: IBM Maximo Application Suite uses express-4.18.2.tgz which is vulnerable to CVE-2024-29041.

Summary IBM Maximo Application Suite uses express-4.18.2.tgz which is vulnerable to CVE-2024-29041. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details ** CVEID: CVE-2024-29041 DESCRIPTION: **Express.js Express could allow a remote attacker to.....

6.1CVSS

6.3AI Score

0.0004EPSS

2024-06-06 06:30 AM
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses: webSphere Application Server Liberty is vulnerable to a server-side request forgery (SSRF) vulnerability which is vulnerable to CVE-2024-22329

Summary IBM Maximo Application Suite Predict Component uses: webSphere Application Server Liberty is vulnerable to a server-side request forgery (SSRF) vulnerability which is vulnerable to CVE-2024-22329. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability....

4.3CVSS

6.3AI Score

0.0004EPSS

2024-06-12 01:43 PM
2
Total number of security vulnerabilities368010