1511
|
9.8 |
CRITICAL
Network
sap
|
powerdesigner
|
SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-37483
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1512
|
5.3 |
MEDIUM
Network
sap
|
enable_now
|
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated …
|
CWE-213
|
CVE-2023-36919
|
2024-09-29 07:15 |
2023-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1513
|
7.4 |
HIGH
Network
|
sap
|
netweaver_application_server_abap
|
SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-35874
|
2024-09-29 07:15 |
2023-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1514
|
7.3 |
HIGH
Network
sap
|
s4core
|
When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leadi…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-35870
|
2024-09-29 07:15 |
2023-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1515
|
7.1 |
HIGH
Local
|
sap
|
sql_anywhere
|
SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local sys…
|
CWE-277 CWE-732
Insecure Inherited Permissions Incorrect Permission Assignment for Critical Resource
|
CVE-2023-33990
|
2024-09-29 07:15 |
2023-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1516
|
2.7 |
LOW
Network
|
sap
|
netweaver
|
SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program…
|
-
|
CVE-2023-32114
|
2024-09-29 07:15 |
2023-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1517
|
7.8 |
HIGH
Local
|
ui
|
unifi_network_application
|
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell acces…
|
CWE-77
Command Injection
|
CVE-2024-42025
|
2024-09-29 03:35 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1518
|
6.7 |
MEDIUM
Local
|
google
|
android
|
In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploit…
|
CWE-415
Double Free
|
CVE-2023-32824
|
2024-09-29 03:35 |
2023-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1519
|
5.5 |
MEDIUM
Local
|
sqlite redhat fedoraproject
|
sqlite enterprise_linux extra_packages_for_enterprise_linux fedora
|
A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malici…
|
CWE-416
Use After Free
|
CVE-2024-0232
|
2024-09-28 13:15 |
2024-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1520
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trig…
|
CWE-476
NULL Pointer Dereference
|
CVE-2023-7042
|
2024-09-28 13:15 |
2023-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|