|
1581
|
7.5 |
HIGH
Network
sap
|
netweaver_application_server_abap
web_dispatcher
content_server
hana_database
host_agent
extended_application_services_and_runtime
sapssoext
commoncryptolib
netweaver_applicat…
|
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component…
|
CWE-787
Out-of-bounds Write
|
CVE-2023-40308
|
2024-09-27 04:15 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1582
|
5.3 |
MEDIUM
Network
sap
|
powerdesigner
|
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2023-37484
|
2024-09-27 04:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1583
|
5.3 |
MEDIUM
Network
sap
|
host_agent
|
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-36926
|
2024-09-27 04:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1584
|
6.5 |
MEDIUM
Network
|
hashicorp
|
consul
|
Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service…
|
NVD-CWE-noinfo
|
CVE-2023-2816
|
2024-09-27 04:15 |
2023-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1585
|
4.3 |
MEDIUM
Network
|
sentry
|
sentry
|
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-45605
|
2024-09-27 04:14 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1586
|
9.8 |
CRITICAL
Network
apexsoftcell
|
ld_geo
ld_dp_back_office
|
This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability b…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-47088
|
2024-09-27 04:12 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1587
|
6.5 |
MEDIUM
Network
|
apexsoftcell
|
ld_geo
ld_dp_back_office
|
This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by …
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2024-47089
|
2024-09-27 04:09 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1588
|
5.3 |
MEDIUM
Network
circutor
|
q-smt_firmware
|
An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is presen…
|
NVD-CWE-noinfo
|
CVE-2024-8891
|
2024-09-27 03:50 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1589
|
7.5 |
HIGH
Network
coredns.io
|
coredns
|
An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal r…
|
NVD-CWE-noinfo
|
CVE-2023-28452
|
2024-09-27 03:37 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1590
|
7.5 |
HIGH
Network
jeecg
|
jeecg_boot
|
Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection.
|
NVD-CWE-noinfo
|
CVE-2023-41578
|
2024-09-27 03:35 |
2023-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
