921
|
7.3 |
HIGH
Network
sap
|
s4core
|
When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leadi…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-35870
|
2024-09-29 07:15 |
2023-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
922
|
7.1 |
HIGH
Local
|
sap
|
sql_anywhere
|
SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local sys…
|
CWE-277 CWE-732
Insecure Inherited Permissions Incorrect Permission Assignment for Critical Resource
|
CVE-2023-33990
|
2024-09-29 07:15 |
2023-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
923
|
2.7 |
LOW
Network
|
sap
|
netweaver
|
SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program…
|
-
|
CVE-2023-32114
|
2024-09-29 07:15 |
2023-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
924
|
7.8 |
HIGH
Local
|
ui
|
unifi_network_application
|
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell acces…
|
CWE-77
Command Injection
|
CVE-2024-42025
|
2024-09-29 03:35 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
925
|
6.7 |
MEDIUM
Local
|
google
|
android
|
In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploit…
|
CWE-415
Double Free
|
CVE-2023-32824
|
2024-09-29 03:35 |
2023-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
926
|
5.5 |
MEDIUM
Local
|
sqlite redhat fedoraproject
|
sqlite enterprise_linux extra_packages_for_enterprise_linux fedora
|
A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malici…
|
CWE-416
Use After Free
|
CVE-2024-0232
|
2024-09-28 13:15 |
2024-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
927
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trig…
|
CWE-476
NULL Pointer Dereference
|
CVE-2023-7042
|
2024-09-28 13:15 |
2023-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
928
|
- |
|
-
|
-
|
A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.
|
CWE-415
Double Free
|
CVE-2024-2002
|
2024-09-28 12:15 |
2024-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
929
|
8.0 |
HIGH
Adjacent
|
tp-link
|
archer_c55_firmware archer_c50_v3_firmware
|
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C5…
|
CWE-78
OS Command
|
CVE-2023-31188
|
2024-09-28 06:35 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
930
|
8.0 |
HIGH
Network
|
apache
|
airflow
|
The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the …
|
CWE-384
Session Fixation
|
CVE-2023-40273
|
2024-09-28 06:35 |
2023-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|