1301
|
5.3 |
MEDIUM
Network
|
sap
|
business_one
|
SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high imp…
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2023-37487
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1302
|
7.5 |
HIGH
Network
sap
|
commerce_cloud commerce_hycom
|
Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successf…
|
CWE-524
Use of Cache Containing Sensitive Information
|
CVE-2023-37486
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1303
|
9.8 |
CRITICAL
Network
sap
|
powerdesigner
|
SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-37483
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1304
|
5.3 |
MEDIUM
Network
sap
|
enable_now
|
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated …
|
CWE-213
|
CVE-2023-36919
|
2024-09-29 07:15 |
2023-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1305
|
7.4 |
HIGH
Network
|
sap
|
netweaver_application_server_abap
|
SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-35874
|
2024-09-29 07:15 |
2023-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1306
|
7.3 |
HIGH
Network
sap
|
s4core
|
When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leadi…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-35870
|
2024-09-29 07:15 |
2023-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1307
|
7.1 |
HIGH
Local
|
sap
|
sql_anywhere
|
SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local sys…
|
CWE-277 CWE-732
Insecure Inherited Permissions Incorrect Permission Assignment for Critical Resource
|
CVE-2023-33990
|
2024-09-29 07:15 |
2023-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1308
|
2.7 |
LOW
Network
|
sap
|
netweaver
|
SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program…
|
-
|
CVE-2023-32114
|
2024-09-29 07:15 |
2023-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1309
|
7.8 |
HIGH
Local
|
ui
|
unifi_network_application
|
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell acces…
|
CWE-77
Command Injection
|
CVE-2024-42025
|
2024-09-29 03:35 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1310
|
6.7 |
MEDIUM
Local
|
google
|
android
|
In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploit…
|
CWE-415
Double Free
|
CVE-2023-32824
|
2024-09-29 03:35 |
2023-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|