|
312111
|
4.9 |
MEDIUM
Network
|
continew
|
admin
|
A vulnerability classified as critical was found in ContiNew Admin 3.2.0. Affected by this vulnerability is the function top.continew.starter.extension.crud.controller.BaseController#tree of the file…
|
CWE-89
SQL Injection
|
CVE-2024-8155
|
2024-09-12 22:53 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312112
|
5.4 |
MEDIUM
Network
|
sap
|
commerce_backoffice
|
SAP Commerce Backoffice does not sufficiently
encode user-controlled inputs, resulting in Cross-Site Scripting (XSS)
vulnerability causing low impact on confidentiality and integrity of the
applicati…
|
CWE-79
Cross-site Scripting
|
CVE-2024-41735
|
2024-09-12 22:53 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312113
|
4.3 |
MEDIUM
Network
|
sap
|
permit_to_work
|
Under certain conditions SAP Permit to Work
allows an authenticated attacker to access information which would otherwise be
restricted causing low impact on the confidentiality of the application.
|
NVD-CWE-noinfo
|
CVE-2024-41736
|
2024-09-12 22:51 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312114
|
5.0 |
MEDIUM
Network
|
sap
|
crm_abap_insights_management
|
SAP CRM ABAP (Insights
Management) allows an authenticated attacker to enumerate HTTP endpoints in the
internal network by specially crafting HTTP requests. On successful
exploitation this can result…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-41737
|
2024-09-12 22:49 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312115
|
4.3 |
MEDIUM
Network
|
sap
|
business_objects_business_intelligence_platform
|
SAP BusinessObjects Business Intelligence
Platform allows an authenticated attacker to upload malicious code over the
network, that could be executed by the application. On successful exploitatio…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-42375
|
2024-09-12 22:46 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312116
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ibmvnic: free reset-work-item when flushing
Fix a tiny memory leak when flushing the reset work queue.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2022-48905
|
2024-09-12 22:44 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312117
|
6.5 |
MEDIUM
Network
|
sap
|
shared_service_framework
|
SAP Shared Service Framework does not perform necessary
authorization check for an authenticated user, resulting in escalation of
privileges. On successful exploitation, an attacker can cause a high …
|
CWE-862
Missing Authorization
|
CVE-2024-42376
|
2024-09-12 22:43 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312118
|
4.3 |
MEDIUM
Network
|
sap
|
shared_service_framework
|
SAP shared service framework allows an
authenticated non-administrative user to call a remote-enabled function, which
will allow them to insert value entries into a non-sensitive table, causing low
i…
|
CWE-862
Missing Authorization
|
CVE-2024-42377
|
2024-09-12 22:42 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312119
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
mptcp: Correctly set DATA_FIN timeout when number of retransmits is large
Syzkaller with UBSAN uncovered a scenario where a large…
|
NVD-CWE-noinfo
|
CVE-2022-48906
|
2024-09-12 22:41 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312120
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
During driver initialization, the pointer of card info, i.e. the…
|
CWE-476
NULL Pointer Dereference
|
CVE-2022-48908
|
2024-09-12 22:37 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
