Export limit exceeded: 344083 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344083 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42468 | 1 Openhab | 2 Openhab, Openhab Webui | 2024-09-12 | 5.3 Medium |
| openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. CometVisuServlet in versions prior to 4.2.1 is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTTP GET on the CometVisuServlet. This issue may lead to information disclosure. Users should upgrade to version 4.2.1 of the CometVisu add-on of openHAB to receive a patch. | ||||
| CVE-2024-8707 | 1 Yunknet | 1 Yunke Online School System | 2024-09-12 | 4.3 Medium |
| A vulnerability was found in 云课网络科技有限公司 Yunke Online School System up to 3.0.6. It has been declared as problematic. This vulnerability affects the function downfile of the file application/admin/controller/Appadmin.php. The manipulation of the argument url leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-4556 | 2 Microfocus, Netiq | 2 Netiq Access Manager, Access Manager | 2024-09-12 | 5.7 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1. | ||||
| CVE-2024-41173 | 1 Beckhoff | 2 Ipc Diagnostics Package, Twincat\/bsd | 2024-09-12 | 7.8 High |
| The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker. | ||||
| CVE-2024-33005 | 1 Sap | 4 Content Server, Netweaver Abap, Netweaver Java and 1 more | 2024-09-12 | 6.3 Medium |
| Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions. This could lead to a low impact on confidentiality and a high impact on the integrity and availability of the applications. | ||||
| CVE-2024-43040 | 1 Renwoxing | 1 Intelligent Management System | 2024-09-12 | 9.1 Critical |
| Renwoxing Enterprise Intelligent Management System before v3.0 was discovered to contain a SQL injection vulnerability via the parid parameter at /fx/baseinfo/SearchInfo. | ||||
| CVE-2024-41175 | 1 Beckhoff | 2 Ipc Diagnostics Package, Twincat\/bsd | 2024-09-12 | 5.5 Medium |
| The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local denial-of-service attack by a low privileged attacker. | ||||
| CVE-2024-41730 | 2 Sap, Sap Se | 2 Business Objects Business Intelligence Platform, Sap Business Objects Business Intgelligence Platform | 2024-09-12 | 9.8 Critical |
| In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can fully compromise the system resulting in High impact on confidentiality, integrity and availability. | ||||
| CVE-2024-41733 | 1 Sap | 3 Commerce, Commerce Cloud, Commerce Hycom | 2024-09-12 | 5.3 Medium |
| In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the e-mail that they wish to test for. The impact on confidentiality therefore is low and no impact to integrity or availability | ||||
| CVE-2024-41735 | 1 Sap | 1 Commerce Backoffice | 2024-09-12 | 5.4 Medium |
| SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the application. | ||||
| CVE-2024-8155 | 1 Continew | 1 Admin | 2024-09-12 | 4.7 Medium |
| A vulnerability classified as critical was found in ContiNew Admin 3.2.0. Affected by this vulnerability is the function top.continew.starter.extension.crud.controller.BaseController#tree of the file /api/system/dept/tree?sort=parentId%2Casc&sort=sort%2Casc. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-41736 | 1 Sap | 1 Permit To Work | 2024-09-12 | 4.3 Medium |
| Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application. | ||||
| CVE-2024-41737 | 1 Sap | 1 Crm Abap Insights Management | 2024-09-12 | 5 Medium |
| SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application. | ||||
| CVE-2024-8655 | 1 Mercurycom | 1 Mnvr816 Firmware | 2024-09-12 | 5.3 Medium |
| A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-42376 | 1 Sap | 1 Shared Service Framework | 2024-09-12 | 6.5 Medium |
| SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high impact on confidentiality of the application. | ||||
| CVE-2024-42377 | 1 Sap | 1 Shared Service Framework | 2024-09-12 | 4.3 Medium |
| SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application | ||||
| CVE-2024-8232 | 1 Spidercontrol | 1 Scada Webserver | 2024-09-12 | 7.5 High |
| SpiderControl SCADA Web Server has a vulnerability that could allow an attacker to upload specially crafted malicious files without authentication. | ||||
| CVE-2024-39591 | 1 Sap | 1 Document Builder | 2024-09-12 | 4.3 Medium |
| SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application. | ||||
| CVE-2024-41734 | 1 Sap | 1 Netweaver Application Server Abap | 2024-09-12 | 4.3 Medium |
| Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability. | ||||
| CVE-2024-42373 | 1 Sap | 1 Student Life Cycle Management | 2024-09-12 | 4.3 Medium |
| SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing minimal impact on the integrity of the application. | ||||