Total
4661 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43214 | 1 Mycred | 1 Mycred | 2024-09-12 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in myCred.This issue affects myCred: from n/a through 2.7.2. | |||||
| CVE-2024-41730 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-09-12 | N/A | 9.8 CRITICAL |
| In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can fully compromise the system resulting in High impact on confidentiality, integrity and availability. | |||||
| CVE-2024-42376 | 1 Sap | 1 Shared Service Framework | 2024-09-12 | N/A | 6.5 MEDIUM |
| SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high impact on confidentiality of the application. | |||||
| CVE-2024-42377 | 1 Sap | 1 Shared Service Framework | 2024-09-12 | N/A | 4.3 MEDIUM |
| SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application | |||||
| CVE-2024-39591 | 1 Sap | 1 Document Builder | 2024-09-12 | N/A | 4.3 MEDIUM |
| SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application. | |||||
| CVE-2024-41734 | 1 Sap | 1 Netweaver Application Server Abap | 2024-09-12 | N/A | 4.3 MEDIUM |
| Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability. | |||||
| CVE-2024-42373 | 1 Sap | 1 Student Life Cycle Management | 2024-09-12 | N/A | 4.3 MEDIUM |
| SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing minimal impact on the integrity of the application. | |||||
| CVE-2024-6332 | 1 Tmsproducts | 1 Amelia | 2024-09-12 | N/A | 6.5 MEDIUM |
| The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.3. This makes it possible for unauthenticated attackers to access employee calendar details, including Google Calendar OAuth tokens in the premium version. | |||||
| CVE-2024-8427 | 1 Wpshuffle | 1 Frontend Post Submission Manager | 2024-09-11 | N/A | 4.3 MEDIUM |
| The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_global_settings and process_form_edit functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings and forms. | |||||
| CVE-2024-5309 | 1 Wpvibes | 1 Form Vibes | 2024-09-11 | N/A | 5.4 MEDIUM |
| The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analytics_data, get_event_logs_data, delete_submissions, and get_submissions functions in all versions up to, and including, 1.4.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple unauthorized actions. NOTE: This vulnerability is partially fixed in version 1.4.12. | |||||
| CVE-2024-44408 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-09-10 | N/A | 7.5 HIGH |
| D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords. | |||||
| CVE-2024-44117 | 2024-09-10 | N/A | 5.4 MEDIUM | ||
| The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application. | |||||
| CVE-2024-44115 | 2024-09-10 | N/A | 4.3 MEDIUM | ||
| The RFC enabled function module allows a low privileged user to add URLs to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces, and nodes. There is low impact on integrity of the application | |||||
| CVE-2024-45285 | 2024-09-10 | N/A | 5.4 MEDIUM | ||
| The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application. | |||||
| CVE-2024-45286 | 2024-09-10 | N/A | 6.5 MEDIUM | ||
| Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability. | |||||
| CVE-2024-42371 | 2024-09-10 | N/A | 5.4 MEDIUM | ||
| The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact on integrity and availability of the application. | |||||
| CVE-2024-41729 | 2024-09-10 | N/A | 4.3 MEDIUM | ||
| Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application. | |||||
| CVE-2024-45284 | 2024-09-10 | N/A | 2.4 LOW | ||
| An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application. | |||||
| CVE-2024-42380 | 2024-09-10 | N/A | 4.3 MEDIUM | ||
| The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each node. Usernames can be enumerated by exploiting vulnerability. There is low impact on confidentiality of the application. | |||||
| CVE-2024-44116 | 2024-09-10 | N/A | 4.3 MEDIUM | ||
| The RFC enabled function module allows a low privileged user to add any workbook to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces. There is low impact on integrity of the application. | |||||