Svi - CERT CVE

ID CVSS Sažetak Zadnje ažurirano Objavljeno
CVE-2025-43778 - A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.11, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024. 2025-09-09 02:15:42
CVE-2025-42958 9.1 Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functio 2025-09-09 02:15:42
CVE-2025-42944 10.0 Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to 2025-09-09 02:15:42
CVE-2025-42938 6.1 Due to a Cross-Site Scripting (XSS) vulnerability in the SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated user clicks on this link, the injected input is pro 2025-09-09 02:15:41
CVE-2025-42933 8.8 When a user logs in via SAP Business One native client, the SLD backend service fails to enforce proper encryption of certain APIs. This leads to exposure of sensitive credentials within http response body. As a result, it has a high impact on the co 2025-09-09 02:15:41
CVE-2025-42930 6.5 SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impac 2025-09-09 02:15:41
CVE-2025-42929 8.1 Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and ava 2025-09-09 02:15:41
CVE-2025-42927 3.4 SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would allow user with high system privileges to access and 2025-09-09 02:15:41
CVE-2025-42926 5.3 SAP NetWeaver Application Server Java does not perform an authentication check when an attacker attempts to access internal files within the web application.Upon successfully exploitation, an unauthenticated attacker could access these files to gathe 2025-09-09 02:15:41
CVE-2025-42925 4.3 Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP service, an authenticated attacker with low privileges could predict the identifiers by conducting a brute force search. By leveraging knowledge of severa 2025-09-09 02:15:40
ID CVSS Sažetak Zadnje ažurirano Objavljeno
CVE-2018-4451 9.3 This issue is fixed in macOS Mojave 10.14. A memory corruption issue was addressed with improved input validation. 2020-10-30 02:01:00
CVE-2019-8712 10.0 A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with system privileges. 2021-07-21 11:39:00
CVE-2019-8709 9.3 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. An application may be abl 2021-07-21 11:39:00
CVE-2019-8824 9.3 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with kernel privileges 2021-07-21 11:39:00
CVE-2018-4452 9.3 A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Se 2020-10-30 02:00:00
CVE-2019-8716 10.0 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges. 2021-07-21 11:39:00
CVE-2019-8836 9.3 A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges. 2021-07-21 11:39:00
CVE-2019-8740 9.3 A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 13.1 and iPadOS 13.1, watchOS 6, tvOS 13. An application may be able to execute arbitrary code with kernel privileges. 2021-07-21 11:39:00
CVE-2020-27976 10.0 osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option. 2020-10-29 23:35:00
CVE-2019-8539 9.3 A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. A malicious application may be able to execute arbitrary co 2020-10-30 15:13:00
Stranica
/30773
Zapisa po stranici: