CVE-2024-33001 - SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus d... read CVE-2024-33001
Published: June 10, 2024; 11:15:10 PM -0400

V3.1: 6.5 MEDIUM

CVE-2024-34690 - SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitiv... read CVE-2024-34690
Published: June 10, 2024; 11:15:11 PM -0400

V3.1: 5.4 MEDIUM

CVE-2024-34684 - On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrati... read CVE-2024-34684
Published: June 10, 2024; 11:15:10 PM -0400

V3.1: 6.0 MEDIUM

CVE-2024-32864 - Under certain circumstances exacqVision Web Services will not enforce secure web communications (HTTPS)
Published: August 01, 2024; 5:15:27 PM -0400

V3.1: 8.1 HIGH

CVE-2024-32865 - Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices.
Published: August 01, 2024; 6:15:24 PM -0400

V3.1: 7.3 HIGH

CVE-2024-32758 - Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange
Published: August 01, 2024; 6:15:24 PM -0400

V3.1: 7.5 HIGH

CVE-2024-32862 - Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains.
Published: August 01, 2024; 6:15:24 PM -0400

V3.1: 8.1 HIGH

CVE-2024-32931 - Under certain circumstances the exacqVision Web Service can expose authentication token details within communications.
Published: August 01, 2024; 6:15:25 PM -0400

V3.1: 5.7 MEDIUM

CVE-2024-32863 - Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF)
Published: August 01, 2024; 5:15:26 PM -0400

V3.1: 8.8 HIGH

CVE-2024-37176 - SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact... read CVE-2024-37176
Published: June 10, 2024; 11:15:12 PM -0400

V3.1: 5.4 MEDIUM

CVE-2024-41948 - biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdP... read CVE-2024-41948
Published: August 01, 2024; 6:15:28 PM -0400

V3.1: 5.0 MEDIUM

CVE-2024-41949 - biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdP... read CVE-2024-41949
Published: August 01, 2024; 6:15:28 PM -0400

V3.1: 6.4 MEDIUM

CVE-2024-27877 - The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory cont... read CVE-2024-27877
Published: July 29, 2024; 7:15:10 PM -0400

V3.1: 6.1 MEDIUM

CVE-2024-37334 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Published: July 09, 2024; 1:15:22 PM -0400

V3.1: 8.8 HIGH

CVE-2024-7446 - A vulnerability, which was classified as critical, was found in itsourcecode Ticket Reservation System 1.0. This affects an unknown part of the file list_tickets.php. The manipulation of the argument prefSeat_id leads to sql injection. It is possi... read CVE-2024-7446
Published: August 03, 2024; 5:15:39 PM -0400

V3.1: 7.2 HIGH

CVE-2024-7445 - A vulnerability, which was classified as critical, has been found in itsourcecode Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file checkout_ticket_save.php. The manipulation of the argument data leads... read CVE-2024-7445
Published: August 03, 2024; 4:15:39 PM -0400

V3.1: 7.2 HIGH

CVE-2024-7450 - A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resume_upload.php of the component Image Handler. The manipulation o... read CVE-2024-7450
Published: August 03, 2024; 11:15:38 PM -0400

V4.0: 8.7 HIGH
V3.1: 8.8 HIGH

CVE-2024-7451 - A vulnerability was found in itsourcecode Placement Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file apply_now.php. The manipulation of the argument id leads to sql injection. The a... read CVE-2024-7451
Published: August 04, 2024; 12:17:03 AM -0400

V4.0: 8.7 HIGH
V3.1: 9.8 CRITICAL

CVE-2024-7452 - A vulnerability was found in itsourcecode Placement Management System 1.0. It has been classified as critical. This affects an unknown part of the file view_company.php. The manipulation of the argument id leads to sql injection. It is possible to... read CVE-2024-7452
Published: August 04, 2024; 12:17:04 AM -0400

V4.0: 8.7 HIGH
V3.1: 9.8 CRITICAL

CVE-2024-42152 - In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a possible leak when destroy a ctrl during qp establishment In nvmet_sq_destroy we capture sq->ctrl early and if it is non-NULL we know that a ctrl was allocated (in ... read CVE-2024-42152
Published: July 30, 2024; 4:15:06 AM -0400

V3.1: 4.7 MEDIUM