The NVD has a new announcement page with status updates, news, and how to stay connected!
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2024-33001 - SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus d... read CVE-2024-33001
Published: June 10, 2024; 11:15:10 PM -0400V3.1: 6.5 MEDIUM
-
CVE-2024-34690 - SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitiv... read CVE-2024-34690
Published: June 10, 2024; 11:15:11 PM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-34684 - On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrati... read CVE-2024-34684
Published: June 10, 2024; 11:15:10 PM -0400V3.1: 6.0 MEDIUM
-
CVE-2024-32864 - Under certain circumstances exacqVision Web Services will not enforce secure web communications (HTTPS)
Published: August 01, 2024; 5:15:27 PM -0400V3.1: 8.1 HIGH
-
CVE-2024-32865 - Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices.
Published: August 01, 2024; 6:15:24 PM -0400V3.1: 7.3 HIGH
-
CVE-2024-32758 - Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange
Published: August 01, 2024; 6:15:24 PM -0400V3.1: 7.5 HIGH
-
CVE-2024-32862 - Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains.
Published: August 01, 2024; 6:15:24 PM -0400V3.1: 8.1 HIGH
-
CVE-2024-32931 - Under certain circumstances the exacqVision Web Service can expose authentication token details within communications.
Published: August 01, 2024; 6:15:25 PM -0400V3.1: 5.7 MEDIUM
-
CVE-2024-32863 - Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF)
Published: August 01, 2024; 5:15:26 PM -0400V3.1: 8.8 HIGH
-
CVE-2024-37176 - SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact... read CVE-2024-37176
Published: June 10, 2024; 11:15:12 PM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-41948 - biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdP... read CVE-2024-41948
Published: August 01, 2024; 6:15:28 PM -0400V3.1: 5.0 MEDIUM
-
CVE-2024-41949 - biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdP... read CVE-2024-41949
Published: August 01, 2024; 6:15:28 PM -0400V3.1: 6.4 MEDIUM
-
CVE-2024-27877 - The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory cont... read CVE-2024-27877
Published: July 29, 2024; 7:15:10 PM -0400V3.1: 6.1 MEDIUM
-
CVE-2024-37334 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Published: July 09, 2024; 1:15:22 PM -0400V3.1: 8.8 HIGH
-
CVE-2024-7446 - A vulnerability, which was classified as critical, was found in itsourcecode Ticket Reservation System 1.0. This affects an unknown part of the file list_tickets.php. The manipulation of the argument prefSeat_id leads to sql injection. It is possi... read CVE-2024-7446
Published: August 03, 2024; 5:15:39 PM -0400V3.1: 7.2 HIGH
-
CVE-2024-7445 - A vulnerability, which was classified as critical, has been found in itsourcecode Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file checkout_ticket_save.php. The manipulation of the argument data leads... read CVE-2024-7445
Published: August 03, 2024; 4:15:39 PM -0400V3.1: 7.2 HIGH
-
CVE-2024-7450 - A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resume_upload.php of the component Image Handler. The manipulation o... read CVE-2024-7450
Published: August 03, 2024; 11:15:38 PM -0400 -
CVE-2024-7451 - A vulnerability was found in itsourcecode Placement Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file apply_now.php. The manipulation of the argument id leads to sql injection. The a... read CVE-2024-7451
Published: August 04, 2024; 12:17:03 AM -0400V4.0: 8.7 HIGH
V3.1: 9.8 CRITICAL
-
CVE-2024-7452 - A vulnerability was found in itsourcecode Placement Management System 1.0. It has been classified as critical. This affects an unknown part of the file view_company.php. The manipulation of the argument id leads to sql injection. It is possible to... read CVE-2024-7452
Published: August 04, 2024; 12:17:04 AM -0400V4.0: 8.7 HIGH
V3.1: 9.8 CRITICAL
-
CVE-2024-42152 - In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a possible leak when destroy a ctrl during qp establishment In nvmet_sq_destroy we capture sq->ctrl early and if it is non-NULL we know that a ctrl was allocated (in ... read CVE-2024-42152
Published: July 30, 2024; 4:15:06 AM -0400V3.1: 4.7 MEDIUM