Feed aggregator

CVE-2019-0266

NVD Vulnerabilities - 2 hours 31 min ago
Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased.
Categories: NVD

CVE-2019-0267

NVD Vulnerabilities - 2 hours 31 min ago
SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application.
Categories: NVD

CVE-2019-0257

NVD Vulnerabilities - 2 hours 32 min ago
Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Categories: NVD

CVE-2019-0258

NVD Vulnerabilities - 2 hours 32 min ago
SAP Disclosure Management, version 10.01, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Categories: NVD

CVE-2019-0259

NVD Vulnerabilities - 2 hours 32 min ago
SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.
Categories: NVD

CVE-2019-0261

NVD Vulnerabilities - 2 hours 32 min ago
Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack)).
Categories: NVD

CVE-2019-0262

NVD Vulnerabilities - 2 hours 32 min ago
SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability.
Categories: NVD

CVE-2019-0265

NVD Vulnerabilities - 2 hours 32 min ago
SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75.
Categories: NVD

CVE-2019-0251

NVD Vulnerabilities - 2 hours 32 min ago
The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Categories: NVD

CVE-2019-0254

NVD Vulnerabilities - 2 hours 32 min ago
SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Categories: NVD

CVE-2019-0255

NVD Vulnerabilities - 2 hours 32 min ago
SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality.
Categories: NVD

CVE-2019-0256

NVD Vulnerabilities - 2 hours 32 min ago
Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted.
Categories: NVD

CVE-2019-6974 (linux_kernel)

NVD Vulnerabilities - 5 hours 32 min ago
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
Categories: NVD

CVE-2019-8347 (beescms)

NVD Vulnerabilities - 5 hours 32 min ago
BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI.
Categories: NVD

CVE-2019-8345 (es_file_explorer_file_manager)

NVD Vulnerabilities - 6 hours 32 min ago
The Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an attacker's web site is displayed in a WebView with no information about the URL.
Categories: NVD

CVE-2019-8341

NVD Vulnerabilities - 13 hours 32 min ago
An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI.
Categories: NVD

CVE-2019-8343

NVD Vulnerabilities - 13 hours 32 min ago
In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.
Categories: NVD

CVE-2019-6589

NVD Vulnerabilities - Wed, 02/13/2019 - 19:29
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility.
Categories: NVD

CVE-2018-6267

NVD Vulnerabilities - Wed, 02/13/2019 - 17:29
NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software does not validate or incorrectly validates input that can affect the control flow or data flow of a program, which may lead to denial of service or escalation of privileges. Android ID: A-70857947.
Categories: NVD

CVE-2018-6268

NVD Vulnerabilities - Wed, 02/13/2019 - 17:29
NVIDIA Tegra library contains a vulnerability in libnvmmlite_video.so, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges. Android ID: A-80433161.
Categories: NVD