Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-08 | CVE-2024-43697 | Unspecified vulnerability in Openatom Openharmony in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input. | 5.5 |
| 2024-10-08 | CVE-2024-45277 | Unspecified vulnerability in SAP Hana-Client The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. | 4.3 |
| 2024-10-08 | CVE-2024-45278 | Cross-site Scripting vulnerability in SAP Commerce Backoffice 2205/2211 SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2024-10-08 | CVE-2024-45282 | Trusting HTTP Permission Methods on the Server Side vulnerability in SAP S/4 Hana Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. | 5.3 |
| 2024-10-08 | CVE-2024-45382 | Out-of-bounds Write vulnerability in Openatom Openharmony in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write. | 5.5 |
| 2024-10-08 | CVE-2024-47594 | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal 7.50 SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. | 5.4 |
| 2024-10-08 | CVE-2024-8925 | Unspecified vulnerability in PHP-Fpm In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. | 5.3 |
| 2024-10-08 | CVE-2024-8926 | OS Command Injection vulnerability in PHP-Fpm In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. | 8.8 |
| 2024-10-08 | CVE-2024-8927 | Unspecified vulnerability in PHP-Fpm In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. | 7.5 |
| 2024-10-08 | CVE-2024-9026 | Unspecified vulnerability in PHP-Fpm In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. | 3.3 |