Filtered by vendor Sap
Subscribe
Total
1304 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-6139 | 1 Sap | 1 Trex | 2016-11-28 | 7.6 HIGH | 9.8 CRITICAL |
SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591. | |||||
CVE-2016-6140 | 1 Sap | 1 Trex | 2016-11-28 | 7.6 HIGH | 9.8 CRITICAL |
SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591. | |||||
CVE-2016-4551 | 1 Sap | 3 Netweaver, Sap Aba, Sap Basis | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621. | |||||
CVE-2016-4407 | 1 Sap | 1 Sapcryptolib | 2016-11-28 | 4.0 MEDIUM | 6.5 MEDIUM |
The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008. | |||||
CVE-2016-3946 | 1 Sap | 1 Sapconsole | 2016-11-28 | 4.6 MEDIUM | 7.8 HIGH |
SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461. | |||||
CVE-2016-3635 | 1 Sap | 1 Netweaver | 2016-11-28 | 6.0 MEDIUM | 7.5 HIGH |
SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366. | |||||
CVE-2015-4159 | 1 Sap | 1 Hana Web-based Development Workbench | 2016-11-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. | |||||
CVE-2015-4157 | 1 Sap | 1 Content Server | 2016-11-28 | 5.0 MEDIUM | N/A |
SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995. | |||||
CVE-2015-4158 | 1 Sap | 2 Netweaver Abap Application Server, Netweaver Java Application Server | 2016-11-28 | 5.0 MEDIUM | N/A |
SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. | |||||
CVE-2015-4160 | 1 Sap | 1 Ase Database Platform | 2016-11-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. | |||||
CVE-2003-0265 | 1 Sap | 1 Sap Db | 2016-10-17 | 6.2 MEDIUM | N/A |
Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local attackers to gain root privileges by modifying the files before the permissions are changed. | |||||
CVE-2016-3638 | 1 Sap | 1 Sld Registration | 2016-10-14 | 2.1 LOW | 5.5 MEDIUM |
SAP SLD Registration Program (aka SLDREG) allows local users to cause a denial of service (memory corruption and process termination) via a crafted HOST parameter, aka SAP Security Note 2125623. | |||||
CVE-2016-7437 | 1 Sap | 1 Netweaver | 2016-10-13 | 2.1 LOW | 3.3 LOW |
SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312. | |||||
CVE-2016-6142 | 1 Sap | 1 Hana | 2016-09-28 | 5.0 MEDIUM | 7.5 HIGH |
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459. | |||||
CVE-2016-6146 | 1 Sap | 1 Trex | 2016-09-28 | 5.0 MEDIUM | 5.3 MEDIUM |
The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226. | |||||
CVE-2016-6137 | 1 Sap | 1 Trex | 2016-09-28 | 10.0 HIGH | 9.8 CRITICAL |
An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591. | |||||
CVE-2016-3639 | 1 Sap | 1 Hana Db | 2016-09-28 | 5.0 MEDIUM | 4.3 MEDIUM |
SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128. | |||||
CVE-2016-3640 | 1 Sap | 1 Hana Db | 2016-08-11 | 2.1 LOW | 5.5 MEDIUM |
The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905. | |||||
CVE-2016-2536 | 2 Google, Sap | 2 Sketchup, 3d Visual Enterprise Viewer | 2016-05-19 | 6.8 MEDIUM | 8.8 HIGH |
Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp. | |||||
CVE-2015-7994 | 1 Sap | 1 Hana | 2015-11-12 | 7.5 HIGH | N/A |
The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428. |