Filtered by vendor Sap
Subscribe
Total
1304 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-41166 | 1 Sap | 1 3d Visual Enterprise Author | 2022-10-12 | N/A | 5.5 MEDIUM |
Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | |||||
CVE-2022-41167 | 1 Sap | 1 3d Visual Enterprise Author | 2022-10-12 | N/A | 7.8 HIGH |
Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | |||||
CVE-2022-39806 | 1 Sap | 1 3d Visual Enterprise Author | 2022-10-12 | N/A | 7.8 HIGH |
Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Drawing (.slddrw, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | |||||
CVE-2022-39804 | 1 Sap | 1 3d Visual Enterprise Author | 2022-10-12 | N/A | 7.8 HIGH |
Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Part (.sldprt, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | |||||
CVE-2022-39805 | 1 Sap | 1 3d Visual Enterprise Author | 2022-10-12 | N/A | 7.8 HIGH |
Due to lack of proper memory management, when a victim opens a manipulated Computer Graphics Metafile (.cgm, CgmTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | |||||
CVE-2022-41168 | 1 Sap | 1 3d Visual Enterprise Author | 2022-10-12 | N/A | 7.8 HIGH |
Due to lack of proper memory management, when a victim opens a manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | |||||
CVE-2022-41173 | 1 Sap | 1 3d Visual Enterprise Author | 2022-10-12 | N/A | 5.5 MEDIUM |
Due to lack of proper memory management, when a victim opens manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | |||||
CVE-2022-41171 | 1 Sap | 1 3d Visual Enterprise Author | 2022-10-12 | N/A | 5.5 MEDIUM |
Due to lack of proper memory management, when a victim opens manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | |||||
CVE-2022-41170 | 1 Sap | 1 3d Visual Enterprise Author | 2022-10-12 | N/A | 7.8 HIGH |
Due to lack of proper memory management, when a victim opens a manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | |||||
CVE-2022-41172 | 1 Sap | 1 3d Visual Enterprise Author | 2022-10-12 | N/A | 7.8 HIGH |
Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | |||||
CVE-2022-41175 | 1 Sap | 1 3d Visual Enterprise Author | 2022-10-12 | N/A | 7.8 HIGH |
Due to lack of proper memory management, when a victim opens a manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | |||||
CVE-2022-41169 | 1 Sap | 1 3d Visual Enterprise Author | 2022-10-12 | N/A | 5.5 MEDIUM |
Due to lack of proper memory management, when a victim opens manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | |||||
CVE-2022-41174 | 1 Sap | 1 3d Visual Enterprise Author | 2022-10-12 | N/A | 5.5 MEDIUM |
Due to lack of proper memory management, when a victim opens manipulated Right Hemisphere Material (.rhm, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | |||||
CVE-2022-41177 | 1 Sap | 1 3d Visual Enterprise Author | 2022-10-12 | N/A | 7.8 HIGH |
Due to lack of proper memory management, when a victim opens a manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | |||||
CVE-2022-41176 | 1 Sap | 1 3d Visual Enterprise Author | 2022-10-12 | N/A | 5.5 MEDIUM |
Due to lack of proper memory management, when a victim opens manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | |||||
CVE-2022-39803 | 1 Sap | 1 3d Visual Enterprise Author | 2022-10-12 | N/A | 7.8 HIGH |
Due to lack of proper memory management, when a victim opens a manipulated ACIS Part and Assembly (.sat, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | |||||
CVE-2022-35299 | 1 Sap | 2 Sap Iq, Sql Anywhere | 2022-10-12 | N/A | 9.8 CRITICAL |
SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow. | |||||
CVE-2022-35296 | 1 Sap | 1 Businessobjects Business Intelligence | 2022-10-12 | N/A | 4.9 MEDIUM |
Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality. | |||||
CVE-2022-35226 | 1 Sap | 1 Data Services | 2022-10-12 | N/A | 6.1 MEDIUM |
SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. The attacker would have to log in to the management console to perform such as an attack, only few of the pages are vulnerable in the DS management console. | |||||
CVE-2022-35297 | 1 Sap | 1 Enable Now | 2022-10-12 | N/A | 5.4 MEDIUM |
The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability. |