Search Results (1699 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-9594 1 Sap 1 Sap Kernel 2025-04-12 N/A
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734.
CVE-2014-8659 1 Sap 1 Environment Health And Safety 2025-04-12 N/A
Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2014-8311 1 Sap 1 Businessobjects 2025-04-12 N/A
SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener.
CVE-2015-8029 1 Sap 1 3d Visual Enterprise Viewer 2025-04-12 N/A
SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted Filmbox document, which triggers memory corruption.
CVE-2014-5506 1 Sap 1 Crystal Reports 2025-04-12 N/A
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file.
CVE-2015-7730 1 Sap 3 Businessobjects, Businessobjects Edge, Businessobjects Xi 2025-04-12 N/A
SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108.
CVE-2014-9595 1 Sap 1 Sap Kernel 2025-04-12 N/A
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271.
CVE-2016-2389 1 Sap 1 Netweaver 2025-04-12 N/A
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.
CVE-2014-3131 1 Sap 1 Profile Maintenance 2025-04-12 N/A
SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1.
CVE-2014-5173 1 Sap 1 Hana Extended Application Services 2025-04-12 N/A
SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public.
CVE-2014-5175 1 Sap 1 Solution Manager 2025-04-12 N/A
The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS.
CVE-2014-4012 1 Sap 1 Open Hub Service 2025-04-12 N/A
SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-4011 1 Sap 1 Capacity Leveling 2025-04-12 N/A
SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-9569 1 Sap 1 Netweaver Business Client For Html 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285.
CVE-2014-2751 1 Sap 1 Print And Output Management 2025-04-12 N/A
SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-2749 1 Sap 1 Hana 2025-04-12 N/A
The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request.
CVE-2014-8660 1 Sap 1 Document Management Services 2025-04-12 N/A
SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors.
CVE-2016-6148 1 Sap 1 Hana 2025-04-12 N/A
SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136.
CVE-2016-4018 1 Sap 1 Hana 2025-04-12 N/A
The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742.
CVE-2016-4016 1 Sap 1 Java As 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication, aka SAP Security Note 2201295.