CVE-2026-8914

CVE-2026-8914 affects Teltonika Networks RUTOS devices (versions 7.22–7.23.2) and TSWOS devices (1.09–1.09.1). The root cause is unsafe calls to an eval function in rpc-profile, allowing a lower-privileged user to perform command injection as root. CVSS details in the provided data indicate local...

EUVD-2009-0368

Malware in sbrugna...

CVE-2022-26100

SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obtain privileged access to the system...

CVE-2023-4472 Cryptographically weak PRNG in Opinio 7.22

Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator PRNG coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application...

CVE-2024-22124

Under certain conditions, Internet Communication Manager ICM or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, WEBDISP 7.22EXT, WEBDISP 7.53, WEBDISP 7.54, could allow an attacker to access...

Design/Logic Flaw

Under certain conditions, Internet Communication Manager ICM or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, WEBDISP 7.22EXT, WEBDISP 7.53, WEBDISP 7.54, could allow an attacker to access...

CVE-2024-22124

CVE-2024-22124 affects SAP NetWeaver Internet Communication Manager and SAP Web Dispatcher—specifically listed kernel and related components (KERNEL 7.22/7.53/7.54; KRNL64UC 7.22/7.53; KRNL64NUC 7.22/7.22_EXT; WEBDISP 7.22_EXT/7.53/7.54). The vulnerability enables an attacker to access informatio...

CVE-2023-41366 Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT,...

CVE-2023-36926

Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no...

CVE-2023-37491

CVE-2023-37491 concerns an ACL bypass in the SAP Message Server. Affected: SAP Message Server components/versions including KERNEL 7.22, 7.53, 7.54, 7.77 and related RNL64UC/KRNL64NUC variants. Root cause: ACL implementation can be bypassed under certain conditions, enabling an authenticated mali...

PT-2023-4215 · Sap · Sap Host Agent

Name of the Vulnerable Software and Affected Versions: SAP Host Agent version 7.22 Description: The issue is related to a missing authentication check in the SAP Host Agent, allowing an unauthenticated attacker to set an undocumented parameter to a particular compatibility value. This enables the...

CVE-2023-35874 Improper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform

SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, perfor...

PT-2023-4246 · Sap · Sap Message Server

Name of the Vulnerable Software and Affected Versions: SAP Message Server versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT Description: The issue is related to the Access Control List ACL of the SAP Message...

Memory corruption

SAP Host Agent SAPOSCOL - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. This error can be used to reveal but not modify any technical information about...

CVE-2023-24523

An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent Start Service - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges. The OS...

SAP Host Agent Access Control Error Vulnerability

SAP Host Agent is a set of agent programs from SAP that supports a number of lifecycle management tasks such as operating system monitoring, database monitoring and system instance monitoring. An Access Control Error vulnerability exists in SAP Host Agent versions 7.21 and 7.22, which arises from...

PT-2023-15947 · Sap · Sap Host Agent

Name of the Vulnerable Software and Affected Versions: SAP Host Agent Windows versions 7.21, 7.22 Description: An attacker who gains local membership to SAP LocalAdmin could replace executables with a malicious file that will be started under a privileged account. This can only occur if the syste...

SAP Host Agent 访问控制错误漏洞

SAP Host Agent is a set of agent programs from SAP that supports a number of lifecycle management tasks such as operating system monitoring, database monitoring and system instance monitoring. An Access Control Error vulnerability exists in SAP Host Agent versions 7.21 and 7.22, which arises from...

CVE-2022-35295

In SAP Host Agent SAPOSCOL - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves...

CVE-2022-35295

In SAP Host Agent SAPOSCOL - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves...