768 matches found
SAP Adaptive Server Enterprise 16 Denial Of Service
Application: SAP Adaptive Server Enterprise Versions Affected: SAP Adaptive Server Enterprise 16 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 01.02.2016 Reported: 02.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note 2330839 Author:...
CVE-2016-7437
SAP Netweaver 7.40 improperly logs 1 DUI and 2 DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 225231...
CVE-2016-4407
The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008...
CVE-2016-4407
The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008...
CVE-2016-3946
SAP Console aka SAPConsole 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461...
CVE-2016-3638
SAP SLD Registration Program aka SLDREG allows local users to cause a denial of service memory corruption and process termination via a crafted HOST parameter, aka SAP Security Note 2125623...
Memory corruption
SAP SLD Registration Program aka SLDREG allows local users to cause a denial of service memory corruption and process termination via a crafted HOST parameter, aka SAP Security Note 2125623...
Code injection
SAP Netweaver 7.40 improperly logs 1 DUI and 2 DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 225231...
Code injection
The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008...
Code injection
SAP Console aka SAPConsole 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461...
CVE-2016-3635
SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity UCON access control list and execute arbitrary Remote Function Modules RFM by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP...
CVE-2016-3638
SAP SLD Registration Program (SLDREG) is the affected component. The issue enables a local attacker to cause a denial of service via a crafted HOST parameter, due to memory corruption and process termination. The root cause is the handling of the HOST parameter within SLDREG. The impact is a loca...
CVE-2016-7437
SAP NetWeaver 7.40 is affected by an issue where the SAP Security Audit Log misclassifies (1) DUI and (2) DUJ events as non-critical, potentially enabling local users to obscure rejected RFC function callback attempts by filtering non-critical events in audit reports. This is linked to SAP Securi...
CVE-2016-3635
CVE-2016-3635 affects SAP NetWeaver 7.4. Remote authenticated users can bypass the Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by using a connection created from an earlier execution of an anonymous RFM included in a Communication Assembly (...
CVE-2016-7437
SAP Netweaver 7.40 improperly logs 1 DUI and 2 DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 225231...
CVE-2016-3946
SAP Console aka SAPConsole 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461...
CVE-2016-3946
SAP Console (aka SAPConsole) 7.30 is affected by an information disclosure vulnerability where local users can read the Windows registry to obtain SAP Server login credentials. Root cause: insecure handling/storage of credentials in the Windows registry as described in SAP Security Note 2121461. ...
CVE-2016-4407
The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008...
CVE-2016-7435
The 1 SCTCREFRESHEXPORTTABCOMP, 2 SCTCREFRESHCHECKENV, and 3 SCTCTMSMAINTAINALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security...
Code injection
The 1 SAPBASIS and 2 SAPABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621...