Buffer overflow

Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service resource consumption and process crash by sending a crafted packet several times, aka SAP Security Note 2308778...

Stack overflow

Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238...

CVE-2016-10310

Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service resource consumption and process crash by sending a crafted packet several times, aka SAP Security Note 2308778...

CVE-2016-10311

Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238...

CVE-2016-10310

Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service resource consumption and process crash by sending a crafted packet several times, aka SAP Security Note 2308778...

Design/Logic Flaw

The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service out-of-memory error and service instability via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788...

CVE-2016-10304

The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service out-of-memory error and service instability via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788...

CVE-2016-10304

The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service out-of-memory error and service instability via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788...

DEBIAN-CVE-2017-0553

An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform...

trytond-account (>=4.0.2 <=4.2.11), trytond-account-asset (>=4.0.2 <=4.2.3) +99 more potentially affected by CVE-2017-0360 via trytond (>=4.0.20 <=4.2.22)

trytond PYPI version =4.0.20, =4.0.2, =4.0.2, =4.0.2, =4.0.2, =4.0.2, =4.2.0, =4.2.1 and more Source cves: CVE-2017-0360 Source advisory: OSV:PYSEC-2017-97...

CVE-2017-7305

Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contain...

Design/Logic Flaw

SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616...

CVE-2017-6950

SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616...

CVE-2017-6950

CVE-2017-6950 affects SAP GUI for Windows 7.2–7.5. The vulnerability allows remote code execution on the client by presenting crafted ABAP code, bypassing intended security policy restrictions (SAP Security Note 2407616). Exploitation would occur on vulnerable SAP GUI endpoints, enabling an attac...

CVE-2016-9557

Integer overflow in jasimage.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service application crash via a crafted file...

SAP NetWeaver UMEADMIN 7.50 Directory Creation

Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA UMEADMIN component Vendor URL: http://SAP.com Bugs: Directory traversal Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 13.12.2016 Reference: SAP Security Note 2310790 Author: Mathieu Geli ERPScan...

Cross site scripting

Cross-site scripting XSS vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. /finance/help/en/frameset.htm is the URI for this component. The vendor response is SAP Securit...

CVE-2017-6061

The CVE covers a Cross-Site Scripting (XSS) vulnerability in the SAP BusinessObjects Financial Consolidation 10.0.0.1933 product, exposed through the help component. Specifically, an attacker can trigger XSS by crafting a GET request to the help UI, notably /finance/help/en/frameset.htm, potentia...

SAP POS Missing Authentication in XpressServer

Application: SAP POS Xpress Server Vendor URL: SAP Bugs: Missing Authentication Reported: 03.04.2017 Vendor response: 04.04.2017 Date of Public Advisory: 11.07.2017 Reference: SAP Security Note 2520064 Author: Dmitry Chastuhin ERPScan VULNERABILITY INFORMATION Class: Missing Authentication Check...

CVE-2017-5501

Integer overflow in libjasper/jpc/jpctsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service crash via a crafted file...