CVE-2016-6818

SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service data deletion, or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor...

CVE-2016-6818

SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service data deletion, or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor...

CVE-2016-6818

SAP Business Intelligence platform before January 2017 is vulnerable to SQL injection via crafted SQL queries, allowing remote attackers to obtain sensitive information, modify data, cause a DoS by data deletion, or launch administrative operations and potentially OS commands. Root cause: insuffi...

CVE-2016-4030

Samsung SM-G920F build G920FXXU2COH2 Galaxy S6, SM-N9005 build N9005XXUGBOK6 Galaxy Note 3, GT-I9192 build I9192XXUBNB1 Galaxy S4 mini, GT-I9195 build I9195XXUCOL1 Galaxy S4 mini LTE, and GT-I9505 build I9505XXUHOJ2 Galaxy S4 devices have unintended availability of the modem in USB configuration...

CVE-2016-2036

The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 Note 3 and SM-G920F build G920FXXU2COH2 Galaxy S6 devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036...

Null pointer dereference

The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 Note 3 and SM-G920F build G920FXXU2COH2 Galaxy S6 devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036...

Design/Logic Flaw

secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 Note 3 and SM-G920F build G920FXXU2COH2 Galaxy S6 devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the...

CVE-2016-4030

Technical details for CVE-2016-4030 are not publicly provided in the supplied documents. The Connected documents do not contain product/version/root-cause/impact/remediation for this CVE. Monitor for updates from official advisories and vendor advisories.

CVE-2016-6143

SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806...

CVE-2016-6143

SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806...

Code injection

SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806...

CVE-2016-6143

SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806...

CVE-2016-6143

CVE-2016-6143 impact: SAP HANA DB 1.00.73.00.389160 is vulnerable to remote code execution via vectors involving the audit logs (SAP Security Note 2170806). Multiple connected sources confirm this entry and describe an arbitrary code execution possibility. CVSS data indicates high to critical sev...

ALPINE-CVE-2017-7705

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset...

Microsoft Releases April 2017 Security Updates

Microsoft has released 61 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of a system. This Security Update addresses a Microsoft Office vulnerability that is actively being exploited to spread...

Code injection

A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator BWA. The vendor response is SAP Security Note 2419592...

CVE-2017-7691

A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator BWA. The vendor response is SAP Security Note 2419592...

CVE-2017-7691

A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator BWA. The vendor response is SAP Security Note 2419592...

CVE-2017-7691

The CVE-2017-7691 entry concerns a code-injection/remote code execution vulnerability in SAP TREX and the Business Warehouse Accelerator (BWA). The root cause described across sources is an insecure protocol/engine interaction within TREX that could be exploited to inject and execute code on the ...

elfintils 'ebl_object_note_type_name' function denial of service vulnerability

elfutils is a collection of utilities and libraries for reading, creating and modifying ELF binaries. A denial of service vulnerability exists in the 'eblobjectnotetypename' function of the eblobjnotetypename.c file in elfutils version 0.168. A remote attacker can exploit this vulnerability to...