Lucene search
+L
SapRfc Library

8 matches found

cve
cve
added 2007/04/10 11:0 p.m.58 views

CVE-2007-1913

The CVE-2007-1913 entry pertains to SAP RFC Library 6.40 and 7.00 before 20061211. It describes an information-disclosure vulnerability in the TRUSTED_SYSTEM_SECURITY function that could allow remote attackers to verify the existence of users and groups on systems and domains via unspecified vect...

5CVSS6.2AI score0.02224EPSS
cve
cve
added 2007/04/10 11:0 p.m.58 views

CVE-2007-1914

SAP RFC Library 6.40 and 7.00 prior to 20061211 contains a vulnerability in the RFC_START_PROGRAM function that allows remote attackers to obtain sensitive information (external RFC server configuration data) via unspecified vectors. This is a separate issue from CVE-2006-6010. Affected versions ...

7.8CVSS6AI score0.01745EPSS
cve
cve
added 2007/04/10 11:0 p.m.58 views

CVE-2007-1916

CVE-2007-1916: SAP RFC Library (versions 6.40 and 7.00 prior to 20061211) contains a buffer overflow in the RFC_START_GUI function. This allows remote code execution via unspecified vectors; exact exploit details and affected inputs are not disclosed in the provided documents. The issue is docume...

10CVSS7.7AI score0.06661EPSS
cve
cve
added 2007/04/10 11:0 p.m.58 views

CVE-2007-1918

The CVE-2007-1918 issue affects SAP RFC Library 6.40 and 7.00 prior to 20070109, where the RFC_SET_REG_SERVER_PROPERTY function provides an option for exclusive access to an RFC server. This design allows remote attackers to cause a denial of service (client lockout) via unspecified vectors. The ...

5CVSS6.6AI score0.02548EPSS
cve
cve
added 2015/06/02 2:0 p.m.58 views

CVE-2015-2282

CVE-2015-2282 is a stack-based buffer overflow in SAP’s LZC/LZH decompression code used across SAP MaxDB 7.5/7.6, NetWeaver AS ABAP/Java, RFC/GUI SDKs, SAPCAR, and related tools. The flaw (CsObjectInt::CsDecomprLZC and related LZH handling) can cause denial of service (crash) and may allow arbitr...

7.5CVSS8.5AI score0.03518EPSS
cve
cve
added 2015/06/02 2:0 p.m.56 views

CVE-2015-2278

CVE-2015-2278 and CVE-2015-2282 affect SAP products via the LZH/LZC decompression paths. The root causes are in the LZH BuildHufTree function (vpa108csulzh.cpp) and the LZC decompression logic (vpa106cslzc.cpp), where attacker-controlled indices can trigger out-of-bounds reads/writes. Affected so...

5CVSS6.7AI score0.02131EPSS
cve
cve
added 2007/04/10 11:0 p.m.54 views

CVE-2007-1917

The CVE-2007-1917 entry concerns the SAP RFC Library (versions 6.40 and 7.00 prior to 20061211). The documented vulnerability is a buffer overflow in the SYSTEM_CREATE_INSTANCE function, which could allow remote attackers to execute arbitrary code via unspecified vectors. In the provided connecte...

10CVSS7.7AI score0.06661EPSS
cve
cve
added 2007/04/10 11:0 p.m.48 views

CVE-2007-1915

CVE-2007-1915 concerns a buffer overflow in SAP RFC Library (versions 6.40 and 7.00 prior to 20061211) within the RFC_START_PROGRAM function. Reported as allowing remote attackers to execute arbitrary code via unspecified vectors. The description notes this information stems from a vague initial ...

7.5CVSS7.7AI score0.04374EPSS