Lucene search
K
SapSql Anywhere

8 matches found

CVE
CVE
added 2022/11/08 12:0 a.m.69 views

CVE-2022-41259

CVE-2022-41259 affects SAP SQL Anywhere 17.0. An authenticated attacker can crash the server by sending queries that use the ARRAY constructor, resulting in a denial of service and availability impact. The CVSS base score is 6.5 (Medium); attack vector Network, low attack complexity, privileges r...

6.5CVSS6.5AI score0.00716EPSS
CVE
CVE
added 2023/07/11 2:29 a.m.67 views

CVE-2023-33990

CVE-2023-33990 affects SAP SQL Anywhere 17.0 on Windows. A low-privilege local attacker can write to shared memory objects, potentially crashing the service (DoS) and, in some cases, modifying sensitive data in shared memory. No exploitation details are provided in the documents; exploitation sta...

7.8CVSS7.2AI score0.0015EPSS
CVE
CVE
added 2019/10/08 7:29 p.m.65 views

CVE-2019-0381

CVE-2019-0381 describes a binary planting vulnerability in SAP SQL Anywhere (before 17.0), SAP IQ (before 16.1), and SAP Dynamic Tiering (before 1.0/2.0) that can cause inadvertent access to files outside the user-specified directories. The issue is triggered via local access and stems from how c...

5.5CVSS5.9AI score0.00309EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.63 views

CVE-2022-27670

SAP SQL Anywhere 17.0 is affected by a denial-of-service vulnerability (CVE-2022-27670). An authenticated attacker can crash the server with certain queries that use indirect identifiers, preventing legitimate users from accessing the database. Red Hat and CNVD entries confirm the same descriptio...

6.5CVSS6.5AI score0.00914EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.59 views

CVE-2022-35299

CVE-2022-35299 — SAP SQL Anywhere 17.0 and SAP IQ 16.1 : The issue stems from logical errors in memory management that can cause memory corruption, including stack-based buffer overflows. Public advisories and third-party reports indicate this can enable remote code execution on affected installa...

9.8CVSS9.6AI score0.01053EPSS
CVE
CVE
added 2014/12/11 3:0 p.m.58 views

CVE-2014-9264

SAP SQL Anywhere .NET Data Provider is affected by a stack-based buffer overflow when processing column aliases, allowing remote code execution. The issue arises from insufficient boundary checks in handling of column aliases (as detailed across ZDI advisories ZDI-14-412, ZDI-14-413, ZDI-14-414, ...

7.5CVSS8.4AI score0.03938EPSS
CVE
CVE
added 2015/04/01 2:0 p.m.57 views

CVE-2015-2819

CVE-2015-2819 affects SAP Sybase SQL Anywhere 11 and 16. An anonymous, remotely exploitable DoS can be triggered by a crafted request, crashing the server. ERPScan’s advisory (ERPSCAN-15-010) and SAP Security Note 2108161 describe the vulnerability and remediation. A PoC is included in the adviso...

5CVSS9AI score0.02444EPSS
CVE
CVE
added 2017/04/10 3:0 p.m.41 views

CVE-2016-10310

Summary: CVE-2016-10310 is a buffer overflow in the SAP SQL Anywhere MobiLink Synchronization Server component. The vulnerability affects SAP SQL Anywhere 17 and possibly earlier versions and can be triggered by specially crafted packets sent to the service, allowing remote authenticated users to...

4.9CVSS5.4AI score0.02024EPSS