8 matches found
CVE-2022-41259
CVE-2022-41259 affects SAP SQL Anywhere 17.0. An authenticated attacker can crash the server by sending queries that use the ARRAY constructor, resulting in a denial of service and availability impact. The CVSS base score is 6.5 (Medium); attack vector Network, low attack complexity, privileges r...
CVE-2023-33990
CVE-2023-33990 affects SAP SQL Anywhere 17.0 on Windows. A low-privilege local attacker can write to shared memory objects, potentially crashing the service (DoS) and, in some cases, modifying sensitive data in shared memory. No exploitation details are provided in the documents; exploitation sta...
CVE-2019-0381
CVE-2019-0381 describes a binary planting vulnerability in SAP SQL Anywhere (before 17.0), SAP IQ (before 16.1), and SAP Dynamic Tiering (before 1.0/2.0) that can cause inadvertent access to files outside the user-specified directories. The issue is triggered via local access and stems from how c...
CVE-2022-27670
SAP SQL Anywhere 17.0 is affected by a denial-of-service vulnerability (CVE-2022-27670). An authenticated attacker can crash the server with certain queries that use indirect identifiers, preventing legitimate users from accessing the database. Red Hat and CNVD entries confirm the same descriptio...
CVE-2022-35299
CVE-2022-35299 — SAP SQL Anywhere 17.0 and SAP IQ 16.1 : The issue stems from logical errors in memory management that can cause memory corruption, including stack-based buffer overflows. Public advisories and third-party reports indicate this can enable remote code execution on affected installa...
CVE-2014-9264
SAP SQL Anywhere .NET Data Provider is affected by a stack-based buffer overflow when processing column aliases, allowing remote code execution. The issue arises from insufficient boundary checks in handling of column aliases (as detailed across ZDI advisories ZDI-14-412, ZDI-14-413, ZDI-14-414, ...
CVE-2015-2819
CVE-2015-2819 affects SAP Sybase SQL Anywhere 11 and 16. An anonymous, remotely exploitable DoS can be triggered by a crafted request, crashing the server. ERPScan’s advisory (ERPSCAN-15-010) and SAP Security Note 2108161 describe the vulnerability and remediation. A PoC is included in the adviso...
CVE-2016-10310
Summary: CVE-2016-10310 is a buffer overflow in the SAP SQL Anywhere MobiLink Synchronization Server component. The vulnerability affects SAP SQL Anywhere 17 and possibly earlier versions and can be triggered by specially crafted packets sent to the service, allowing remote authenticated users to...