Filtered by vendor Sap
Subscriptions
Total
1497 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8659 | 1 Sap | 1 Environment Health And Safety | 2024-11-21 | N/A |
| Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2014-8592 | 1 Sap | 1 Netweaver | 2024-11-21 | N/A |
| Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. | ||||
| CVE-2014-8591 | 1 Sap | 1 Netweaver | 2024-11-21 | N/A |
| Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors. | ||||
| CVE-2014-8590 | 1 Sap | 1 Netweaver Java Application Server | 2024-11-21 | N/A |
| XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. | ||||
| CVE-2014-8589 | 1 Sap | 1 Network Interface Router | 2024-11-21 | N/A |
| Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests. | ||||
| CVE-2014-8588 | 1 Sap | 1 Hana | 2024-11-21 | N/A |
| SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-8587 | 1 Sap | 5 Commoncryptolib, Hana, Netweaver and 2 more | 2024-11-21 | N/A |
| SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. | ||||
| CVE-2014-8316 | 1 Sap | 1 Businessobjects Explorer | 2024-11-21 | N/A |
| XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request. | ||||
| CVE-2014-8315 | 1 Sap | 1 Businessobjects Explorer | 2024-11-21 | N/A |
| polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter. | ||||
| CVE-2014-8314 | 1 Sap | 1 Hana | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/DataGen.xsjs or (2) epm/services/multiply.xsjs in the democontent. | ||||
| CVE-2014-8313 | 1 Sap | 1 Hana | 2024-11-21 | N/A |
| Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors. | ||||
| CVE-2014-8312 | 1 Sap | 1 Netweaver Abap | 2024-11-21 | N/A |
| Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function. | ||||
| CVE-2014-8311 | 1 Sap | 1 Businessobjects | 2024-11-21 | N/A |
| SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener. | ||||
| CVE-2014-8310 | 1 Sap | 1 Businessobjects | 2024-11-21 | N/A |
| The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. | ||||
| CVE-2014-8309 | 1 Sap | 2 Businessobjects, Businessobjects Xi | 2024-11-21 | N/A |
| SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service. | ||||
| CVE-2014-8308 | 1 Sap | 1 Businessobjects | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-6252 | 1 Sap | 1 Netweaver | 2024-11-21 | N/A |
| Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. | ||||
| CVE-2014-5506 | 1 Sap | 1 Crystal Reports | 2024-11-21 | N/A |
| Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. | ||||
| CVE-2014-5505 | 1 Sap | 1 Crystal Reports | 2024-11-21 | N/A |
| Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. | ||||
| CVE-2014-5176 | 1 Sap | 1 Fi Manager Self-service | 2024-11-21 | N/A |
| SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||