CVE-2015-2282
https://notcve.org/view.php?id=CVE-2015-2282
Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. Desbordamiento de buffer basado en pila en la implementación LZC decompression (la función CsObjectInt::CsDecomprLZC en vpa106cslzc.cpp) en SAP MaxDB 7.5 y 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, la herramienta de archivos SAPCAR, y otros productos permite a atacantes dependientes de contexto causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de vectores no especificados, también conocido como las notas de seguridad de 2124806, 2121661, 2127995, y 2125316. • http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html http://seclists.org/fulldisclosure/2015/May/50 http://seclists.org/fulldisclosure/2015/May/96 http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities http://www.securityfocus.com/archive/1/535535/100/0/threaded http://www.securityfocus.com/bid/74643 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-2278
https://notcve.org/view.php?id=CVE-2015-2278
The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. La implementación LZH decompression (la función CsObjectInt::BuildHufTree en vpa108csulzh.cpp) en SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, la herramienta de archivos SAPCAR, y otros productos permite a atacantes dependientes de contexto causar una denegación de servicio (lectura fuera de rango) a través de vectores no especificados, relacionado con búsquedas de códigos no simples, también conocido como las notas de seguridad de SAP 2124806, 2121661, 2127995, y 2125316. • http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html http://seclists.org/fulldisclosure/2015/May/50 http://seclists.org/fulldisclosure/2015/May/96 http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities http://www.securityfocus.com/archive/1/535535/100/0/threaded http://www.securityfocus.com/bid/74643 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-1185 – SAP MaxDB Malformed Handshake Request Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1185
Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en pila en serv.exe de SAP MaxDB v7.4.3.32, y v7.6.0.37 hasta la v7.6.06. Permite a atacantes remotos ejecutar código de su elección a través de un parámetro de longitud inválido en un paquete de "handshake" (establecimiento de conexión) al puerto TCP 7210. NOTA: algunos de estos detalles han sido obtenidos de información de terceras partes. • https://www.exploit-db.com/exploits/11886 http://osvdb.org/63047 http://secunia.com/advisories/38955 http://www.securityfocus.com/archive/1/510125/100/0/threaded http://www.securityfocus.com/bid/38769 http://www.securitytracker.com/id?1023719 http://www.vupen.com/english/advisories/2010/0643 http://www.zerodayinitiative.com/advisories/ZDI-10-032 https://exchange.xforce.ibmcloud.com/vulnerabilities/56950 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0307
https://notcve.org/view.php?id=CVE-2008-0307
Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and possibly other versions, allows remote attackers to execute arbitrary code via unknown vectors that trigger heap corruption. Error de presencia de signo en entero en vserver en SAP MaxDB 7.6.0.37, y posiblemente otras versiones permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados que disparan una corrupción de pila. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=669 http://secunia.com/advisories/29312 http://www.securityfocus.com/bid/28183 http://www.securitytracker.com/id?1019571 http://www.vupen.com/english/advisories/2008/0844/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41107 • CWE-189: Numeric Errors •
CVE-2008-0306
https://notcve.org/view.php?id=CVE-2008-0306
sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings. sdbstarter en SAP MaxDB 7.6.0.37, y posiblemente en otras versiones, permite a usuarios locales ejecutar comandos de su elección mediante utilizando variables de entorno no especificadas para mnodificar parámetros de configuración. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670 http://secunia.com/advisories/29312 http://www.securityfocus.com/bid/28185 http://www.securitytracker.com/id?1019570 http://www.vupen.com/english/advisories/2008/0844/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41104 •