CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 2CVE-2014-6283
https://notcve.org/view.php?id=CVE-2014-6283
17 Oct 2014 — SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4 does not properly restrict access, which allows remote authenticated database users to (1) overwrite the master encryption key or (2) trigger a buffer overflow via a crafted RPC message to the hacmpmsgxchg function, and possibly other vectors. SAP Adaptive Server Enterprise (ASE) 15.7 anterior a SP122 o SP63, 15.5 anterior a ESD#5.4 y 15.0.3 anterior a ESD#4.4 no restringen debidamente el acceso, l... • http://blog.spiderlabs.com/2014/09/cve-2014-6283-sap-ase-missing-authorization-checks-and-arbitrary-code-execution.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6864
https://notcve.org/view.php?id=CVE-2013-6864
23 Nov 2013 — Directory traversal vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to affect confidentiality, integrity, and availability via unspecified vectors. Vulnerabilidad de salto de directorio en SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 anteriores a 15.0.3 ESD#4.3, 15.5 anteriores a 15.5 ESD#5.3, y 15.7 anteriores a 15.7 SP50 o 15.7 SP100 permite a usuarios autent... • http://scn.sap.com/docs/DOC-8218 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6868
https://notcve.org/view.php?id=CVE-2013-6868
23 Nov 2013 — SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors. SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 anterior a 15.0.3 ESD#4.3, 15.5 15.5 anterior a ESD#5.3, y 15.7 anterior a SP50 15.7 o 15.7 SP100 permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://secunia.com/advisories/55537 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6860
https://notcve.org/view.php?id=CVE-2013-6860
23 Nov 2013 — Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to obtain sensitive information via unspecified vectors. Vulnerabilidad no especificada en SAP Sybase Adaptive Server Enterprise (ASE) anterior a 15.0.3 ESD#4.3, 15.5 anterior a 15.5 ESD#5.3, y 15.7 anterior a 15.7 SP50 o 15.7 SP100 permite a usuarios remotos autenticados para obtener información sensible a través ... • http://scn.sap.com/docs/DOC-8218 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6861
https://notcve.org/view.php?id=CVE-2013-6861
23 Nov 2013 — Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors. Vulnerabilidad no especificada en SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 anterior a 15.0.3 ESD#4.3, 15.5 anterior a 15.5 ESD#5.3, y 15.7 anterior a 15.7 SP50 o 15.7 SP100 permite a usuarios locales obtener información sensible a través de vectores no espe... • http://scn.sap.com/docs/DOC-8218 •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6866
https://notcve.org/view.php?id=CVE-2013-6866
23 Nov 2013 — SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR736689. SAP Sybase Adaptive Server Enterprise (ASE) anterior a 15.0.3 ESD#4.3, 15.5 anterior a 15.5 ESD#5.3, y 15.7 anterior a 15.7 SP50 o 15.7 SP100 permite a usuarios autenticados remotamente ejecutar código arbitrario a través de vectores no especificados, también conocido como CR7366... • http://scn.sap.com/docs/DOC-8218 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6863
https://notcve.org/view.php?id=CVE-2013-6863
23 Nov 2013 — SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to gain privileges via unspecified vectors. SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 anterior a 15.0.3 ESD#4.3, 15.5 anterior a 15.5 ESD#5.3, y 15.7 anterior a 15.7 SP50 o 15.7 SP100 permite a usuarios remotos autenticados obtener privilegios a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6867
https://notcve.org/view.php?id=CVE-2013-6867
23 Nov 2013 — Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors. Vulnerabilidad no especificada en SAP Sybase Adaptive Server Enterprise (ASE) 15.7 anterior a15.7 SP50 o 15.7 SP100 que permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6865
https://notcve.org/view.php?id=CVE-2013-6865
23 Nov 2013 — SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR732989. SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 anteriores a 15.0.3 ESD#4.3, 15.5 anteriores a 15.5 ESD#5.3, y 15.7 anteriores a 15.7 SP50 o 15.7 SP100 permite a usuarios remotamente autenticados ejecutar código arbitrario a través de vectores no especificados, también ... • http://scn.sap.com/docs/DOC-8218 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6862
https://notcve.org/view.php?id=CVE-2013-6862
23 Nov 2013 — Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors. Vulnerabilidad no especificada en SAP Sybase Adaptive Server Enterprise (ASE) anteriores a 15.0.3 ESD#4.3, 15.5 anteriores a 15.5 ESD#5.3, y 15.7 anteriores a 15.7 SP50 o 15.7 SP100 permite a atacantes remotos causar denegación de servicio a través de vectores no especifi... • http://secunia.com/advisories/55537 •