CVSS: 10.0EPSS: 0%CPEs: 21EXPL: 2CVE-2019-14678
https://notcve.org/view.php?id=CVE-2019-14678
14 Nov 2019 — SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used. SAS XML Mapper versión 9.45, tiene una vulnerabilidad de tipo XML External Entity (XXE) que los atacantes maliciosos pueden aprovechar en múltiples maneras... • https://github.com/mbadanoiu/CVE-2019-14678 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.3EPSS: 9%CPEs: 4EXPL: 0CVE-2014-2262
https://notcve.org/view.php?id=CVE-2014-2262
28 Feb 2014 — Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote attackers to execute arbitrary code via a crafted SAS program. Desbordamiento de buffer en la aplicación cliente en Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 y TS1M2 y SAS 9.4 TS1M0 permite a atacantes remotos asistidos por usuario ejecutar código arbitrario a través de un programa SAS manipulado. • http://secunia.com/advisories/57029 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2002-2017
https://notcve.org/view.php?id=CVE-2002-2017
31 Dec 2002 — sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd. • http://online.securityfocus.com/archive/1/253183 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2002-2018
https://notcve.org/view.php?id=CVE-2002-2018
31 Dec 2002 — sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault. • http://online.securityfocus.com/archive/1/253183 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2002-0218
https://notcve.org/view.php?id=CVE-2002-0218
03 May 2002 — Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument. Vulnerabilidad en cadena de formato en SAStcpd en SAS/Base oobjspawn en Sas/Integration Technologies 8.0 y 8.1permite a usuarios locales ejecutar código arbitrario mediante especificadores de formato en un argumento de línea de comandos. • http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0032.html •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2002-0219
https://notcve.org/view.php?id=CVE-2002-0219
03 May 2002 — Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument. Desbordamiento de Buffer en SAS/Base 8.0 y 8.1 oSAS/Integration Technologies 8.0 y 8.1 permite a usuarios locales ejecutar código arbitrario mediante argumentos de linea de comando largos. • http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0032.html •