ReportizFlow
Filtered by vendor
Subscriptions
Total
34023 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-0322 | 1 Sap | 1 Commerce Cloud | 2024-11-21 | N/A |
| SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | ||||
| CVE-2019-0318 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | N/A |
| Under certain conditions SAP NetWeaver Application Server for Java (Startup Framework), versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2019-0315 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | N/A |
| Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAP_XIPCK 7.10 to 7.11, 7.20, 7.30) allows an attacker to access passwords used in FTP channels leading to information disclosure. | ||||
| CVE-2019-0314 | 1 Sap | 2 Inventory Manager, Work Manager | 2024-11-21 | N/A |
| SAP Work Manager, versions: 6.3, 6.4, 6.5 and SAP Inventory Manager, version 4.3, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | ||||
| CVE-2019-0306 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | N/A |
| SAP HANA Extended Application Services (advanced model), version 1, allows authenticated low privileged XS Advanced Platform users such as SpaceAuditors to execute requests to obtain a complete list of SAP HANA user IDs and names. | ||||
| CVE-2019-0291 | 1 Sap | 1 Solution Manager | 2024-11-21 | N/A |
| Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2019-0289 | 1 Sap | 1 Businessobjects | 2024-11-21 | N/A |
| Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2019-0287 | 1 Sap | 1 Businessobjects | 2024-11-21 | N/A |
| Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2019-0278 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | N/A |
| Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure. | ||||
| CVE-2019-0274 | 1 Sap | 1 Mobile Platform Sdk | 2024-11-21 | N/A |
| SAP Mobile Platform SDK allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service (i.e. denial of service). Fixed in versions 3.1 SP03 PL02, SDK 3.1 SP04, or later. | ||||
| CVE-2019-0256 | 1 Sap | 1 Business One | 2024-11-21 | N/A |
| Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2019-0249 | 1 Sap | 1 Landscape Management | 2024-11-21 | N/A |
| Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2019-0248 | 1 Sap | 2 Basis, Netweaver | 2024-11-21 | 5.9 Medium |
| Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2019-0241 | 1 Sap | 2 Agentry Sdk, Work Manager | 2024-11-21 | N/A |
| SAP Work and Inventory Manager (Agentry_SDK , before 7.0, 7.1) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | ||||
| CVE-2019-0240 | 1 Sap | 1 Businessobjects Mobile | 2024-11-21 | N/A |
| SAP Business Objects Mobile for Android (before 6.3.5) application allows an attacker to provide malicious input in the form of a SAP BI link, preventing legitimate users from accessing the application by crashing it. | ||||
| CVE-2019-0223 | 2 Apache, Redhat | 17 Qpid, A Mq Clients, Cloudforms Managementengine and 14 more | 2024-11-21 | 7.4 High |
| While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic. | ||||
| CVE-2019-0222 | 5 Apache, Debian, Netapp and 2 more | 9 Activemq, Debian Linux, E-series Santricity Web Services and 6 more | 2024-11-21 | 7.5 High |
| In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. | ||||
| CVE-2019-0219 | 2 Apache, Oracle | 3 Cordova Inappbrowser, Instantis Enterprisetrack, Retail Xstore Point Of Service | 2024-11-21 | 9.8 Critical |
| A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. | ||||
| CVE-2019-0215 | 3 Apache, Fedoraproject, Redhat | 3 Http Server, Fedora, Enterprise Linux | 2024-11-21 | N/A |
| In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions. | ||||
| CVE-2019-0214 | 1 Apache | 1 Archiva | 2024-11-21 | N/A |
| In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file. | ||||