Vulnerabilities > Sybase > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-11-23 | CVE-2013-6866 | Code Injection vulnerability in Sybase Adaptive Server Enterprise 15.0.3/15.5/15.7 SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR736689. | 9.0 |
| 2013-11-23 | CVE-2013-6865 | Code Injection vulnerability in Sybase Adaptive Server Enterprise 15.0.3/15.5/15.7 SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR732989. | 9.0 |
| 2013-11-23 | CVE-2013-6863 | Permissions, Privileges, and Access Controls vulnerability in Sybase Adaptive Server Enterprise 15.0.3/15.5/15.7 SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to gain privileges via unspecified vectors. | 9.0 |
| 2013-10-24 | CVE-2013-6245 | Remote Code Execution vulnerability in SAP Sybase Adaptive Server Enterprise Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. | 10.0 |
| 2011-06-09 | CVE-2011-2475 | USE of Externally-Controlled Format String vulnerability in Sybase Onebridge Mobile Data Suite 5.5/5.6 Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server and DMZ Proxy in Sybase OneBridge Mobile Data Suite 5.5 and 5.6 allows remote attackers to execute arbitrary code via format string specifiers in unspecified string fields, related to authentication logging. | 10.0 |
| 2011-01-20 | CVE-2011-0496 | Multiple vulnerability in Sybase EAServer Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to install arbitrary web services and execute arbitrary code, related to a "design vulnerability." Per: http://www.sybase.com/detail?id=1091057 ' Remote exploitation of a design vulnerability in Sybase EAServer could allow an attacker to install arbitrary web services, this condition can result in arbitrary code execution allowing attacker to gain control over the affected machine. This also affects those products that include EAServer: Appeon, Replication Server Messaging Edition, and WorkSpace.' | 10.0 |
| 2008-02-22 | CVE-2008-0912 | Buffer Errors vulnerability in Sybase Mobilink and SQL Anywhere Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long (1) username, (2) version, or (3) remote ID. | 10.0 |
| 2006-07-18 | CVE-2006-3667 | Security vulnerability in Sybase Financial Fusion Server Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking Suite versions before 20060706 has unknown impact and remote attack vectors. | 10.0 |
| 2002-12-31 | CVE-2002-2250 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sybase Adaptive Server 12.0/12.5 Multiple buffer overflows in Sybase Adaptive Server 12.0 and 12.5 allow remote attackers to execute arbitrary code via (1) a long parameter to the xp_freedll extended stored procedure or (2) a long database name argument to the DBCC CHECKVERIFY function. | 10.0 |