) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): SAP Crystal Reports
- Search Type: Search All
- Match: Exact
- CPE Name Search: false
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2019-0285 |
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker. Published: April 10, 2019; 5:29:01 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 5.0 MEDIUM |
| CVE-2018-2427 |
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. Published: July 10, 2018; 2:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2014-5506 |
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. Published: September 04, 2014; 1:55:08 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2014-5505 |
Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. Published: September 04, 2014; 1:55:08 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2010-2590 |
Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value. Published: December 21, 2010; 10:00:03 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
| CVE-2010-3032 |
Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow. Published: August 17, 2010; 4:00:04 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
| CVE-2009-3346 |
Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Published: September 24, 2009; 12:30:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
| CVE-2009-3345 |
Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Published: September 24, 2009; 12:30:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
| CVE-2009-3344 |
Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause a denial of service (infinite loop) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Published: September 24, 2009; 12:30:01 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |