Base
by Sas
CVEs (5)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-2262 | 0.01 | — | 0.08 | Mar 1, 2014 | Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote attackers to execute arbitrary code via a crafted SAS program. | ||
| CVE-2002-2017 | 0.00 | — | 0.01 | Dec 31, 2002 | sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd. | ||
| CVE-2002-2018 | 0.00 | — | 0.00 | Dec 31, 2002 | sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault. | ||
| CVE-2002-0219 | 0.00 | — | 0.00 | May 16, 2002 | Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument. | ||
| CVE-2002-0218 | 0.00 | — | 0.00 | May 16, 2002 | Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument. |
- CVE-2014-2262Mar 1, 2014risk 0.01cvss —epss 0.08
Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote attackers to execute arbitrary code via a crafted SAS program.
- CVE-2002-2017Dec 31, 2002risk 0.00cvss —epss 0.01
sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.
- CVE-2002-2018Dec 31, 2002risk 0.00cvss —epss 0.00
sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault.
- CVE-2002-0219May 16, 2002risk 0.00cvss —epss 0.00
Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument.
- CVE-2002-0218May 16, 2002risk 0.00cvss —epss 0.00
Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument.