Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6435 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
|
|||||
| CVE-2020-6433 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
|
|||||
| CVE-2020-6432 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
|
|||||
| CVE-2020-6420 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
|
|||||
| CVE-2020-6417 | 1 Google | 1 Chrome | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry.
|
|||||
| CVE-2020-6414 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
|
|||||
| CVE-2020-6413 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page.
|
|||||
| CVE-2020-6410 | 1 Google | 1 Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Insufficient policy enforcement in navigation in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to confuse the user via a crafted domain name.
|
|||||
| CVE-2020-6409 | 1 Google | 1 Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain name.
|
|||||
| CVE-2020-6408 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.
|
|||||
| CVE-2020-6403 | 7 Apple, Debian, Fedoraproject and 4 more | 10 Iphone Os, Debian Linux, Fedora and 7 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
|
|||||
| CVE-2020-6397 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.
|
|||||
| CVE-2020-6396 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
|
|||||
| CVE-2020-6394 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
|
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.
|
|||||
| CVE-2020-6371 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure.
|
|||||
| CVE-2020-6320 | 1 Sap | 1 Marketing | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the vulnerability and perform tasks related to contact and interaction data which impacts Confidentiality and Integrity of data in the application.
|
|||||
| CVE-2020-6315 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send certain manipulated file to the victim, which can lead to leakage of sensitive information when the victim loads the malicious file into the VE viewer, leading to Information Disclosure.
|
|||||
| CVE-2020-6310 | 1 Sap | 2 Abap Platform, Netweaver Application Server Abap | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure.
|
|||||
| CVE-2020-6302 | 1 Sap | 1 Commerce | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
|
SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or man in the middle attack and subsequently get access to admin user accounts, leading to Session Fixation and complete compromise of the confidentiality, integrity and availability of the application.
|
|||||
| CVE-2020-6299 | 1 Sap | 2 Abap Platform, Netweaver Application Server Abap | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure.
|
|||||
| CVE-2020-6297 | 1 Sap | 1 Data Intelligence | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data Intelligence, version - 3.0, allows an attacker to access confidential system configuration information, that should otherwise be restricted, leading to Information Disclosure.
|
|||||
| CVE-2020-6296 | 1 Sap | 2 Abap Platform, Netweaver Application Server Abap | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application.
|
|||||
| CVE-2020-6285 | 1 Sap | 1 Netweaver | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
|
SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
|
|||||
| CVE-2020-6280 | 1 Sap | 2 Abap Platform, Netweaver Application Server Abap | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure.
|
|||||
| CVE-2020-6269 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
|
|||||
| CVE-2020-6264 | 1 Sap | 1 Commerce | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an attacker to access information under certain conditions which would otherwise be restricted, leading to Information Disclosure.
|
|||||
| CVE-2020-6252 | 1 Sap | 1 Adaptive Server Enterprise Cockpit | 2024-11-21 | 5.2 MEDIUM | 8.0 HIGH |
|
Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact system availability.
|
|||||
| CVE-2020-6251 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
|
Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted.
|
|||||
| CVE-2020-6250 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 6.7 MEDIUM | 6.8 MEDIUM |
|
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure. This could help the attacker to read/write any data and even stop the server like an administrator.
|
|||||
| CVE-2020-6247 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or flood the Central Management Server, thereby impacting system availability.
|
|||||
| CVE-2020-6240 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service
|
|||||
| CVE-2020-6237 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
|
|||||
| CVE-2020-6234 | 1 Sap | 1 Host Agent | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation.
|
|||||
| CVE-2020-6230 | 1 Sap | 1 Orientdb | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
SAP OrientDB, version 3.0, allows an authenticated attacker with script execute/write permissions to inject code that can be executed by the application and lead to Code Injection. An attacker could thereby control the behavior of the application.
|
|||||
| CVE-2020-6218 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 4.0 MEDIUM | 5.0 MEDIUM |
|
Admin tools and Query Builder in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to access information that should otherwise be restricted, leading to Information Disclosure.
|
|||||
| CVE-2020-6196 | 1 Sap | 1 Businessobjects Mobile | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an attacker to generate multiple requests, using which he can block all the threads resulting in a Denial of Service.
|
|||||
| CVE-2020-6164 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side-effect, this preconfigured path also blocks the creation of other resources on this path (e.g. ...
Show More |
|||||
| CVE-2020-6111 | 1 Rockwellautomation | 2 Micrologix 1100, Micrologix 1100 B Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and Series B FRN 10.000. A specially crafted packet can cause a major error, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
|
|||||
| CVE-2020-6023 | 1 Checkpoint | 1 Zonealarm | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Ransomware.
|
|||||
| CVE-2020-6022 | 1 Checkpoint | 1 Zonealarm | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
|
Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to delete arbitrary files while restoring files in Anti-Ransomware.
|
|||||