Total
34589 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6408 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page. | |||||
| CVE-2020-6403 | 7 Apple, Debian, Fedoraproject and 4 more | 10 Iphone Os, Debian Linux, Fedora and 7 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2020-6397 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||||
| CVE-2020-6396 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2020-6394 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2020-6371 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure. | |||||
| CVE-2020-6320 | 1 Sap | 1 Marketing | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the vulnerability and perform tasks related to contact and interaction data which impacts Confidentiality and Integrity of data in the application. | |||||
| CVE-2020-6315 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send certain manipulated file to the victim, which can lead to leakage of sensitive information when the victim loads the malicious file into the VE viewer, leading to Information Disclosure. | |||||
| CVE-2020-6310 | 1 Sap | 2 Abap Platform, Netweaver Application Server Abap | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure. | |||||
| CVE-2020-6302 | 1 Sap | 1 Commerce | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or man in the middle attack and subsequently get access to admin user accounts, leading to Session Fixation and complete compromise of the confidentiality, integrity and availability of the application. | |||||
| CVE-2020-6299 | 1 Sap | 2 Abap Platform, Netweaver Application Server Abap | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure. | |||||
| CVE-2020-6297 | 1 Sap | 1 Data Intelligence | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data Intelligence, version - 3.0, allows an attacker to access confidential system configuration information, that should otherwise be restricted, leading to Information Disclosure. | |||||
| CVE-2020-6296 | 1 Sap | 2 Abap Platform, Netweaver Application Server Abap | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application. | |||||
| CVE-2020-6285 | 1 Sap | 1 Netweaver | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. | |||||
| CVE-2020-6280 | 1 Sap | 2 Abap Platform, Netweaver Application Server Abap | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure. | |||||
| CVE-2020-6269 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. | |||||
| CVE-2020-6264 | 1 Sap | 1 Commerce | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an attacker to access information under certain conditions which would otherwise be restricted, leading to Information Disclosure. | |||||
| CVE-2020-6252 | 1 Sap | 1 Adaptive Server Enterprise Cockpit | 2024-11-21 | 5.2 MEDIUM | 8.0 HIGH |
| Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact system availability. | |||||
| CVE-2020-6251 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2020-6250 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 6.7 MEDIUM | 6.8 MEDIUM |
| SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure. This could help the attacker to read/write any data and even stop the server like an administrator. | |||||