CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2020-6247 20 2020-05-12 2021-07-21
5.0
None Remote Low Not required None None Partial
SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or flood the Central Management Server, thereby impacting system availability.
452 CVE-2020-6248 20 Exec Code 2020-05-12 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection.
453 CVE-2020-6249 89 Sql 2020-05-12 2020-05-15
6.5
None Remote Low ??? Partial Partial Partial
The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection.
454 CVE-2020-6250 200 +Info 2020-05-12 2021-07-21
6.7
None Local Network Low ??? Partial Partial Complete
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure. This could help the attacker to read/write any data and even stop the server like an administrator.
455 CVE-2020-6251 200 +Info 2020-05-12 2021-07-21
5.0
None Remote Low Not required Partial None None
Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted.
456 CVE-2020-6252 200 +Info 2020-05-12 2021-07-21
5.2
None Local Network Low ??? Partial Partial Partial
Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact system availability.
457 CVE-2020-6253 89 Exec Code Sql 2020-05-12 2020-05-15
6.5
None Remote Low ??? Partial Partial Partial
Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection.
458 CVE-2020-6254 79 XSS 2020-05-12 2020-05-15
4.3
None Remote Medium Not required None Partial None
SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting.
459 CVE-2020-6256 862 2020-05-12 2020-05-15
4.0
None Remote Low ??? Partial None None
SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authorization Check.
460 CVE-2020-6257 79 XSS 2020-05-12 2020-05-15
3.5
None Remote Medium ??? None Partial None
SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability.
461 CVE-2020-6258 862 2020-05-12 2020-05-15
4.0
None Remote Low ??? Partial None None
SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check.
462 CVE-2020-6259 862 2020-05-12 2020-05-15
4.0
None Remote Low ??? Partial None None
Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check.
463 CVE-2020-6262 74 Exec Code 2020-05-12 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system leading to Code Injection.
464 CVE-2020-6457 416 2020-05-21 2020-07-02
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
465 CVE-2020-6458 125 2020-05-21 2020-07-02
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
466 CVE-2020-6459 787 2020-05-21 2022-04-26
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
467 CVE-2020-6460 2020-05-21 2020-07-02
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name.
468 CVE-2020-6461 416 2020-05-21 2020-07-02
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
469 CVE-2020-6462 416 2020-05-21 2020-07-02
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
470 CVE-2020-6463 787 2020-05-21 2022-04-26
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
471 CVE-2020-6464 787 2020-05-21 2022-04-26
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
472 CVE-2020-6465 416 2020-05-21 2020-07-08
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
473 CVE-2020-6466 416 2020-05-21 2020-07-08
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
474 CVE-2020-6467 416 2020-05-21 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
475 CVE-2020-6468 787 2020-05-21 2022-04-26
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
476 CVE-2020-6469 276 2020-05-21 2020-07-08
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
477 CVE-2020-6470 79 XSS 2020-05-21 2021-01-28
4.3
None Remote Medium Not required None Partial None
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents.
478 CVE-2020-6471 276 2020-05-21 2021-01-28
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
479 CVE-2020-6472 200 +Info 2020-05-21 2021-07-21
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension.
480 CVE-2020-6473 200 +Info 2020-05-21 2021-07-21
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
481 CVE-2020-6474 416 2020-05-21 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
482 CVE-2020-6475 2020-05-21 2021-01-28
4.3
None Remote Medium Not required None Partial None
Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.
483 CVE-2020-6476 276 Bypass 2020-05-21 2021-01-28
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
484 CVE-2020-6477 59 2020-05-21 2022-04-26
4.6
None Local Low Not required Partial Partial Partial
Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file.
485 CVE-2020-6478 2020-05-21 2020-07-08
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.
486 CVE-2020-6479 2020-05-21 2020-07-08
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.
487 CVE-2020-6480 276 Bypass 2020-05-21 2021-01-28
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation restrictions via UI actions.
488 CVE-2020-6481 2020-05-21 2021-01-28
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform domain spoofing via a crafted domain name.
489 CVE-2020-6482 276 Bypass 2020-05-21 2021-01-28
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
490 CVE-2020-6483 276 Bypass 2020-05-21 2021-01-27
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
491 CVE-2020-6484 276 Bypass 2020-05-21 2020-07-08
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted request.
492 CVE-2020-6485 20 Bypass 2020-05-21 2020-07-08
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in media router in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
493 CVE-2020-6486 Bypass 2020-05-21 2021-01-27
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in navigations in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
494 CVE-2020-6487 276 Bypass 2020-05-21 2021-01-27
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
495 CVE-2020-6488 276 Bypass 2020-05-21 2020-07-08
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
496 CVE-2020-6489 200 +Info 2020-05-21 2021-01-27
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page.
497 CVE-2020-6490 668 2020-05-21 2021-01-27
4.3
None Remote Medium Not required Partial None None
Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page.
498 CVE-2020-6491 2020-05-21 2020-07-08
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name.
499 CVE-2020-6616 2020-05-08 2022-04-26
3.3
None Local Network Low Not required None Partial None
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020).
500 CVE-2020-6651 20 Exec Code 2020-05-07 2020-05-12
6.0
None Remote Medium ??? Partial Partial Partial
Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application.
Total number of vulnerabilities : 1017   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12 13 14 15 16 17 18 19 20 21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.