| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
451 |
CVE-2020-6478 |
|
|
|
2020-05-21 |
2020-07-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. |
|
452 |
CVE-2020-6477 |
59 |
|
|
2020-05-21 |
2022-04-26 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file. |
|
453 |
CVE-2020-6476 |
276 |
|
Bypass |
2020-05-21 |
2021-01-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. |
|
454 |
CVE-2020-6475 |
|
|
|
2020-05-21 |
2021-01-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. |
|
455 |
CVE-2020-6474 |
416 |
|
|
2020-05-21 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
456 |
CVE-2020-6473 |
200 |
|
+Info |
2020-05-21 |
2021-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
|
457 |
CVE-2020-6472 |
200 |
|
+Info |
2020-05-21 |
2021-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension. |
|
458 |
CVE-2020-6471 |
276 |
|
|
2020-05-21 |
2021-01-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. |
|
459 |
CVE-2020-6470 |
79 |
|
XSS |
2020-05-21 |
2021-01-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents. |
|
460 |
CVE-2020-6469 |
276 |
|
|
2020-05-21 |
2020-07-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. |
|
461 |
CVE-2020-6468 |
787 |
|
|
2020-05-21 |
2022-04-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
462 |
CVE-2020-6467 |
416 |
|
|
2020-05-21 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
463 |
CVE-2020-6466 |
416 |
|
|
2020-05-21 |
2020-07-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
|
464 |
CVE-2020-6465 |
416 |
|
|
2020-05-21 |
2020-07-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
|
465 |
CVE-2020-6464 |
787 |
|
|
2020-05-21 |
2022-04-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
466 |
CVE-2020-6463 |
787 |
|
|
2020-05-21 |
2022-04-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
467 |
CVE-2020-6462 |
416 |
|
|
2020-05-21 |
2020-07-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
|
468 |
CVE-2020-6461 |
416 |
|
|
2020-05-21 |
2020-07-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
|
469 |
CVE-2020-6460 |
|
|
|
2020-05-21 |
2020-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name. |
|
470 |
CVE-2020-6459 |
787 |
|
|
2020-05-21 |
2022-04-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
471 |
CVE-2020-6458 |
125 |
|
|
2020-05-21 |
2020-07-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
|
472 |
CVE-2020-6457 |
416 |
|
|
2020-05-21 |
2020-07-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. |
|
473 |
CVE-2020-6262 |
74 |
|
Exec Code |
2020-05-12 |
2021-07-21 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system leading to Code Injection. |
|
474 |
CVE-2020-6259 |
862 |
|
|
2020-05-12 |
2020-05-15 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check. |
|
475 |
CVE-2020-6258 |
862 |
|
|
2020-05-12 |
2020-05-15 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check. |
|
476 |
CVE-2020-6256 |
862 |
|
|
2020-05-12 |
2020-05-15 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authorization Check. |
|
477 |
CVE-2020-6254 |
79 |
|
XSS |
2020-05-12 |
2020-05-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting. |
|
478 |
CVE-2020-6253 |
89 |
|
Exec Code Sql |
2020-05-12 |
2020-05-15 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection. |
|
479 |
CVE-2020-6252 |
200 |
|
+Info |
2020-05-12 |
2021-07-21 |
5.2 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Partial |
|
Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact system availability. |
|
480 |
CVE-2020-6251 |
200 |
|
+Info |
2020-05-12 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted. |
|
481 |
CVE-2020-6250 |
200 |
|
+Info |
2020-05-12 |
2021-07-21 |
6.7 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Complete |
|
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure. This could help the attacker to read/write any data and even stop the server like an administrator. |
|
482 |
CVE-2020-6249 |
89 |
|
Sql |
2020-05-12 |
2020-05-15 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection. |
|
483 |
CVE-2020-6248 |
20 |
|
Exec Code |
2020-05-12 |
2021-07-21 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection. |
|
484 |
CVE-2020-6247 |
20 |
|
|
2020-05-12 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or flood the Central Management Server, thereby impacting system availability. |
|
485 |
CVE-2020-6245 |
74 |
|
Exec Code |
2020-05-12 |
2020-05-14 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers. |
|
486 |
CVE-2020-6244 |
427 |
|
Exec Code |
2020-05-12 |
2020-05-18 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application. |
|
487 |
CVE-2020-6243 |
74 |
|
|
2020-05-12 |
2021-07-21 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected servers, leading to Code Injection. |
|
488 |
CVE-2020-6242 |
306 |
|
|
2020-05-12 |
2020-07-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check. |
|
489 |
CVE-2020-6241 |
89 |
|
Sql |
2020-05-12 |
2020-05-14 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection. |
|
490 |
CVE-2020-6240 |
20 |
|
DoS |
2020-05-12 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service |
|
491 |
CVE-2020-6094 |
787 |
|
Exec Code |
2020-05-06 |
2022-05-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability. |
|
492 |
CVE-2020-6093 |
824 |
|
|
2020-05-18 |
2022-05-12 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in information disclosure. In order to trigger this vulnerability, victim must open a malicious file. |
|
493 |
CVE-2020-6092 |
190 |
|
Exec Code Overflow |
2020-05-18 |
2022-05-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. In order to trigger this vulnerability, victim must open a malicious file. |
|
494 |
CVE-2020-6091 |
287 |
|
Bypass |
2020-05-22 |
2022-04-28 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability. |
|
495 |
CVE-2020-6082 |
787 |
|
Exec Code |
2020-05-06 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable out-of-bounds write vulnerability exists in the ico_read function of the igcore19d.dll library of Accusoft ImageGear 19.6.0. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. |
|
496 |
CVE-2020-6081 |
345 |
|
Exec Code |
2020-05-07 |
2022-06-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability. |
|
497 |
CVE-2020-6076 |
787 |
|
Exec Code |
2020-05-06 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll ICO icoread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. |
|
498 |
CVE-2020-6075 |
787 |
|
Exec Code |
2020-05-06 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable out-of-bounds write vulnerability exists in the store_data_buffer function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. |
|
499 |
CVE-2020-6074 |
416 |
|
Exec Code |
2020-05-18 |
2022-06-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. |
|
500 |
CVE-2020-5898 |
|
|
|
2020-05-12 |
2020-05-14 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\.\urvpndrv device causing the Windows kernel to crash. |
