CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2020 (CVSS score >= 4)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2020-6478 2020-05-21 2020-07-08
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.
452 CVE-2020-6477 59 2020-05-21 2022-04-26
4.6
None Local Low Not required Partial Partial Partial
Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file.
453 CVE-2020-6476 276 Bypass 2020-05-21 2021-01-28
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
454 CVE-2020-6475 2020-05-21 2021-01-28
4.3
None Remote Medium Not required None Partial None
Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.
455 CVE-2020-6474 416 2020-05-21 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
456 CVE-2020-6473 200 +Info 2020-05-21 2021-07-21
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
457 CVE-2020-6472 200 +Info 2020-05-21 2021-07-21
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension.
458 CVE-2020-6471 276 2020-05-21 2021-01-28
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
459 CVE-2020-6470 79 XSS 2020-05-21 2021-01-28
4.3
None Remote Medium Not required None Partial None
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents.
460 CVE-2020-6469 276 2020-05-21 2020-07-08
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
461 CVE-2020-6468 787 2020-05-21 2022-04-26
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
462 CVE-2020-6467 416 2020-05-21 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
463 CVE-2020-6466 416 2020-05-21 2020-07-08
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
464 CVE-2020-6465 416 2020-05-21 2020-07-08
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
465 CVE-2020-6464 787 2020-05-21 2022-04-26
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
466 CVE-2020-6463 787 2020-05-21 2022-04-26
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
467 CVE-2020-6462 416 2020-05-21 2020-07-02
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
468 CVE-2020-6461 416 2020-05-21 2020-07-02
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
469 CVE-2020-6460 2020-05-21 2020-07-02
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name.
470 CVE-2020-6459 787 2020-05-21 2022-04-26
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
471 CVE-2020-6458 125 2020-05-21 2020-07-02
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
472 CVE-2020-6457 416 2020-05-21 2020-07-02
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
473 CVE-2020-6262 74 Exec Code 2020-05-12 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system leading to Code Injection.
474 CVE-2020-6259 862 2020-05-12 2020-05-15
4.0
None Remote Low ??? Partial None None
Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check.
475 CVE-2020-6258 862 2020-05-12 2020-05-15
4.0
None Remote Low ??? Partial None None
SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check.
476 CVE-2020-6256 862 2020-05-12 2020-05-15
4.0
None Remote Low ??? Partial None None
SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authorization Check.
477 CVE-2020-6254 79 XSS 2020-05-12 2020-05-15
4.3
None Remote Medium Not required None Partial None
SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting.
478 CVE-2020-6253 89 Exec Code Sql 2020-05-12 2020-05-15
6.5
None Remote Low ??? Partial Partial Partial
Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection.
479 CVE-2020-6252 200 +Info 2020-05-12 2021-07-21
5.2
None Local Network Low ??? Partial Partial Partial
Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact system availability.
480 CVE-2020-6251 200 +Info 2020-05-12 2021-07-21
5.0
None Remote Low Not required Partial None None
Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted.
481 CVE-2020-6250 200 +Info 2020-05-12 2021-07-21
6.7
None Local Network Low ??? Partial Partial Complete
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure. This could help the attacker to read/write any data and even stop the server like an administrator.
482 CVE-2020-6249 89 Sql 2020-05-12 2020-05-15
6.5
None Remote Low ??? Partial Partial Partial
The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection.
483 CVE-2020-6248 20 Exec Code 2020-05-12 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection.
484 CVE-2020-6247 20 2020-05-12 2021-07-21
5.0
None Remote Low Not required None None Partial
SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or flood the Central Management Server, thereby impacting system availability.
485 CVE-2020-6245 74 Exec Code 2020-05-12 2020-05-14
4.6
None Local Low Not required Partial Partial Partial
SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers.
486 CVE-2020-6244 427 Exec Code 2020-05-12 2020-05-18
4.4
None Local Medium Not required Partial Partial Partial
SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application.
487 CVE-2020-6243 74 2020-05-12 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected servers, leading to Code Injection.
488 CVE-2020-6242 306 2020-05-12 2020-07-02
7.5
None Remote Low Not required Partial Partial Partial
SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check.
489 CVE-2020-6241 89 Sql 2020-05-12 2020-05-14
6.5
None Remote Low ??? Partial Partial Partial
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection.
490 CVE-2020-6240 20 DoS 2020-05-12 2021-07-21
5.0
None Remote Low Not required None None Partial
SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service
491 CVE-2020-6094 787 Exec Code 2020-05-06 2022-05-12
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
492 CVE-2020-6093 824 2020-05-18 2022-05-12
4.3
None Remote Medium Not required Partial None None
An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in information disclosure. In order to trigger this vulnerability, victim must open a malicious file.
493 CVE-2020-6092 190 Exec Code Overflow 2020-05-18 2022-05-12
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. In order to trigger this vulnerability, victim must open a malicious file.
494 CVE-2020-6091 287 Bypass 2020-05-22 2022-04-28
6.4
None Remote Low Not required Partial Partial None
An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability.
495 CVE-2020-6082 787 Exec Code 2020-05-06 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable out-of-bounds write vulnerability exists in the ico_read function of the igcore19d.dll library of Accusoft ImageGear 19.6.0. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.
496 CVE-2020-6081 345 Exec Code 2020-05-07 2022-06-03
6.5
None Remote Low ??? Partial Partial Partial
An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.
497 CVE-2020-6076 787 Exec Code 2020-05-06 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll ICO icoread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.
498 CVE-2020-6075 787 Exec Code 2020-05-06 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable out-of-bounds write vulnerability exists in the store_data_buffer function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.
499 CVE-2020-6074 416 Exec Code 2020-05-18 2022-06-03
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
500 CVE-2020-5898 2020-05-12 2020-05-14
4.9
None Local Low Not required None None Complete
In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\.\urvpndrv device causing the Windows kernel to crash.
Total number of vulnerabilities : 866   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12 13 14 15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.