| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
701 |
CVE-2020-6819 |
416 |
|
|
2020-04-24 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. |
|
702 |
CVE-2020-6765 |
78 |
|
Exec Code |
2020-04-10 |
2020-04-13 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
D-Link DSL-GS225 J1 AU_1.0.4 devices allow an admin to execute OS commands by placing shell metacharacters after a supported CLI command, as demonstrated by ping -c1 127.0.0.1; cat/etc/passwd. The CLI is reachable by TELNET. |
|
703 |
CVE-2020-6753 |
79 |
|
XSS |
2020-04-01 |
2020-04-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392. |
|
704 |
CVE-2020-6647 |
79 |
|
XSS |
2020-04-07 |
2020-04-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter. |
|
705 |
CVE-2020-6579 |
79 |
|
XSS |
2020-04-30 |
2020-05-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in mailhive/cloudbeez/cloudloader.php and mailhive/cloudbeez/cloudloader_core.php in the MailBeez plugin for ZenCart before 3.9.22 allows remote attackers to inject arbitrary web script or HTML via the cloudloader_mode parameter. |
|
706 |
CVE-2020-6456 |
276 |
|
Bypass |
2020-04-13 |
2020-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents. |
|
707 |
CVE-2020-6455 |
125 |
|
|
2020-04-13 |
2020-07-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
708 |
CVE-2020-6454 |
416 |
|
|
2020-04-13 |
2022-05-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. |
|
709 |
CVE-2020-6452 |
787 |
|
Overflow |
2020-04-13 |
2020-04-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
710 |
CVE-2020-6451 |
416 |
|
|
2020-04-13 |
2022-04-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
711 |
CVE-2020-6450 |
416 |
|
|
2020-04-13 |
2022-04-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
712 |
CVE-2020-6448 |
416 |
|
|
2020-04-13 |
2022-05-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
713 |
CVE-2020-6447 |
125 |
|
|
2020-04-13 |
2022-04-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page. |
|
714 |
CVE-2020-6446 |
276 |
|
Bypass |
2020-04-13 |
2020-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
|
715 |
CVE-2020-6445 |
276 |
|
Bypass |
2020-04-13 |
2020-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
|
716 |
CVE-2020-6444 |
908 |
|
|
2020-04-13 |
2022-04-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
717 |
CVE-2020-6443 |
345 |
|
Exec Code |
2020-04-13 |
2020-07-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page. |
|
718 |
CVE-2020-6442 |
668 |
|
|
2020-04-13 |
2020-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
|
719 |
CVE-2020-6441 |
276 |
|
Bypass |
2020-04-13 |
2020-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. |
|
720 |
CVE-2020-6440 |
|
|
+Info |
2020-04-13 |
2020-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension. |
|
721 |
CVE-2020-6439 |
276 |
|
Bypass |
2020-04-13 |
2020-07-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. |
|
722 |
CVE-2020-6438 |
209 |
|
+Info |
2020-04-13 |
2022-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. |
|
723 |
CVE-2020-6437 |
|
|
|
2020-04-13 |
2020-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application. |
|
724 |
CVE-2020-6436 |
416 |
|
|
2020-04-13 |
2022-04-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
725 |
CVE-2020-6435 |
|
|
Bypass |
2020-04-13 |
2020-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. |
|
726 |
CVE-2020-6434 |
416 |
|
|
2020-04-13 |
2022-04-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
727 |
CVE-2020-6433 |
|
|
Bypass |
2020-04-13 |
2020-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
|
728 |
CVE-2020-6432 |
|
|
Bypass |
2020-04-13 |
2020-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
|
729 |
CVE-2020-6431 |
276 |
|
|
2020-04-13 |
2020-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page. |
|
730 |
CVE-2020-6430 |
843 |
|
|
2020-04-13 |
2022-04-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
731 |
CVE-2020-6423 |
416 |
|
|
2020-04-13 |
2022-04-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
732 |
CVE-2020-6238 |
20 |
|
|
2020-04-14 |
2020-04-24 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability (partially) of SAP Commerce. |
|
733 |
CVE-2020-6237 |
200 |
|
+Info |
2020-04-14 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. |
|
734 |
CVE-2020-6236 |
269 |
|
|
2020-04-14 |
2020-04-15 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation. |
|
735 |
CVE-2020-6235 |
306 |
|
|
2020-04-14 |
2022-04-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SAP Solution Manager (Diagnostics Agent), version 7.2, does not perform the authentication check for the functionalities of the Collector Simulator, leading to Missing Authentication. |
|
736 |
CVE-2020-6234 |
|
|
+Priv |
2020-04-14 |
2022-04-29 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation. |
|
737 |
CVE-2020-6233 |
862 |
|
|
2020-04-14 |
2020-04-15 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system. |
|
738 |
CVE-2020-6232 |
862 |
|
|
2020-04-14 |
2020-04-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SAP Commerce, versions 1811, 1905, does not perform necessary authorization checks for an anonymous user, due to Missing Authorization Check. This affects confidentiality of secure media. |
|
739 |
CVE-2020-6231 |
79 |
|
XSS |
2020-04-14 |
2020-04-15 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
|
740 |
CVE-2020-6230 |
94 |
|
Exec Code |
2020-04-14 |
2021-07-21 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SAP OrientDB, version 3.0, allows an authenticated attacker with script execute/write permissions to inject code that can be executed by the application and lead to Code Injection. An attacker could thereby control the behavior of the application. |
|
741 |
CVE-2020-6229 |
79 |
|
XSS |
2020-04-14 |
2020-04-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. |
|
742 |
CVE-2020-6228 |
354 |
|
|
2020-04-14 |
2020-04-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer. |
|
743 |
CVE-2020-6227 |
20 |
|
|
2020-04-14 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, allowing to forge additional entries in GLF log files. |
|
744 |
CVE-2020-6226 |
79 |
|
XSS |
2020-04-14 |
2020-04-15 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
|
745 |
CVE-2020-6225 |
22 |
|
Dir. Trav. |
2020-04-14 |
2020-04-15 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal. |
|
746 |
CVE-2020-6224 |
200 |
|
+Info |
2020-04-14 |
2021-07-21 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure. |
|
747 |
CVE-2020-6223 |
601 |
|
|
2020-04-14 |
2020-04-15 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application, leading to Content Spoofing. |
|
748 |
CVE-2020-6222 |
79 |
|
XSS |
2020-04-14 |
2020-04-15 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
|
749 |
CVE-2020-6221 |
79 |
|
XSS |
2020-04-14 |
2020-04-15 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Web Intelligence HTML interface in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
|
750 |
CVE-2020-6219 |
502 |
|
DoS Exec Code |
2020-04-14 |
2020-04-15 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and denial of service and unauthorized execution of arbitrary commands, leading to Deserialization of Untrusted Data. |
