CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2020 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2020-6462 416 2020-05-21 2020-07-02
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
202 CVE-2020-6461 416 2020-05-21 2020-07-02
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
203 CVE-2020-6459 787 2020-05-21 2022-04-26
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
204 CVE-2020-6458 125 2020-05-21 2020-07-02
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
205 CVE-2020-6457 416 2020-05-21 2020-07-02
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
206 CVE-2020-6262 74 Exec Code 2020-05-12 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system leading to Code Injection.
207 CVE-2020-6253 89 Exec Code Sql 2020-05-12 2020-05-15
6.5
None Remote Low ??? Partial Partial Partial
Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection.
208 CVE-2020-6250 200 +Info 2020-05-12 2021-07-21
6.7
None Local Network Low ??? Partial Partial Complete
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure. This could help the attacker to read/write any data and even stop the server like an administrator.
209 CVE-2020-6249 89 Sql 2020-05-12 2020-05-15
6.5
None Remote Low ??? Partial Partial Partial
The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection.
210 CVE-2020-6248 20 Exec Code 2020-05-12 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection.
211 CVE-2020-6243 74 2020-05-12 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected servers, leading to Code Injection.
212 CVE-2020-6242 306 2020-05-12 2020-07-02
7.5
None Remote Low Not required Partial Partial Partial
SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check.
213 CVE-2020-6241 89 Sql 2020-05-12 2020-05-14
6.5
None Remote Low ??? Partial Partial Partial
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection.
214 CVE-2020-6094 787 Exec Code 2020-05-06 2022-05-12
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
215 CVE-2020-6092 190 Exec Code Overflow 2020-05-18 2022-05-12
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. In order to trigger this vulnerability, victim must open a malicious file.
216 CVE-2020-6091 287 Bypass 2020-05-22 2022-04-28
6.4
None Remote Low Not required Partial Partial None
An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability.
217 CVE-2020-6082 787 Exec Code 2020-05-06 2022-07-28
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable out-of-bounds write vulnerability exists in the ico_read function of the igcore19d.dll library of Accusoft ImageGear 19.6.0. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.
218 CVE-2020-6081 345 Exec Code 2020-05-07 2022-06-03
6.5
None Remote Low ??? Partial Partial Partial
An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.
219 CVE-2020-6076 787 Exec Code 2020-05-06 2022-07-28
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll ICO icoread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.
220 CVE-2020-6075 787 Exec Code 2020-05-06 2022-07-28
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable out-of-bounds write vulnerability exists in the store_data_buffer function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.
221 CVE-2020-6074 416 Exec Code 2020-05-18 2022-06-03
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
222 CVE-2020-5897 416 2020-05-12 2020-05-14
6.8
None Remote Medium Not required Partial Partial Partial
In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component.
223 CVE-2020-5752 22 Exec Code Dir. Trav. 2020-05-21 2020-12-08
7.2
None Local Low Not required Complete Complete Complete
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
224 CVE-2020-5741 502 Exec Code 2020-05-08 2021-12-14
6.5
None Remote Low ??? Partial Partial Partial
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.
225 CVE-2020-5579 89 Exec Code Sql 2020-05-20 2020-05-20
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
226 CVE-2020-5577 434 2020-05-14 2020-05-15
6.5
None Remote Low ??? Partial Partial Partial
Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors.
227 CVE-2020-5576 352 CSRF 2020-05-14 2020-05-15
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors.
228 CVE-2020-5538 269 Exec Code 2020-05-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Improper Access Control in PALLET CONTROL Ver. 6.3 and earlier allows authenticated attackers to execute arbitrary code with the SYSTEM privilege on the computer where PALLET CONTROL is installed via unspecified vectors. PalletControl 7 to 9.1 are not affected by this vulnerability, however under the environment where PLS Management Add-on Module is used, all versions are affected.
229 CVE-2020-5537 20 Exec Code 2020-05-25 2020-05-27
7.5
None Remote Low Not required Partial Partial Partial
Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors.
230 CVE-2020-5407 347 2020-05-13 2021-06-14
6.5
None Remote Low ??? Partial Partial Partial
Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.
231 CVE-2020-5343 863 +Priv 2020-05-04 2020-05-08
7.2
None Local Low Not required Complete Complete Complete
Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder.
232 CVE-2020-5335 352 CSRF 2020-05-04 2020-05-07
6.8
None Remote Medium Not required Partial Partial Partial
RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to send arbitrary requests to the vulnerable application to perform server operations with the privileges of the authenticated victim user.
233 CVE-2020-5332 78 Exec Code 2020-05-04 2020-05-11
9.0
None Remote Low ??? Complete Complete Complete
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with administrator privileges could potentially exploit this vulnerability to execute arbitrary commands on the system where the vulnerable application is deployed.
234 CVE-2020-4468 119 Exec Code Overflow Mem. Corr. 2020-05-14 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181723.
235 CVE-2020-4467 119 Exec Code Overflow Mem. Corr. 2020-05-14 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181721.
236 CVE-2020-4429 798 Exec Code 2020-05-07 2020-05-08
10.0
None Remote Low Not required Complete Complete Complete
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534.
237 CVE-2020-4428 78 Exec Code 2020-05-07 2020-05-08
9.0
None Remote Low ??? Complete Complete Complete
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533.
238 CVE-2020-4427 Bypass 2020-05-07 2022-07-12
9.0
None Remote Low ??? Complete Complete Complete
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.
239 CVE-2020-4422 119 Exec Code Overflow Mem. Corr. 2020-05-14 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 180167.
240 CVE-2020-4343 119 Exec Code Overflow Mem. Corr. 2020-05-14 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 178244.
241 CVE-2020-4288 119 Exec Code Overflow Mem. Corr. 2020-05-14 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176270.
242 CVE-2020-4287 119 Exec Code Overflow Mem. Corr. 2020-05-14 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176269.
243 CVE-2020-4285 119 Exec Code Overflow Mem. Corr. 2020-05-14 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176266
244 CVE-2020-4266 119 Exec Code Overflow Mem. Corr. 2020-05-14 2021-07-21
6.9
None Local Medium Not required Complete Complete Complete
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175649.
245 CVE-2020-4265 119 Exec Code Overflow Mem. Corr. 2020-05-14 2021-07-21
6.9
None Local Medium Not required Complete Complete Complete
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175648.
246 CVE-2020-4264 119 Exec Code Overflow Mem. Corr. 2020-05-14 2021-07-21
6.9
None Local Medium Not required Complete Complete Complete
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175647.
247 CVE-2020-4263 119 Exec Code Overflow Mem. Corr. 2020-05-14 2021-07-21
6.9
None Local Medium Not required Complete Complete Complete
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175646.
248 CVE-2020-4262 119 Exec Code Overflow Mem. Corr. 2020-05-14 2021-07-21
6.9
None Local Medium Not required Complete Complete Complete
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175645.
249 CVE-2020-4261 119 Exec Code Overflow Mem. Corr. 2020-05-14 2021-07-21
6.9
None Local Medium Not required Complete Complete Complete
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175644.
250 CVE-2020-4258 119 Exec Code Overflow Mem. Corr. 2020-05-14 2021-07-21
6.9
None Local Medium Not required Complete Complete Complete
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175637.
Total number of vulnerabilities : 393   Page : 1 2 3 4 5 (This Page)6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.