CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2020-6803 601 2020-02-28 2020-03-04
5.8
None Remote Medium Not required Partial Partial None
An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in.
302 CVE-2020-6770 502 Exec Code 2020-02-07 2020-02-12
10.0
None Remote Low Not required Complete Complete Complete
Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000 and DIVAR IP 7000 if a vulnerable BVMS version is installed.
303 CVE-2020-6769 306 2020-02-07 2020-02-12
6.4
None Remote Low Not required Partial None Partial
Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 <= 6.45.08, 6.44 <= 6.44.022, 6.43 <= 6.43.0023 and 6.42.10 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable VSG version is installed with BVMS. This affects Bosch DIVAR IP 2000 <= 3.62.0019 and DIVAR IP 5000 <= 3.80.0039 if the corresponding port 8023 has been opened in the device's firewall.
304 CVE-2020-6768 22 Dir. Trav. 2020-02-07 2020-02-12
5.0
None Remote Low Not required Partial None None
A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed.
305 CVE-2020-6767 22 Dir. Trav. 2020-02-06 2020-02-14
4.0
None Remote Low ??? Partial None None
A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed.
306 CVE-2020-6760 78 Exec Code 2020-02-06 2020-02-11
10.0
None Remote Low Not required Complete Complete Complete
Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping.
307 CVE-2020-6754 22 Exec Code Dir. Trav. 2020-02-05 2020-02-07
7.5
None Remote Low Not required Partial Partial Partial
dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files (e.g., .jsp files) into /webapps/ROOT/assets/tmp_upload, which can lead to remote command execution (with the permissions of the user running the dotCMS application).
308 CVE-2020-6418 843 2020-02-27 2022-03-31
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
309 CVE-2020-6417 Exec Code 2020-02-11 2020-02-17
4.6
None Local Low Not required Partial Partial Partial
Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry.
310 CVE-2020-6416 20 2020-02-11 2022-03-31
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
311 CVE-2020-6415 787 2020-02-11 2022-03-31
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
312 CVE-2020-6414 Bypass 2020-02-11 2020-02-17
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
313 CVE-2020-6413 Bypass 2020-02-11 2020-02-17
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page.
314 CVE-2020-6412 20 2020-02-11 2020-02-17
5.8
None Remote Medium Not required Partial Partial None
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
315 CVE-2020-6411 20 2020-02-11 2020-02-12
5.8
None Remote Medium Not required Partial Partial None
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
316 CVE-2020-6410 2020-02-11 2020-02-12
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in navigation in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to confuse the user via a crafted domain name.
317 CVE-2020-6409 Bypass 2020-02-11 2020-02-12
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain name.
318 CVE-2020-6408 +Info 2020-02-11 2022-03-31
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.
319 CVE-2020-6407 787 Mem. Corr. 2020-02-27 2020-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
320 CVE-2020-6406 416 2020-02-11 2022-03-31
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
321 CVE-2020-6405 125 +Info 2020-02-11 2020-02-17
4.3
None Remote Medium Not required Partial None None
Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
322 CVE-2020-6404 787 2020-02-11 2022-03-31
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
323 CVE-2020-6403 2020-02-11 2022-03-31
4.3
None Remote Medium Not required None Partial None
Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
324 CVE-2020-6402 20 Exec Code 2020-02-11 2021-09-16
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
325 CVE-2020-6401 20 2020-02-11 2020-02-17
4.3
None Remote Medium Not required None Partial None
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
326 CVE-2020-6400 203 2020-02-11 2022-03-31
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
327 CVE-2020-6399 20 2020-02-11 2020-02-17
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
328 CVE-2020-6398 908 2020-02-11 2022-03-31
6.8
None Remote Medium Not required Partial Partial Partial
Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
329 CVE-2020-6397 2020-02-11 2022-03-31
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.
330 CVE-2020-6396 2020-02-11 2022-04-11
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
331 CVE-2020-6395 125 +Info 2020-02-11 2020-02-12
4.3
None Remote Medium Not required Partial None None
Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
332 CVE-2020-6394 Bypass 2020-02-11 2022-04-06
5.8
None Remote Medium Not required Partial Partial None
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.
333 CVE-2020-6393 862 2020-02-11 2022-04-06
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
334 CVE-2020-6392 79 XSS Bypass 2020-02-11 2022-04-06
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
335 CVE-2020-6391 79 XSS Bypass 2020-02-11 2022-04-11
4.3
None Remote Medium Not required None Partial None
Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.
336 CVE-2020-6390 787 Mem. Corr. 2020-02-11 2022-04-11
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
337 CVE-2020-6389 787 2020-02-11 2020-02-12
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.
338 CVE-2020-6388 119 Overflow 2020-02-11 2020-02-12
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
339 CVE-2020-6387 787 2020-02-11 2020-02-12
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.
340 CVE-2020-6386 416 2020-02-27 2022-03-31
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
341 CVE-2020-6385 754 Bypass 2020-02-11 2022-04-11
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.
342 CVE-2020-6384 416 2020-02-27 2022-03-31
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
343 CVE-2020-6383 843 2020-02-27 2022-03-31
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
344 CVE-2020-6382 843 2020-02-11 2022-04-11
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
345 CVE-2020-6381 190 Overflow 2020-02-11 2022-04-11
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
346 CVE-2020-6380 863 Bypass 2020-02-11 2022-01-01
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension.
347 CVE-2020-6379 787 2020-02-11 2022-01-01
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
348 CVE-2020-6378 787 2020-02-11 2021-12-30
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in speech in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
349 CVE-2020-6193 79 XSS 2020-02-12 2020-02-19
4.3
None Remote Medium Not required None Partial None
SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to execute malicious scripts leading to Reflected Cross-Site Scripting (XSS) vulnerability.
350 CVE-2020-6192 20 Exec Code 2020-02-12 2020-02-19
9.0
None Remote Low ??? Complete Complete Complete
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management.
Total number of vulnerabilities : 1395   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.