Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2020-4760 IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-5388 Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an Improper SMM communication buffer verification vulnerability. A local authenticated malicious user may potentially exploit this vu... | 6.9 | MEDIUM | — | 0 |
| CVE-2020-12485 The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads ... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-28267 Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 allows attacker to cause a denial of service and may lead to remote code execution. | 7.5 | HIGH | — | 0 |
| CVE-2020-7766 This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. ... | 7.3 | HIGH | — | 0 |
| CVE-2020-25074 The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve rem... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-26807 SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrect default filesystem permissions are set in its installation folder which allows anyone to modify the files in the folder. | 3.3 | LOW | — | 0 |
| CVE-2020-26808 SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticate... | 7.2 | HIGH | — | 0 |
| CVE-2020-26809 SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. T... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-26810 SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL ... | 7.5 | HIGH | — | 0 |
| CVE-2020-26819 SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database l... | 8.8 | HIGH | — | 0 |
| CVE-2020-26811 SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL ... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-26814 SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these ... | 4.9 | MEDIUM | — | 0 |
| CVE-2020-26815 SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target... | 8.6 | HIGH | — | 0 |
| CVE-2020-26817 SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavail... | 7.8 | HIGH | — | 0 |
| CVE-2020-26818 SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information tha... | 8.8 | HIGH | — | 0 |
| CVE-2020-26820 SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the fi... | 7.2 | HIGH | — | 0 |
| CVE-2020-26821 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact ... | 10.0 | CRITICAL | — | 0 |
| CVE-2020-26822 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, t... | 10.0 | CRITICAL | — | 0 |
| CVE-2020-26823 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Servi... | 10.0 | CRITICAL | — | 0 |
| CVE-2020-26824 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an ... | 10.0 | CRITICAL | — | 0 |
| CVE-2020-6316 SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check. | 4.3 | MEDIUM | — | 0 |
| CVE-2020-27146 The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Sit... | 5.0 | MEDIUM | — | 0 |
| CVE-2020-27403 A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to arb... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-28055 A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows a local unprivileged attacker, such as a m... | 7.8 | HIGH | — | 0 |
| CVE-2020-28368 Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Pla... | 4.4 | MEDIUM | — | 0 |
| CVE-2019-7357 Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins. | 8.8 | HIGH | — | 0 |
| CVE-2020-23968 Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log. | 7.8 | HIGH | — | 0 |
| CVE-2020-24063 The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. | 7.2 | HIGH | — | 0 |
| CVE-2020-24367 Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user. | 7.8 | HIGH | — | 0 |
| CVE-2020-28408 The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard. | 5.4 | MEDIUM | — | 0 |
| CVE-2020-28409 The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component (e.g., a button) when events such as click, hover, etc. occur. | 5.4 | MEDIUM | — | 0 |
| CVE-2020-25267 An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4. | 5.4 | MEDIUM | — | 0 |
| CVE-2020-25268 Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data. | 8.8 | HIGH | — | 0 |
| CVE-2020-16126 An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to Account... | 3.3 | LOW | — | 0 |
| CVE-2020-16127 An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment fi... | 2.8 | LOW | — | 0 |
| CVE-2020-16970 Azure Sphere Unsigned Code Execution Vulnerability | 8.1 | HIGH | — | 0 |
| CVE-2020-16979 Microsoft SharePoint Information Disclosure Vulnerability | 5.3 | MEDIUM | — | 0 |
| CVE-2020-16981 Azure Sphere Elevation of Privilege Vulnerability | 6.1 | MEDIUM | — | 0 |
| CVE-2020-16982 Azure Sphere Unsigned Code Execution Vulnerability | 6.1 | MEDIUM | — | 0 |
| CVE-2020-16983 Azure Sphere Tampering Vulnerability | 5.7 | MEDIUM | — | 0 |
| CVE-2020-16984 Azure Sphere Unsigned Code Execution Vulnerability | 7.3 | HIGH | — | 0 |
| CVE-2020-16985 Azure Sphere Information Disclosure Vulnerability | 6.2 | MEDIUM | — | 0 |
| CVE-2020-16987 Azure Sphere Unsigned Code Execution Vulnerability | 7.3 | HIGH | — | 0 |
| CVE-2020-16988 Azure Sphere Elevation of Privilege Vulnerability | 6.9 | MEDIUM | — | 0 |
| CVE-2020-16989 Azure Sphere Elevation of Privilege Vulnerability | 5.4 | MEDIUM | — | 0 |
| CVE-2020-16990 Azure Sphere Information Disclosure Vulnerability | 6.2 | MEDIUM | — | 0 |
| CVE-2020-16991 Azure Sphere Unsigned Code Execution Vulnerability | 7.3 | HIGH | — | 0 |
| CVE-2020-16992 Azure Sphere Elevation of Privilege Vulnerability | 7.5 | HIGH | — | 0 |
| CVE-2020-16993 Azure Sphere Elevation of Privilege Vulnerability | 5.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.