Skip to main content
CVE-2020-7323 MEDIUM This Month

Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required. No vendor patch available.

Microsoft Authentication Bypass Endpoint Security
NVD
CVSS 3.1
6.9
EPSS
0.3%
CVE-2020-15791 MEDIUM This Month

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic S7 300 Cpu 312 Firmware Simatic S7 300 Cpu 314 Firmware Simatic S7 300 Cpu 315 2 Dp Firmware Simatic S7 300 Cpu 315 2 Pn Firmware +10
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2020-6311 MEDIUM This Month

Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial products subledger, version � 100, does not correctly perform necessary authorization checks for an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Authentication Bypass Bank Analyzer S 4Hana For Financial Products Subledger
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-6321 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Denial Of Service Memory Corruption 3D Visual Enterprise Viewer
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-6313 MEDIUM This Month

SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Java
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-15788 MEDIUM This Month

A vulnerability has been identified in Polarion Subversion Webclient (All versions). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Polarion Subversion Webclient
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-24794 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Kentico before 12.0.75. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Xperience
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-6324 MEDIUM This Month

SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver As Abap Business Server Pages
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-6283 MEDIUM This Month

SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Fiori Launchpad
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-7324 MEDIUM This Month

Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Mvision Endpoint
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2020-5627 MEDIUM This Month

Yodobashi App for Android versions 1.8.7 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Open Redirect Yodobashi
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-3679 MEDIUM This Month

u'During execution after Address Space Layout Randomization is turned on for QTEE, part of code is still mapped at known address including code segments' in Snapdragon Auto, Snapdragon Compute,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Bitra Firmware Kamorta Firmware Nicobar Firmware +14
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-3674 MEDIUM PATCH This Month

Information can leak into userspace due to improper transfer of data from kernel to userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Nicobar Firmware Qcs405 Firmware +6
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-6326 MEDIUM This Month

SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java SAP Netweaver Knowledge Management
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-6312 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-15790 MEDIUM This Month

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Spectrum Power 4
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-15785 MEDIUM This Month

A vulnerability has been identified in Siveillance Video Client (All versions). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Siveillance Video Client
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2020-15784 MEDIUM This Month

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Spectrum Power 4
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2020-2039 MEDIUM This Month

An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Pan Os
NVD
CVSS 3.1
5.3
EPSS
46.4%
CVE-2020-6288 MEDIUM This Month

SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-7322 MEDIUM This Month

Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly. Rated medium severity (CVSS 4.7). No vendor patch available.

Microsoft Information Disclosure Endpoint Security
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-6361 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE files received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Memory Corruption 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6360 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Memory Corruption 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6359 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PLT file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Memory Corruption 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6358 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Memory Corruption 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6357 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Memory Corruption 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6356 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Memory Corruption 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6355 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Memory Corruption 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6354 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Use After Free Denial Of Service Memory Corruption 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6353 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Use After Free Denial Of Service Memory Corruption 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6352 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6351 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6350 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Memory Corruption 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6349 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Memory Corruption 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6348 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6347 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Memory Corruption 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6346 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Memory Corruption 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6345 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Information Disclosure 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6344 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6343 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Memory Corruption 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6342 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Memory Corruption 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6341 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Information Disclosure 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6340 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Memory Corruption 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6339 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Memory Corruption 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6338 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RH file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6337 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Memory Corruption 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6336 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Memory Corruption 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6335 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Memory Corruption 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6334 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6333 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy