Export limit exceeded: 10276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10276 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6649 | 1 Fortinet | 1 Fortiisolator | 2024-11-21 | 9.8 Critical |
| An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks) | ||||
| CVE-2020-6644 | 1 Fortinet | 1 Fortideceptor | 2024-11-21 | 8.1 High |
| An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks. | ||||
| CVE-2020-6641 | 1 Fortinet | 1 Fortipresence | 2024-11-21 | 4.3 Medium |
| Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters. | ||||
| CVE-2020-6623 | 1 Nothings | 1 Stb Truetype.h | 2024-11-21 | 8.8 High |
| stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index. | ||||
| CVE-2020-6619 | 1 Nothings | 1 Stb Truetype.h | 2024-11-21 | 8.8 High |
| stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek. | ||||
| CVE-2020-6617 | 1 Nothings | 1 Stb Truetype.h | 2024-11-21 | 8.8 High |
| stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int. | ||||
| CVE-2020-6590 | 1 Forcepoint | 3 Data Loss Prevention, Email Security, Web Security Content Gateway | 2024-11-21 | 7.5 High |
| Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure. | ||||
| CVE-2020-6582 | 2 Fedoraproject, Nagios | 2 Fedora, Remote Plug In Executor | 2024-11-21 | 7.5 High |
| Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call. | ||||
| CVE-2020-6490 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-11-21 | 4.3 Medium |
| Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2020-6442 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-11-21 | 4.3 Medium |
| Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2020-6365 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware or similar malicious exploits. | ||||
| CVE-2020-6363 | 1 Sap | 1 Commerce Cloud | 2024-11-21 | 4.6 Medium |
| SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user. These sessions are established after the user has authenticated with username/passphrase credentials. The user can change their own passphrase, but this does not invalidate active sessions that the user may have with SAP Commerce Cloud web applications, which gives an attacker the opportunity to reuse old session credentials, resulting in Insufficient Session Expiration. | ||||
| CVE-2020-6292 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 8.8 High |
| Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration. | ||||
| CVE-2020-6291 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 8.8 High |
| SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration | ||||
| CVE-2020-6266 | 1 Sap | 1 Fiori | 2024-11-21 | 5.4 Medium |
| SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation, leading to URL Redirection. | ||||
| CVE-2020-6238 | 1 Sap | 1 Commerce Cloud | 2024-11-21 | 9.3 Critical |
| SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability (partially) of SAP Commerce. | ||||
| CVE-2020-6223 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 6.1 Medium |
| The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application, leading to Content Spoofing. | ||||
| CVE-2020-6215 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability. | ||||
| CVE-2020-6211 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 6.1 Medium |
| SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability. | ||||
| CVE-2020-6197 | 1 Sap | 1 Enable Now | 2024-11-21 | 3.3 Low |
| SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The Insufficient Session Expiration may allow attackers with local access, for instance, to still download the portables. | ||||