Export limit exceeded: 25070 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25070 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6366 | 1 Sap | 1 Netweaver Compare Systems | 2024-11-21 | 6.5 Medium |
| SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service. | ||||
| CVE-2020-6348 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 Medium |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2020-6344 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 Medium |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2020-6338 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 Medium |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RH file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2020-6334 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 Medium |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2020-6333 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 Medium |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2020-6332 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 Medium |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2020-6314 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 Medium |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2020-6304 | 1 Sap | 5 Netweaver Internet Communication Manager \(kernel\), Netweaver Internet Communication Manager \(krnl32nuc\), Netweaver Internet Communication Manager \(krnl32uc\) and 2 more | 2024-11-21 | 7.5 High |
| Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service. | ||||
| CVE-2020-6261 | 1 Sap | 1 Solution Manager | 2024-11-21 | 5.3 Medium |
| SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired. | ||||
| CVE-2020-6248 | 1 Sap | 1 Adaptive Server Enterprise Backup Server | 2024-11-21 | 7.2 High |
| SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection. | ||||
| CVE-2020-6227 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 7.5 High |
| SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, allowing to forge additional entries in GLF log files. | ||||
| CVE-2020-6202 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 7.2 High |
| SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation. | ||||
| CVE-2020-6192 | 1 Sap | 1 Landscape Management | 2024-11-21 | 7.2 High |
| SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management. | ||||
| CVE-2020-6191 | 1 Sap | 1 Landscape Management | 2024-11-21 | 7.2 High |
| SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation. | ||||
| CVE-2020-6190 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 5.8 Medium |
| Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to Information Disclosure. | ||||
| CVE-2020-6189 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.3 Medium |
| Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricted leading to Information Disclosure. | ||||
| CVE-2020-6178 | 1 Sap | 1 Enable Now | 2024-11-21 | 5.4 Medium |
| SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure. | ||||
| CVE-2020-6177 | 1 Sap | 1 Mobile Platform | 2024-11-21 | 4.3 Medium |
| SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of leaking content of files on the server. | ||||
| CVE-2020-6170 | 1 Genexis | 2 Platinum-4410, Platinum-4410 Firmware | 2024-11-21 | 9.8 Critical |
| An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI. | ||||