National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 131,082 matching records.
Displaying matches 301 through 320.
Vuln ID Summary CVSS Severity
CVE-2020-6190

Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to Information Disclosure.

Published: February 12, 2020; 03:15:14 PM -05:00
(not available)
CVE-2020-6189

Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricted leading to Information Disclosure.

Published: February 12, 2020; 03:15:14 PM -05:00
(not available)
CVE-2020-6188

VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.

Published: February 12, 2020; 03:15:14 PM -05:00
(not available)
CVE-2020-6187

SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service.

Published: February 12, 2020; 03:15:14 PM -05:00
(not available)
CVE-2020-6186

SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service.

Published: February 12, 2020; 03:15:14 PM -05:00
(not available)
CVE-2020-6185

Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability.

Published: February 12, 2020; 03:15:14 PM -05:00
(not available)
CVE-2020-6184

Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability.

Published: February 12, 2020; 03:15:13 PM -05:00
(not available)
CVE-2020-6183

SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details, leading to Missing Authorization Check vulnerability.

Published: February 12, 2020; 03:15:13 PM -05:00
(not available)
CVE-2020-6181

Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability.

Published: February 12, 2020; 03:15:13 PM -05:00
(not available)
CVE-2020-6177

SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of leaking content of files on the server.

Published: February 12, 2020; 03:15:13 PM -05:00
(not available)
CVE-2011-3901

Android SQLite Journal before 4.0.1 has an information disclosure vulnerability.

Published: February 12, 2020; 03:15:13 PM -05:00
(not available)
CVE-2011-3336

regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.

Published: February 12, 2020; 03:15:13 PM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2011-2499

Mambo CMS through 4.6.5 has multiple XSS.

Published: February 12, 2020; 03:15:13 PM -05:00
(not available)
CVE-2011-2343

The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer.

Published: February 12, 2020; 03:15:13 PM -05:00
(not available)
CVE-2020-8949

Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the cgi-bin/webui/admin/tools/app_ping/diag_ping/; substring.

Published: February 12, 2020; 02:15:14 PM -05:00
(not available)
CVE-2019-19192

The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol (ATT) requests on reception, allowing attackers in radio range to cause an event deadlock or crash via crafted packets.

Published: February 12, 2020; 02:15:14 PM -05:00
(not available)
CVE-2019-17519

The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflow via a crafted packet.

Published: February 12, 2020; 02:15:14 PM -05:00
(not available)
CVE-2013-3725

Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.

Published: February 12, 2020; 02:15:13 PM -05:00
(not available)
CVE-2011-4338

Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password.

Published: February 12, 2020; 02:15:13 PM -05:00
(not available)
CVE-2020-8947

functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224.

Published: February 12, 2020; 01:15:10 PM -05:00
V3.1: 7.2 HIGH
    V2: 9.0 HIGH