|
202211
|
9.9 |
CRITICAL
Network
|
amd
|
radeon_directx_11_driver_atidxx64.dll
|
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a specially crafted shader file …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-6101
|
2024-11-21 14:35 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202212
|
9.9 |
CRITICAL
Network
|
amd
|
radeon_directx_11_driver_atidxx64.dll
|
An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. A specially crafted pixel shader can cause memory corruption vulnerability. An attacker ca…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-6100
|
2024-11-21 14:35 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202213
|
5.3 |
MEDIUM
Network
|
silverstripe
|
silverstripe
|
SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in th…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-6165
|
2024-11-21 14:35 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202214
|
7.5 |
HIGH
Network
|
silverstripe
|
silverstripe
|
In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application…
|
NVD-CWE-noinfo
|
CVE-2020-6164
|
2024-11-21 14:35 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202215
|
8.8 |
HIGH
Network
|
sap
|
disclosure_management
|
Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration.
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-6292
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202216
|
8.8 |
HIGH
Network
|
sap
|
disclosure_management
|
SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-6291
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202217
|
6.3 |
MEDIUM
Network
|
sap
|
disclosure_management
|
SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID.
|
CWE-384
Session Fixation
|
CVE-2020-6290
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202218
|
8.8 |
HIGH
Network
|
sap
|
disclosure_management
|
SAP Disclosure Management, version 10.1, had insufficient protection against Cross-Site Request Forgery, which could be used to trick user in to browsing malicious site.
|
CWE-352
Origin Validation Error
|
CVE-2020-6289
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202219
|
10.0 |
CRITICAL
Network
|
sap
|
netweaver_application_server_java
|
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configura…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-6287
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202220
|
5.3 |
MEDIUM
Network
|
sap
|
netweaver_application_server_java
|
The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacke…
|
CWE-22
Path Traversal
|
CVE-2020-6286
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
