|
202181
|
5.5 |
MEDIUM
Local
|
gonitro
|
nitro_pro
|
An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in…
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2020-6093
|
2024-11-21 14:35 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202182
|
7.8 |
HIGH
Local
|
gonitro
|
nitro_pro
|
An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-6092
|
2024-11-21 14:35 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202183
|
8.8 |
HIGH
Network
|
gonitro
|
nitro_pro
|
An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An a…
|
CWE-416
Use After Free
|
CVE-2020-6074
|
2024-11-21 14:35 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202184
|
8.8 |
HIGH
Network
|
sap
|
application_server
|
Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by…
|
CWE-94
Code Injection
|
CVE-2020-6262
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202185
|
6.5 |
MEDIUM
Network
|
sap
|
adaptive_server_enterprise
|
Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check.
|
CWE-862
Missing Authorization
|
CVE-2020-6259
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202186
|
6.5 |
MEDIUM
Network
|
sap
|
identity_management
|
SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to …
|
CWE-862
Missing Authorization
|
CVE-2020-6258
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202187
|
5.4 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence_platform
|
SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-6257
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202188
|
4.3 |
MEDIUM
Network
|
sap
|
master_data_governance
|
SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authoriz…
|
CWE-862
Missing Authorization
|
CVE-2020-6256
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202189
|
6.1 |
MEDIUM
Network
|
sap
|
enterprise_threat_detection
|
SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Si…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6254
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202190
|
7.2 |
HIGH
Network
|
sap
|
adaptive_server_enterprise
|
Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify data…
|
CWE-89
SQL Injection
|
CVE-2020-6253
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
