CVE-2020-28055

A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows a local unprivileged attacker, such as a malicious App, to read & write to the /data/vendor/tcl, /data/vendor/upgrade, and /var/TerminalManager directories within the TV file system. An attacker, such as a malicious APK or local unprivileged user could perform fake system upgrades by writing to the /data/vendor/upgrage folder.

Source: CVE-2020-28055

CVE-2020-27403

A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to arbitrarily browse and download sensitive files over an insecure web server running on port 7989 that lists all files & directories. An unprivileged remote attacker on the adjacent network, can download most system files, leading to serious critical information disclosure.

Source: CVE-2020-27403

CVE-2020-27146

The Core component of TIBCO Software Inc.’s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery (CSRF) attack on the affected system. A successful attack using this vulnerability requires human interaction from an authenticated user other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO iProcess Workspace (Browser): versions 11.6.0 and below.

Source: CVE-2020-27146

CVE-2020-6316

SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.

Source: CVE-2020-6316

CVE-2020-26819

SAP NetWeaver AS ABAP (Web Dynpro), versions – 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control.

Source: CVE-2020-26819

CVE-2020-26821

SAP Solution Manager (JAVA stack), version – 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service.

Source: CVE-2020-26821

CVE-2020-26822

SAP Solution Manager (JAVA stack), version – 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service.

Source: CVE-2020-26822

CVE-2020-26823

SAP Solution Manager (JAVA stack), version – 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service.

Source: CVE-2020-26823

CVE-2020-26824

SAP Solution Manager (JAVA stack), version – 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availability of the service.

Source: CVE-2020-26824

CVE-2020-26820

SAP NetWeaver AS JAVA, versions – 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file. The attacker or another user can then use a separate mechanism to execute OS commands through the uploaded file leading to Privilege Escalation and completely compromise the confidentiality, integrity and availability of the server operating system and any application running on it.

Source: CVE-2020-26820