CVEs from 2020
Total
4,811
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.0%
% with KEV
3.0%
% with exploit
3.1%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-6207 | unknown | — | 1.5 | 5y ago | SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connected to the Solution M… | |
| CVE-2020-3950 | unknown | — | 1.5 | 5y ago | VMware Fusion, Remote Console (VMRC) for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileg… | |
| CVE-2020-16010 | unknown | — | 1.5 | 5y ago | Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a craft… | |
| CVE-2020-27932 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges. | |
| CVE-2020-5735 | unknown | — | 1.5 | 5y ago | Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the device and possibly execute code. | |
| CVE-2020-29583 | unknown | — | 1.5 | 5y ago | Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account ("zyfwp") with an unchangeable password. | |
| CVE-2020-0041 | unknown | — | 1.5 | 5y ago | Android Kernel binder_transaction of binder.c contains an out-of-bounds write vulnerability due to an incorrect bounds check that could allow for local privilege escalation. This vulnerability was ob… | |
| CVE-2020-8644 | unknown | — | 1.5 | 5y ago | PlaySMS contains a server-side template injection vulnerability that allows for remote code execution. | |
| CVE-2020-0878 | unknown | — | 1.5 | 5y ago | Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user. | |
| CVE-2020-0688 | unknown | — | 1.5 | 5y ago | Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution. | |
| CVE-2020-5902 | unknown | — | 1.5 | 5y ago | F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages. | |
| CVE-2020-15505 | unknown | — | 1.5 | 5y ago | Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution. | |
| CVE-2020-8599 | unknown | — | 1.5 | 5y ago | Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login. | |
| CVE-2020-17144 | unknown | — | 1.5 | 5y ago | Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution. | |
| CVE-2020-3580 | unknown | — | 1.5 | 5y ago | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an insufficient input validation vulnerability for user-supplied input by the web services interface. Successful ex… | |
| CVE-2020-26919 | unknown | — | 1.5 | 5y ago | Netgear JGS516PE devices contain a missing function level access control vulnerability. | |
| CVE-2020-24557 | unknown | — | 1.5 | 5y ago | Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a particular product … | |
| CVE-2020-11738 | unknown | — | 1.5 | 5y ago | WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the generated files from their… | |
| CVE-2020-27950 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory. | |
| CVE-2020-14871 | unknown | — | 1.5 | 5y ago | Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems. | |
| CVE-2020-1040 | unknown | — | 1.5 | 5y ago | Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest operating system. S… | |
| CVE-2020-10221 | unknown | — | 1.5 | 5y ago | rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter. | |
| CVE-2020-8655 | unknown | — | 1.5 | 5y ago | EyesOfNetwork contains an improper privilege management vulnerability that may allow a user to run commands as root via a crafted Nmap Scripting Engine (NSE) script to nmap7. | |
| CVE-2020-6287 | unknown | — | 1.5 | 5y ago | SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create adminis… | |
| CVE-2020-0069 | unknown | — | 1.5 | 5y ago | Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write… | |
| CVE-2020-4427 | unknown | — | 1.5 | 5y ago | IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially craf… | |
| CVE-2020-1380 | unknown | — | 1.5 | 5y ago | Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user. | |
| CVE-2020-8260 | unknown | — | 1.5 | 5y ago | Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction. | |
| CVE-2020-2555 | unknown | — | 1.5 | 5y ago | Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. Impacted Oracle prod… | |
| CVE-2020-8193 | unknown | — | 1.5 | 5y ago | Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacke… | |
| CVE-2020-9819 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message. | |
| CVE-2020-8467 | unknown | — | 1.5 | 5y ago | Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution. | |
| CVE-2020-3452 | unknown | — | 1.5 | 5y ago | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerab… | |
| CVE-2020-9818 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message. | |
| CVE-2020-10148 | unknown | — | 1.5 | 5y ago | SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands. | |
| CVE-2020-8468 | unknown | — | 1.5 | 5y ago | Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components. | |
| CVE-2020-4428 | unknown | — | 1.5 | 5y ago | IBM Data Risk Manager contains an unspecified vulnerability which could allow a remote, authenticated attacker to execute commands on the system.� | |
| CVE-2020-0683 | unknown | — | 1.5 | 5y ago | Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or remove files. | |
| CVE-2020-8196 | unknown | — | 1.5 | 5y ago | Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability. | |
| CVE-2020-13927 | unknown | — | 1.5 | 5y ago | The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the d… | |
| CVE-2020-17519 | unknown | — | 1.5 | 6y ago | Apache Flink contains an improper access control vulnerability that allows an attacker to read any file on the local filesystem of the JobManager through its REST interface. | |
| CVE-2020-13671 | unknown | — | 1.5 | 6y ago | Improper sanitization in the extension file names is present in Drupal core. | |
| CVE-2020-1956 | unknown | — | 1.5 | 6y ago | Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution. | |
| CVE-2020-11978 | unknown | — | 1.5 | 6y ago | An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any aut… | |
| CVE-2020-5410 | unknown | — | 1.5 | 6y ago | Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files. | |
| CVE-2020-10199 | unknown | — | 1.5 | 6y ago | Sonatype Nexus Repository contains an unspecified vulnerability that allows for remote code execution. | |
| CVE-2020-13152 | unknown | — | 1.0 | — | A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time,… | |
| CVE-2020-8163 | unknown | — | 1.0 | 6y ago | The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. | |
| CVE-2020-0009 | unknown | — | — | — | In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared betwee… |