CVEs from 2020
Total
4,812
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.0%
% with KEV
3.0%
% with exploit
3.1%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-3161 | unknown | — | 1.5 | 5y ago | Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service (… | |
| CVE-2020-3952 | unknown | — | 1.5 | 5y ago | VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly implement access controls… | |
| CVE-2020-9859 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges. | |
| CVE-2020-12812 | unknown | — | 1.5 | 5y ago | Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if t… | |
| CVE-2020-1020 | unknown | — | 1.5 | 5y ago | Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code exec… | |
| CVE-2020-1054 | unknown | — | 1.5 | 5y ago | Microsoft Win32k contains a privilege escalation vulnerability when the Windows kernel-mode driver fails to properly handle objects in memory. Successful exploitation allows an attacker to execute co… | |
| CVE-2020-8243 | unknown | — | 1.5 | 5y ago | Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution. | |
| CVE-2020-5849 | unknown | — | 1.5 | 5y ago | Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote code execution. | |
| CVE-2020-6207 | unknown | — | 1.5 | 5y ago | SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connected to the Solution M… | |
| CVE-2020-5735 | unknown | — | 1.5 | 5y ago | Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the device and possibly execute code. | |
| CVE-2020-8644 | unknown | — | 1.5 | 5y ago | PlaySMS contains a server-side template injection vulnerability that allows for remote code execution. | |
| CVE-2020-0878 | unknown | — | 1.5 | 5y ago | Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user. | |
| CVE-2020-5902 | unknown | — | 1.5 | 5y ago | F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages. | |
| CVE-2020-8515 | unknown | — | 1.5 | 5y ago | DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution. | |
| CVE-2020-17087 | unknown | — | 1.5 | 5y ago | Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2020-8599 | unknown | — | 1.5 | 5y ago | Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login. | |
| CVE-2020-17144 | unknown | — | 1.5 | 5y ago | Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution. | |
| CVE-2020-3580 | unknown | — | 1.5 | 5y ago | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an insufficient input validation vulnerability for user-supplied input by the web services interface. Successful ex… | |
| CVE-2020-24557 | unknown | — | 1.5 | 5y ago | Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a particular product … | |
| CVE-2020-11738 | unknown | — | 1.5 | 5y ago | WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the generated files from their… | |
| CVE-2020-27950 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory. | |
| CVE-2020-14871 | unknown | — | 1.5 | 5y ago | Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems. | |
| CVE-2020-1040 | unknown | — | 1.5 | 5y ago | Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest operating system. S… | |
| CVE-2020-10221 | unknown | — | 1.5 | 5y ago | rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter. | |
| CVE-2020-8655 | unknown | — | 1.5 | 5y ago | EyesOfNetwork contains an improper privilege management vulnerability that may allow a user to run commands as root via a crafted Nmap Scripting Engine (NSE) script to nmap7. | |
| CVE-2020-6287 | unknown | — | 1.5 | 5y ago | SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create adminis… | |
| CVE-2020-5847 | unknown | — | 1.5 | 5y ago | Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access. | |
| CVE-2020-0986 | unknown | — | 1.5 | 5y ago | Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in kernel mode. | |
| CVE-2020-9819 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message. | |
| CVE-2020-8467 | unknown | — | 1.5 | 5y ago | Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution. | |
| CVE-2020-3452 | unknown | — | 1.5 | 5y ago | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerab… | |
| CVE-2020-9818 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message. | |
| CVE-2020-10148 | unknown | — | 1.5 | 5y ago | SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands. | |
| CVE-2020-1380 | unknown | — | 1.5 | 5y ago | Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user. | |
| CVE-2020-8260 | unknown | — | 1.5 | 5y ago | Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction. | |
| CVE-2020-0938 | unknown | — | 1.5 | 5y ago | Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code exec… | |
| CVE-2020-14750 | unknown | — | 1.5 | 5y ago | Oracle WebLogic Server contains an unspecified vulnerability allowing an unauthenticated attacker to perform remote code execution. This vulnerability is related to CVE-2020-14882. | |
| CVE-2020-3566 | unknown | — | 1.5 | 5y ago | Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to … | |
| CVE-2020-3569 | unknown | — | 1.5 | 5y ago | Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to … | |
| CVE-2020-13927 | unknown | — | 1.5 | 5y ago | The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the d… | |
| CVE-2020-17519 | unknown | — | 1.5 | 6y ago | Apache Flink contains an improper access control vulnerability that allows an attacker to read any file on the local filesystem of the JobManager through its REST interface. | |
| CVE-2020-13671 | unknown | — | 1.5 | 6y ago | Improper sanitization in the extension file names is present in Drupal core. | |
| CVE-2020-1956 | unknown | — | 1.5 | 6y ago | Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution. | |
| CVE-2020-11978 | unknown | — | 1.5 | 6y ago | An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any aut… | |
| CVE-2020-5410 | unknown | — | 1.5 | 6y ago | Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files. | |
| CVE-2020-10199 | unknown | — | 1.5 | 6y ago | Sonatype Nexus Repository contains an unspecified vulnerability that allows for remote code execution. |