CVEs from 2020
Total
4,812
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.0%
% with KEV
3.0%
% with exploit
3.1%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-9715 | unknown | — | 1.5 | 2mo ago | Adobe Acrobat contains a use-after-free vulnerability that allows for code execution | |
| CVE-2020-7796 | unknown | — | 1.5 | 3mo ago | Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery vulnerability if WebEx zimlet installed and zimlet JSP is enabled. | |
| CVE-2020-24363 | unknown | — | 1.5 | 9mo ago | TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST … | |
| CVE-2020-25079 | unknown | — | 1.5 | 10mo ago | D-Link DCS-2530L and DCS-2670L devices contains a command injection vulnerability in the cgi-bin/ddns_enc.cgi. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users shou… | |
| CVE-2020-25078 | unknown | — | 1.5 | 10mo ago | D-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted products could be end-of-life (EoL) and/or end… | |
| CVE-2020-15069 | unknown | — | 1.5 | 1y ago | Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature. | |
| CVE-2020-29574 | unknown | — | 1.5 | 1y ago | CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely. | |
| CVE-2020-2883 | unknown | — | 1.5 | 1y ago | Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3. | |
| CVE-2020-15415 | unknown | — | 1.5 | 2y ago | DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacte… | |
| CVE-2020-0618 | unknown | — | 1.5 | 2y ago | Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. An authenticated attacker can exploit this vulnerability to execute code in t… | |
| CVE-2020-14644 | unknown | — | 1.5 | 2y ago | Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerabi… | |
| CVE-2020-13965 | unknown | — | 1.5 | 2y ago | An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview. | |
| CVE-2020-3259 | unknown | — | 1.5 | 2y ago | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerability. An attacker could retrieve memory contents on an affected device, which cou… | |
| CVE-2020-2551 | unknown | — | 1.5 | 3y ago | Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server. | |
| CVE-2020-12641 | unknown | — | 1.5 | 3y ago | rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. | |
| CVE-2020-5741 | unknown | — | 1.5 | 3y ago | Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload featur… | |
| CVE-2020-3433 | unknown | — | 1.5 | 4y ago | Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacke… | |
| CVE-2020-3153 | unknown | — | 1.5 | 4y ago | Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary … | |
| CVE-2020-9934 | unknown | — | 1.5 | 4y ago | Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information. | |
| CVE-2020-0601 | unknown | — | 1.5 | 4y ago | Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by usin… | |
| CVE-2020-3837 | unknown | — | 1.5 | 4y ago | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. | |
| CVE-2020-9907 | unknown | — | 1.5 | 4y ago | Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. | |
| CVE-2020-16846 | unknown | — | 1.5 | 4y ago | An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. | |
| CVE-2020-1147 | unknown | — | 1.5 | 4y ago | Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploi… | |
| CVE-2020-11651 | unknown | — | 1.5 | 4y ago | An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access… | |
| CVE-2020-11652 | unknown | — | 1.5 | 4y ago | An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods … | |
| CVE-2020-7961 | unknown | — | 1.5 | 4y ago | Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services. | |
| CVE-2020-0638 | unknown | — | 1.5 | 4y ago | Microsoft Update Notification Manager contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2020-1027 | unknown | — | 1.5 | 4y ago | An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated … | |
| CVE-2020-2509 | unknown | — | 1.5 | 4y ago | QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution. | |
| CVE-2020-2021 | unknown | — | 1.5 | 4y ago | Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication. | |
| CVE-2020-25223 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM. | |
| CVE-2020-9377 | unknown | — | 1.5 | 4y ago | D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php. | |
| CVE-2020-1631 | unknown | — | 1.5 | 4y ago | A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZT… | |
| CVE-2020-9054 | unknown | — | 1.5 | 4y ago | Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code. | |
| CVE-2020-2506 | unknown | — | 1.5 | 4y ago | QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information. | |
| CVE-2020-5135 | unknown | — | 1.5 | 4y ago | A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. | |
| CVE-2020-8218 | unknown | — | 1.5 | 4y ago | A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. | |
| CVE-2020-11899 | unknown | — | 1.5 | 4y ago | The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability. | |
| CVE-2020-0796 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerabili… | |
| CVE-2020-17530 | unknown | — | 1.5 | 4y ago | Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution. | |
| CVE-2020-0787 | unknown | — | 1.5 | 4y ago | Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-l… | |
| CVE-2020-5722 | unknown | — | 1.5 | 4y ago | Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root. | |
| CVE-2020-14864 | unknown | — | 1.5 | 4y ago | Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file. | |
| CVE-2020-6572 | unknown | — | 1.5 | 4y ago | Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page. | |
| CVE-2020-8816 | unknown | — | 1.5 | 5y ago | Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. | |
| CVE-2020-17463 | unknown | — | 1.5 | 5y ago | FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. | |
| CVE-2020-11261 | unknown | — | 1.5 | 5y ago | Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Con… | |
| CVE-2020-8515 | unknown | — | 1.5 | 5y ago | DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution. | |
| CVE-2020-5902 | unknown | — | 1.5 | 5y ago | F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages. | |
| CVE-2020-14871 | unknown | — | 1.5 | 5y ago | Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems. | |
| CVE-2020-8243 | unknown | — | 1.5 | 5y ago | Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution. | |
| CVE-2020-14750 | unknown | — | 1.5 | 5y ago | Oracle WebLogic Server contains an unspecified vulnerability allowing an unauthenticated attacker to perform remote code execution. This vulnerability is related to CVE-2020-14882. | |
| CVE-2020-0938 | unknown | — | 1.5 | 5y ago | Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code exec… | |
| CVE-2020-0069 | unknown | — | 1.5 | 5y ago | Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write… | |
| CVE-2020-9818 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message. | |
| CVE-2020-10148 | unknown | — | 1.5 | 5y ago | SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands. | |
| CVE-2020-3452 | unknown | — | 1.5 | 5y ago | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerab… | |
| CVE-2020-8468 | unknown | — | 1.5 | 5y ago | Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components. | |
| CVE-2020-5847 | unknown | — | 1.5 | 5y ago | Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access. | |
| CVE-2020-0986 | unknown | — | 1.5 | 5y ago | Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in kernel mode. | |
| CVE-2020-8260 | unknown | — | 1.5 | 5y ago | Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction. | |
| CVE-2020-6287 | unknown | — | 1.5 | 5y ago | SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create adminis… | |
| CVE-2020-3566 | unknown | — | 1.5 | 5y ago | Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to … | |
| CVE-2020-4427 | unknown | — | 1.5 | 5y ago | IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially craf… | |
| CVE-2020-9819 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message. | |
| CVE-2020-10221 | unknown | — | 1.5 | 5y ago | rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter. | |
| CVE-2020-1040 | unknown | — | 1.5 | 5y ago | Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest operating system. S… | |
| CVE-2020-3569 | unknown | — | 1.5 | 5y ago | Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to … | |
| CVE-2020-8655 | unknown | — | 1.5 | 5y ago | EyesOfNetwork contains an improper privilege management vulnerability that may allow a user to run commands as root via a crafted Nmap Scripting Engine (NSE) script to nmap7. | |
| CVE-2020-27950 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory. | |
| CVE-2020-1380 | unknown | — | 1.5 | 5y ago | Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user. | |
| CVE-2020-11738 | unknown | — | 1.5 | 5y ago | WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the generated files from their… | |
| CVE-2020-24557 | unknown | — | 1.5 | 5y ago | Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a particular product … | |
| CVE-2020-3580 | unknown | — | 1.5 | 5y ago | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an insufficient input validation vulnerability for user-supplied input by the web services interface. Successful ex… | |
| CVE-2020-0878 | unknown | — | 1.5 | 5y ago | Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user. | |
| CVE-2020-1054 | unknown | — | 1.5 | 5y ago | Microsoft Win32k contains a privilege escalation vulnerability when the Windows kernel-mode driver fails to properly handle objects in memory. Successful exploitation allows an attacker to execute co… | |
| CVE-2020-8467 | unknown | — | 1.5 | 5y ago | Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution. | |
| CVE-2020-17496 | unknown | — | 1.5 | 5y ago | The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. Thi… | |
| CVE-2020-1350 | unknown | — | 1.5 | 5y ago | Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under… | |
| CVE-2020-14882 | unknown | — | 1.5 | 5y ago | Oracle WebLogic Server contains an unspecified vulnerability, which is assessed to allow for remote code execution, based on this vulnerability being related to CVE-2020-14750. | |
| CVE-2020-25213 | unknown | — | 1.5 | 5y ago | WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site. | |
| CVE-2020-0968 | unknown | — | 1.5 | 5y ago | Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution. | |
| CVE-2020-3118 | unknown | — | 1.5 | 5y ago | Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administra… | |
| CVE-2020-8599 | unknown | — | 1.5 | 5y ago | Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login. | |
| CVE-2020-3952 | unknown | — | 1.5 | 5y ago | VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly implement access controls… | |
| CVE-2020-4428 | unknown | — | 1.5 | 5y ago | IBM Data Risk Manager contains an unspecified vulnerability which could allow a remote, authenticated attacker to execute commands on the system.� | |
| CVE-2020-0683 | unknown | — | 1.5 | 5y ago | Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or remove files. | |
| CVE-2020-27932 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges. | |
| CVE-2020-9859 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges. | |
| CVE-2020-1020 | unknown | — | 1.5 | 5y ago | Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code exec… | |
| CVE-2020-17087 | unknown | — | 1.5 | 5y ago | Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2020-17144 | unknown | — | 1.5 | 5y ago | Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution. | |
| CVE-2020-8644 | unknown | — | 1.5 | 5y ago | PlaySMS contains a server-side template injection vulnerability that allows for remote code execution. | |
| CVE-2020-6207 | unknown | — | 1.5 | 5y ago | SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connected to the Solution M… | |
| CVE-2020-3161 | unknown | — | 1.5 | 5y ago | Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service (… | |
| CVE-2020-29557 | unknown | — | 1.5 | 5y ago | D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution. | |
| CVE-2020-5735 | unknown | — | 1.5 | 5y ago | Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the device and possibly execute code. | |
| CVE-2020-0674 | unknown | — | 1.5 | 5y ago | Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the … | |
| CVE-2020-27930 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front. |