CVEs from 2020
Total
3,795
critical
critical 206
high
high 563
medium
medium 745
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-0938 | unknown | — | 1.5 | 5y ago | Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code exec… | |||
| CVE-2020-1020 | unknown | — | 1.5 | 5y ago | Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code exec… | |||
| CVE-2020-3118 | unknown | — | 1.5 | 5y ago | Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administra… | |||
| CVE-2020-1040 | unknown | — | 1.5 | 5y ago | Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest operating system. S… | |||
| CVE-2020-1464 | unknown | — | 1.5 | 5y ago | Microsoft Windows contains a spoofing vulnerability when Windows incorrectly validates file signatures, allowing an attacker to bypass security features and load improperly signed files. | |||
| CVE-2020-1350 | unknown | — | 1.5 | 5y ago | Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under… | |||
| CVE-2020-3580 | unknown | — | 1.5 | 5y ago | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an insufficient input validation vulnerability for user-supplied input by the web services interface. Successful ex… | |||
| CVE-2020-1380 | unknown | — | 1.5 | 5y ago | Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user. | |||
| CVE-2020-0968 | unknown | — | 1.5 | 5y ago | Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution. | |||
| CVE-2020-9859 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges. | |||
| CVE-2020-8195 | unknown | — | 1.5 | 5y ago | Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability. | |||
| CVE-2020-9819 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message. | |||
| CVE-2020-27932 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges. | |||
| CVE-2020-27950 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory. | |||
| CVE-2020-26919 | unknown | — | 1.5 | 5y ago | Netgear JGS516PE devices contain a missing function level access control vulnerability. | |||
| CVE-2020-8193 | unknown | — | 1.5 | 5y ago | Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacke… | |||
| CVE-2020-27930 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front. | |||
| CVE-2020-0069 | unknown | — | 1.5 | 5y ago | Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write… | |||
| CVE-2020-0041 | unknown | — | 1.5 | 5y ago | Android Kernel binder_transaction of binder.c contains an out-of-bounds write vulnerability due to an incorrect bounds check that could allow for local privilege escalation. This vulnerability was ob… | |||
| CVE-2020-8243 | unknown | — | 1.5 | 5y ago | Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution. | |||
| CVE-2020-3569 | unknown | — | 1.5 | 5y ago | Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to … | |||
| CVE-2020-25506 | unknown | — | 1.5 | 5y ago | D-Link DNS-320 device contains a command injection vulnerability in the sytem_mgr.cgi component that may allow for remote code execution. | |||
| CVE-2020-4430 | unknown | — | 1.5 | 5y ago | IBM Data Risk Manager contains a directory traversal vulnerability that could allow a remote authenticated attacker to traverse directories and send a specially crafted URL request to download arbitr… | |||
| CVE-2020-12812 | unknown | — | 1.5 | 5y ago | Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if t… | |||
| CVE-2020-10148 | unknown | — | 1.5 | 5y ago | SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands. | |||
| CVE-2020-16010 | unknown | — | 1.5 | 5y ago | Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted … | |||
| CVE-2020-0878 | unknown | — | 1.5 | 5y ago | Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user. | |||
| CVE-2020-8196 | unknown | — | 1.5 | 5y ago | Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability. | |||
| CVE-2020-17087 | unknown | — | 1.5 | 5y ago | Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2020-17144 | unknown | — | 1.5 | 5y ago | Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution. | |||
| CVE-2020-10181 | unknown | — | 1.5 | 5y ago | Sumavision Enhanced Multimedia Router (EMR) contains a cross-site request forgery (CSRF) vulnerability allowing the creation of users with elevated privileges as administrator on a device. | |||
| CVE-2020-9818 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message. | |||
| CVE-2020-12271 | unknown | — | 1.5 | 5y ago | Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. S… | |||
| CVE-2020-8599 | unknown | — | 1.5 | 5y ago | Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login. | |||
| CVE-2020-29557 | unknown | — | 1.5 | 5y ago | D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution. | |||
| CVE-2020-3566 | unknown | — | 1.5 | 5y ago | Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to … | |||
| CVE-2020-4006 | unknown | — | 1.5 | 5y ago | VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative config… | |||
| CVE-2020-29583 | unknown | — | 1.5 | 5y ago | Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account ("zyfwp") with an unchangeable password. | |||
| CVE-2020-3992 | unknown | — | 1.5 | 5y ago | VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution. | |||
| CVE-2020-10987 | unknown | — | 1.5 | 5y ago | Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter. | |||
| CVE-2020-8468 | unknown | — | 1.5 | 5y ago | Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components. | |||
| CVE-2020-24557 | unknown | — | 1.5 | 5y ago | Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a particular product … | |||
| CVE-2020-8467 | unknown | — | 1.5 | 5y ago | Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution. | |||
| CVE-2020-13671 | unknown | — | 1.5 | 6y ago | Improper sanitization in the extension file names is present in Drupal core. | |||
| CVE-2020-1956 | unknown | — | 1.5 | 6y ago | Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution. | |||
| CVE-2020-0009 | unknown | — | 1.0 | — | In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared betwee… | |||
| CVE-2020-2229 | unknown | — | 1.0 | 4y ago | Jenkins Cross-Site Scripting vulnerability in help icons | |||
| CVE-2020-2230 | unknown | — | 1.0 | 4y ago | Jenkins Cross-site Scripting vulnerability in project naming strategy | |||
| CVE-2020-2231 | unknown | — | 1.0 | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2020-7934 | unknown | — | 1.0 | 4y ago | Liferay Portal Vulnerable to Persistent Cross-Site Scripting (XSS) in MyAccountPortlet | |||
| CVE-2020-2096 | unknown | — | 1.0 | 4y ago | Reflected XSS vulnerability in Jenkins gitlab-hook Plugin | |||
| CVE-2020-27955 | unknown | — | 1.0 | 4y ago | Git LFS 2.12.0 allows Remote Code Execution. | |||
| CVE-2020-13951 | unknown | — | 1.0 | 4y ago | Denial of service in Apache OpenMeetings | |||
| CVE-2020-35476 | unknown | — | 1.0 | 5y ago | OS Command Injection in OpenTSDB | |||
| CVE-2020-9283 | unknown | — | 1.0 | 5y ago | golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accept… | |||
| CVE-2020-13800 | unknown | — | — | — | ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. | |||
| CVE-2020-24698 | unknown | — | — | — | An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a cras… | |||
| CVE-2020-8992 | unknown | — | — | — | ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. | |||
| CVE-2020-27781 | unknown | — | — | — | User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to … | |||
| CVE-2020-9391 | unknown | — | — | — | An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory … | |||
| CVE-2020-36790 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a memory leak We forgot to free new_model_number | |||
| CVE-2020-36788 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: avoid a use-after-free when BO init fails nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code b… | |||
| CVE-2020-6386 | unknown | — | — | — | Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-36787 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: aspeed: fix clock handling logic Video engine uses eclk and vclk for its clock sources and its reset control is coupled wi… | |||
| CVE-2020-36785 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs() The "s3a_buf" is freed along with all the other items on the … | |||
| CVE-2020-36783 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: i2c: img-scb: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on retur… | |||
| CVE-2020-36784 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on retur… | |||
| CVE-2020-36782 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on ret… | |||
| CVE-2020-36781 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: i2c: imx: fix reference leak when pm_runtime_get_sync fails In i2c_imx_xfer() and i2c_imx_remove(), the pm reference count is not… | |||
| CVE-2020-36779 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: i2c: stm32f7: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on retur… | |||
| CVE-2020-36780 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return i… | |||
| CVE-2020-13614 | unknown | — | — | — | An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification. | |||
| CVE-2020-36773 | unknown | — | — | — | Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one … | |||
| CVE-2020-18839 | unknown | — | — | — | Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service. | |||
| CVE-2020-14402 | unknown | — | — | — | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. | |||
| CVE-2020-36778 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: i2c: xiic: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return i… | |||
| CVE-2020-14396 | unknown | — | — | — | An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. | |||
| CVE-2020-12389 | unknown | — | — | — | The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerab… | |||
| CVE-2020-6501 | unknown | — | — | — | Insufficient policy enforcement in CSP in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||
| CVE-2020-6492 | unknown | — | — | — | Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2020-6543 | unknown | — | — | — | Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6503 | unknown | — | — | — | Inappropriate implementation in accessibility in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2020-36766 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning lo… | |||
| CVE-2020-36313 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include… | |||
| CVE-2020-36311 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires … | |||
| CVE-2020-6532 | unknown | — | — | — | Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6542 | unknown | — | — | — | Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6567 | unknown | — | — | — | Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML pa… | |||
| CVE-2020-6538 | unknown | — | — | — | Inappropriate implementation in WebView in Google Chrome on Android prior to 84.0.4147.105 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2020-6558 | unknown | — | — | — | Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||
| CVE-2020-6546 | unknown | — | — | — | Inappropriate implementation in installer in Google Chrome prior to 84.0.4147.125 allowed a local attacker to potentially elevate privilege via a crafted filesystem. | |||
| CVE-2020-35519 | unknown | — | — | — | An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the sy… | |||
| CVE-2020-6547 | unknown | — | — | — | Incorrect security UI in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially obtain sensitive information via a crafted HTML page. | |||
| CVE-2020-21890 | unknown | — | — | — | Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via openi… | |||
| CVE-2020-6419 | unknown | — | — | — | Out of bounds write in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6550 | unknown | — | — | — | Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6555 | unknown | — | — | — | Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2020-35513 | unknown | — | — | — | A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if b… | |||
| CVE-2020-6551 | unknown | — | — | — | Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6561 | unknown | — | — | — | Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |