2020 Security Vulnerability Report
CVE Statistics for 2020
There were 18150 security vulnerabilities (CVEs) published in 2020. In 2019 there were 17562.
The average severity was 7.0 out of 10, which decreased by 0.2 from 2019.
The average severity was 7.0 out of 10, which decreased by 0.2 from 2019.
Products & Vendors with the most security vulnerabilities published in 2020 Vulnerabilities may exist in multiple products or vendors
By Product
By Vendor
By Weakness
#1
XSS
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
1310
#2
Memory Corruption
The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
515
#3
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
491
#4
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
487
#5
Information Disclosure
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
445
#6
Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. A crash can occur when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string. The expected sentinel might not be located in the out-of-bounds memory, causing excessive data to be read, leading to a segmentation fault or a buffer overflow. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent read operation then produces undefined or unexpected results.
357
#7
SQL Injection
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
304
#8
Shell injection
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
296
#9
Directory traversal
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
242
#10
Buffer Overflow
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
241
#11
Session Riding
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. When a web server is designed to receive a request from a client without any mechanism for verifying that it was intentionally sent, then it might be possible for an attacker to trick a client into making an unintentional request to the web server which will be treated as an authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and can result in exposure of data or unintended code execution.
224
#12
authentification
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
202
#13
Dangling pointer
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
186
#14
Classic Buffer Overflow
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer. The simplest type of error, and the most common cause of buffer overflows, is the "classic" case in which the program copies the buffer without restricting how much is copied. Other variants exist, but the existence of a classic overflow strongly suggests that the programmer is not considering even the most basic of security protections.
179
#15
AuthZ
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
175
#16
Resource Exhaustion
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
163
#17
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
148
#18
AuthZ
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
146
#19
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
144
#20
Unrestricted File Upload
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
143
#21
Injection
The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. Software has certain assumptions about what constitutes data and control respectively. It is the lack of verification of these assumptions for user-controlled input that leads to injection problems. Injection problems encompass a wide variety of issues -- all mitigated in very different ways and usually attempted in order to alter the control flow of the process. For this reason, the most effective way to discuss these weaknesses is to note the distinct features which classify them as injection weaknesses. The most important issue to note is that all injection problems share one thing in common -- i.e., they allow for the injection of control plane data into the user-controlled data plane. This means that the execution of the process may be altered by sending code in through legitimate data channels, using no other mechanism. While buffer overflows, and many other flaws, involve the use of some further issue to gain execution, injection problems need only for the data to be parsed. The most classic instantiations of this category of weakness are SQL injection and format string vulnerabilities.
130
#22
Use of Hard-coded Credentials
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
117
#23
Marshaling, Unmarshaling
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
108
#24
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
106
#25
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. When a resource is given a permissions setting that provides access to a wider range of actors than required, it could lead to the exposure of sensitive information, or the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution or sensitive user data.
98
2020 Known Exploited Vulnerabilities
These vulnerabilities may be considered some of the most dangerous vulnerabilities of 2020, because they are both known to have been exploited and have a high severity score. In fact 5 vulnerabilities scored the highest possible CVSS base score, of 10.
10.0
WordPress File Manager Remote Code Execution Vulnerability
CVE-2020-25213 vulnerability in File Manager, disclosed on September 9, 2020
CVE-2020-25213 vulnerability in File Manager, disclosed on September 9, 2020
10.0
Oracle Solaris Pluggable Authentication Module vulnerability
CVE-2020-14871 vulnerability in Oracle Solaris, disclosed on October 21, 2020
CVE-2020-14871 vulnerability in Oracle Solaris, disclosed on October 21, 2020
10.0
Palo Alto PAN-OS Authentication Bypass Vulnerability
CVE-2020-2021 vulnerability in PAN-OS, disclosed on June 29, 2020
CVE-2020-2021 vulnerability in PAN-OS, disclosed on June 29, 2020
9.8
Apache Tomcat Improper Privilege Management Vulnerability
CVE-2020-1938 vulnerability in Tomcat, disclosed on February 24, 2020
CVE-2020-1938 vulnerability in Tomcat, disclosed on February 24, 2020
9.8
Oracle WebLogic Server Remote Code Execution Vulnerability
CVE-2020-14882 vulnerability in Oracle WebLogic Server, disclosed on October 21, 2020
CVE-2020-14882 vulnerability in Oracle WebLogic Server, disclosed on October 21, 2020
9.8
Oracle WebLogic Server Remote Code Execution Vulnerability
CVE-2020-14750 vulnerability in Oracle WebLogic Server, disclosed on November 2, 2020
CVE-2020-14750 vulnerability in Oracle WebLogic Server, disclosed on November 2, 2020
9.8
F5 BIG-IP Traffic Management User Interface Remote Code Execution Vulnerability
CVE-2020-5902 vulnerability in BIG-IP, disclosed on July 1, 2020
CVE-2020-5902 vulnerability in BIG-IP, disclosed on July 1, 2020
9.8
MobileIron Core, Connector, Sentry, and RDM Remote Code Execution Vulnerability
CVE-2020-15505 vulnerability in MobileIron Core & Connector, disclosed on July 7, 2020
CVE-2020-15505 vulnerability in MobileIron Core & Connector, disclosed on July 7, 2020
9.8
SaltStack Through 3002 Shell Injection Vulnerability
CVE-2020-16846 vulnerability in Salt, disclosed on November 6, 2020
CVE-2020-16846 vulnerability in Salt, disclosed on November 6, 2020
9.8
Apache Struts Forced OGNL Double Evaluation Remote Code Execution
CVE-2020-17530 vulnerability in Struts, disclosed on December 11, 2020
CVE-2020-17530 vulnerability in Struts, disclosed on December 11, 2020
9.8
Liferay Portal prior to 7.2.1 CE GA2 Remote Code Execution Vulnerability
CVE-2020-7961 vulnerability in Liferay Portal, disclosed on March 20, 2020
CVE-2020-7961 vulnerability in Liferay Portal, disclosed on March 20, 2020
9.8
SolarWinds Orion API Authentication Bypass Vulnerability
CVE-2020-10148 vulnerability in SolarWinds Orion Platform, disclosed on December 29, 2020
CVE-2020-10148 vulnerability in SolarWinds Orion Platform, disclosed on December 29, 2020
9.8
VMware vCenter Server Info Disclosure Vulnerability
CVE-2020-3952 vulnerability in vCenter Server, disclosed on April 10, 2020
CVE-2020-3952 vulnerability in vCenter Server, disclosed on April 10, 2020
9.8
DrayTek Vigor Router Vulnerability
CVE-2020-8515 vulnerability in Vigor Router(s), disclosed on February 1, 2020
CVE-2020-8515 vulnerability in Vigor Router(s), disclosed on February 1, 2020
9.8
ZyXEL Unified Security Gateway Undocumented Administrator Account with Default Credentials
CVE-2020-29583 vulnerability in Unified Security Gateway (USG), disclosed on December 22, 2020
CVE-2020-29583 vulnerability in Unified Security Gateway (USG), disclosed on December 22, 2020
9.8
Sophos SG UTM Remote Code Execution Vulnerability
CVE-2020-25223 vulnerability in SG UTM, disclosed on September 25, 2020
CVE-2020-25223 vulnerability in SG UTM, disclosed on September 25, 2020
9.8
Zyxel Multiple NAS Devices OS Command Injection Vulnerability
CVE-2020-9054 vulnerability in Multiple Network-Attached Storage (NAS) Devices, disclosed on March 4, 2020
CVE-2020-9054 vulnerability in Multiple Network-Attached Storage (NAS) Devices, disclosed on March 4, 2020
9.8
SaltStack Salt Authentication Bypass
CVE-2020-11651 vulnerability in Salt, disclosed on April 30, 2020
CVE-2020-11651 vulnerability in Salt, disclosed on April 30, 2020
9.8
vBulletin PHP Module Remote Code Execution Vulnerability
CVE-2020-17496 vulnerability in vBulletin, disclosed on August 12, 2020
CVE-2020-17496 vulnerability in vBulletin, disclosed on August 12, 2020
9.8
OpenSMTPD Remote Code Execution Vulnerability
CVE-2020-7247 vulnerability in OpenSMTPD, disclosed on January 29, 2020
CVE-2020-7247 vulnerability in OpenSMTPD, disclosed on January 29, 2020
9.8
Apache Airflow's Experimental API Authentication Bypass
CVE-2020-13927 vulnerability in Airflow's Experimental API, disclosed on November 10, 2020
CVE-2020-13927 vulnerability in Airflow's Experimental API, disclosed on November 10, 2020
9.8
PlaySMS Remote Code Execution Vulnerability
CVE-2020-8644 vulnerability in PlaySMS, disclosed on February 5, 2020
CVE-2020-8644 vulnerability in PlaySMS, disclosed on February 5, 2020
9.8
Jan 2020:
CVE-2020-0646 vulnerability in Microsoft .NET Framework, disclosed on January 14, 2020
CVE-2020-0646 vulnerability in Microsoft .NET Framework, disclosed on January 14, 2020
9.8
Unraid 6.8.0 Remote Code Execution Vulnerability
CVE-2020-5847 vulnerability in Unraid, disclosed on March 16, 2020
CVE-2020-5847 vulnerability in Unraid, disclosed on March 16, 2020
9.8
Netgear ProSAFE Plus JGS516PE Remote Code Execution vulnerability
CVE-2020-26919 vulnerability in NETGEAR JGS516PE devices, disclosed on October 9, 2020
CVE-2020-26919 vulnerability in NETGEAR JGS516PE devices, disclosed on October 9, 2020
9.8
Tenda Router Code Execution
CVE-2020-10987 vulnerability in Tenda AC15 AC1900, disclosed on July 13, 2020
CVE-2020-10987 vulnerability in Tenda AC15 AC1900, disclosed on July 13, 2020
9.8
Oracle WebLogic Server Remote Code Execution Vulnerability
CVE-2020-14644 vulnerability in WebLogic Server, disclosed on July 15, 2020
CVE-2020-14644 vulnerability in WebLogic Server, disclosed on July 15, 2020
9.8
Roundcube Webmail Remote Code Execution Vulnerability
CVE-2020-12641 vulnerability in Roundcube Webmail, disclosed on May 4, 2020
CVE-2020-12641 vulnerability in Roundcube Webmail, disclosed on May 4, 2020
9.8
DrayTek Multiple Vigor Routers OS Command Injection Vulnerability
CVE-2020-15415 vulnerability in Multiple Vigor Routers, disclosed on June 30, 2020
CVE-2020-15415 vulnerability in Multiple Vigor Routers, disclosed on June 30, 2020
9.8
Grandstream Networks UCM6200 Series SQL Injection Vulnerability
CVE-2020-5722 vulnerability in UCM6200, disclosed on March 23, 2020
CVE-2020-5722 vulnerability in UCM6200, disclosed on March 23, 2020
9.8
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability
CVE-2020-7796 vulnerability in Zimbra Collaboration Suite, disclosed on February 18, 2020
CVE-2020-7796 vulnerability in Zimbra Collaboration Suite, disclosed on February 18, 2020
9.8
OpenSLP as used in VMware ESXi
CVE-2020-3992 vulnerability in ESXi, disclosed on October 20, 2020
CVE-2020-3992 vulnerability in ESXi, disclosed on October 20, 2020
9.8
EyesOfNetwork 5.3 Insufficient Credential Protection
CVE-2020-8657 vulnerability in EyesOfNetwork, disclosed on February 6, 2020
CVE-2020-8657 vulnerability in EyesOfNetwork, disclosed on February 6, 2020
9.8
Sophos XG Firewall Buffer Overflow Vulnerability
CVE-2020-15069 vulnerability in XG Firewall, disclosed on June 29, 2020
CVE-2020-15069 vulnerability in XG Firewall, disclosed on June 29, 2020
9.8
Trend Micro Apex One and OfficeScan XG Vulnerability
CVE-2020-8599 vulnerability in Trend Micro Apex One and OfficeScan XG server, disclosed on March 18, 2020
CVE-2020-8599 vulnerability in Trend Micro Apex One and OfficeScan XG server, disclosed on March 18, 2020
9.8
QNAP NAS File Station Command Injection Vulnerability
CVE-2018-19949 vulnerability in Network Attached Storage (NAS), disclosed on October 28, 2020
CVE-2018-19949 vulnerability in Network Attached Storage (NAS), disclosed on October 28, 2020
9.8
Fortinet FortiOS SSL VPN 2FA Authentication Vulnerability
CVE-2020-12812 vulnerability in FortiOS, disclosed on July 24, 2020
CVE-2020-12812 vulnerability in FortiOS, disclosed on July 24, 2020
9.8
SonicWall SonicOS Buffer Overflow Vulnerability
CVE-2020-5135 vulnerability in SonicOS, disclosed on October 12, 2020
CVE-2020-5135 vulnerability in SonicOS, disclosed on October 12, 2020
9.8
Sumavision EMR 3.0 CSRF Vulnerability
CVE-2020-10181 vulnerability in Sumavision Enhanced Multimedia Router (EMR), disclosed on March 11, 2020
CVE-2020-10181 vulnerability in Sumavision Enhanced Multimedia Router (EMR), disclosed on March 11, 2020
9.8
Fuel CMS SQL Injection Vulnerability
CVE-2020-17463 vulnerability in , disclosed on August 13, 2020
CVE-2020-17463 vulnerability in , disclosed on August 13, 2020
9.8
CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2020-29574 vulnerability in CyberoamOS, disclosed on December 11, 2020
CVE-2020-29574 vulnerability in CyberoamOS, disclosed on December 11, 2020
9.6
Google Chrome FreeType Memory Corruption
CVE-2020-15999 vulnerability in Chrome, disclosed on November 3, 2020
CVE-2020-15999 vulnerability in Chrome, disclosed on November 3, 2020
9.6
Google Chrome for Android Heap Overflow Vulnerability
CVE-2020-16010 vulnerability in Chrome for Android, disclosed on November 3, 2020
CVE-2020-16010 vulnerability in Chrome for Android, disclosed on November 3, 2020
9.1
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector Comm
CVE-2020-4006 vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector, disclosed on November 23, 2020
CVE-2020-4006 vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector, disclosed on November 23, 2020
8.8
Feb 2020:
CVE-2020-0688 vulnerability in Microsoft Exchange Server, disclosed on February 11, 2020
CVE-2020-0688 vulnerability in Microsoft Exchange Server, disclosed on February 11, 2020
8.8
Nexus Repository Manager 3 Remote Code Execution Vulnerability
CVE-2020-10199 vulnerability in Sonatype Nexus Repository, disclosed on April 1, 2020
CVE-2020-10199 vulnerability in Sonatype Nexus Repository, disclosed on April 1, 2020
8.8
Apache Airflow Command Injection
CVE-2020-11978 vulnerability in Airflow, disclosed on July 17, 2020
CVE-2020-11978 vulnerability in Airflow, disclosed on July 17, 2020
8.8
Apache Kylin OS Command Injection Vulnerability
CVE-2020-1956 vulnerability in Kylin, disclosed on May 22, 2020
CVE-2020-1956 vulnerability in Kylin, disclosed on May 22, 2020
8.8
rConfig Remote Code Execution Vulnerability
CVE-2020-10221 vulnerability in rConfig, disclosed on March 8, 2020
CVE-2020-10221 vulnerability in rConfig, disclosed on March 8, 2020
8.8
Chromium V8 Type Confusion Vulnerability
CVE-2020-6418 vulnerability in Chromium V8 Engine, disclosed on February 27, 2020
CVE-2020-6418 vulnerability in Chromium V8 Engine, disclosed on February 27, 2020
8.8
Apr 2020:
CVE-2020-1020 vulnerability in Windows, Windows Adobe Type Manager Library, disclosed on April 15, 2020
CVE-2020-1020 vulnerability in Windows, Windows Adobe Type Manager Library, disclosed on April 15, 2020
8.8
Chromium V8 Implementation Vulnerability
CVE-2020-16009 vulnerability in Chromium V8 Engine, disclosed on November 3, 2020
CVE-2020-16009 vulnerability in Chromium V8 Engine, disclosed on November 3, 2020
8.8
D-Link DIR-610 Devices Remote Command Execution
CVE-2020-9377 vulnerability in DIR-610 Devices, disclosed on July 9, 2020
CVE-2020-9377 vulnerability in DIR-610 Devices, disclosed on July 9, 2020
8.8
Mozilla Firefox IonMonkey JIT compiler Type Confusion Vulnerability
CVE-2019-17026 vulnerability in IonMonkey JIT compiler, disclosed on March 2, 2020
CVE-2019-17026 vulnerability in IonMonkey JIT compiler, disclosed on March 2, 2020
8.8
Amcrest Camera and NVR Buffer Overflow Vulnerability
CVE-2020-5735 vulnerability in Cameras and Network Video Recorder (NVR), disclosed on April 8, 2020
CVE-2020-5735 vulnerability in Cameras and Network Video Recorder (NVR), disclosed on April 8, 2020
8.8
D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability
CVE-2020-25079 vulnerability in DCS-2530L and DCS-2670L Devices, disclosed on September 2, 2020
CVE-2020-25079 vulnerability in DCS-2530L and DCS-2670L Devices, disclosed on September 2, 2020
8.8
Trend Micro Apex One (2019) and OfficeScan XG migration tool remote code execution vulnerability
CVE-2020-8467 vulnerability in Trend Micro Apex One and OfficeScan XG, disclosed on March 18, 2020
CVE-2020-8467 vulnerability in Trend Micro Apex One and OfficeScan XG, disclosed on March 18, 2020
8.8
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agent c
CVE-2020-8468 vulnerability in Trend Micro Apex One, OfficeScan XG and Worry-Free Business Security, disclosed on March 18, 2020
CVE-2020-8468 vulnerability in Trend Micro Apex One, OfficeScan XG and Worry-Free Business Security, disclosed on March 18, 2020
8.8
TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability
CVE-2020-24363 vulnerability in TL-WA855RE, disclosed on August 31, 2020
CVE-2020-24363 vulnerability in TL-WA855RE, disclosed on August 31, 2020
8.8
Juniper Junos OS Path Traversal Vulnerability
CVE-2020-1631 vulnerability in Junos OS, disclosed on May 4, 2020
CVE-2020-1631 vulnerability in Junos OS, disclosed on May 4, 2020
8.8
Drupal core Un-restricted Upload of File
CVE-2020-13671 vulnerability in Drupal core, disclosed on November 20, 2020
CVE-2020-13671 vulnerability in Drupal core, disclosed on November 20, 2020
8.8
Apple iOS Mail OOB Vulnerability
CVE-2020-9818 vulnerability in iOS Mail, disclosed on June 9, 2020
CVE-2020-9818 vulnerability in iOS Mail, disclosed on June 9, 2020
8.6
Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
CVE-2020-3569 vulnerability in IOS XR, disclosed on September 23, 2020
CVE-2020-3569 vulnerability in IOS XR, disclosed on September 23, 2020
8.6
Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
CVE-2020-3566 vulnerability in IOS XR, disclosed on August 29, 2020
CVE-2020-3566 vulnerability in IOS XR, disclosed on August 29, 2020
8.4
Dec 2020: Microsoft Exchange Remote Code Execution Vulnerability
CVE-2020-17144 vulnerability in Microsoft Exchange Server, disclosed on December 10, 2020
CVE-2020-17144 vulnerability in Microsoft Exchange Server, disclosed on December 10, 2020
8.2
WhatsApp Cross-Site Scripting Vulnerability
CVE-2019-18426 vulnerability in WhatsApp, disclosed on January 21, 2020
CVE-2019-18426 vulnerability in WhatsApp, disclosed on January 21, 2020
8.1
Mozilla Firefox 74 and Firefox ESR 68.6 ReadableStream vulnerability
CVE-2020-6820 vulnerability in ReadableStream, disclosed on April 24, 2020
CVE-2020-6820 vulnerability in ReadableStream, disclosed on April 24, 2020
8.1
Mozilla Firefox 74 and Firefox ESR 68.6 nsDocShell vulnerability
CVE-2020-6819 vulnerability in nsDocShell destructor, disclosed on April 24, 2020
CVE-2020-6819 vulnerability in nsDocShell destructor, disclosed on April 24, 2020
8.0
QNAP NAS File Station Cross-Site Scripting Vulnerability
CVE-2018-19943 vulnerability in Network Attached Storage (NAS), disclosed on October 28, 2020
CVE-2018-19943 vulnerability in Network Attached Storage (NAS), disclosed on October 28, 2020
7.8
Jul 2020:
CVE-2020-1147 vulnerability in Microsoft .NET Framework, Microsoft SharePoint, Visual Studio, disclosed on July 14, 2020
CVE-2020-1147 vulnerability in Microsoft .NET Framework, Microsoft SharePoint, Visual Studio, disclosed on July 14, 2020
7.8
PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability
CVE-2020-28949 vulnerability in Archive_Tar, disclosed on November 19, 2020
CVE-2020-28949 vulnerability in Archive_Tar, disclosed on November 19, 2020
7.8
Aug 2020: Scripting Engine Memory Corruption Vulnerability
CVE-2020-1380 vulnerability in Internet Explorer, disclosed on August 17, 2020
CVE-2020-1380 vulnerability in Internet Explorer, disclosed on August 17, 2020
7.8
D-Link DWL-2600AP Access Point Command Injection Vulnerability
CVE-2019-20500 vulnerability in DWL-2600AP Access Point, disclosed on March 5, 2020
CVE-2019-20500 vulnerability in DWL-2600AP Access Point, disclosed on March 5, 2020
7.8
EyesOfNetwork 5.3 Privilege Escalation Vulnerability
CVE-2020-8655 vulnerability in EyesOfNetwork, disclosed on February 7, 2020
CVE-2020-8655 vulnerability in EyesOfNetwork, disclosed on February 7, 2020
7.8
Apr 2020:
CVE-2020-0938 vulnerability in Windows, Windows Adobe Type Manager Library, disclosed on April 15, 2020
CVE-2020-0938 vulnerability in Windows, Windows Adobe Type Manager Library, disclosed on April 15, 2020
7.8
Adobe Acrobat Use-After-Free Vulnerability
CVE-2020-9715 vulnerability in Acrobat, disclosed on August 19, 2020
CVE-2020-9715 vulnerability in Acrobat, disclosed on August 19, 2020
7.8
Apple iOS and macOS FontParser Remote Code Execution Vulnerability
CVE-2020-27930 vulnerability in iOS and macOS, disclosed on December 8, 2020
CVE-2020-27930 vulnerability in iOS and macOS, disclosed on December 8, 2020
7.8
Android "AbstractEmu" Root Access Vulnerabilities
CVE-2020-0041 vulnerability in Android OS, disclosed on March 10, 2020
CVE-2020-0041 vulnerability in Android OS, disclosed on March 10, 2020
7.8
Nov 2020: Windows Kernel Local Elevation of Privilege Vulnerability
CVE-2020-17087 vulnerability in Windows, disclosed on November 11, 2020
CVE-2020-17087 vulnerability in Windows, disclosed on November 11, 2020
7.8
VMware Privilege escalation vulnerability
CVE-2020-3950 vulnerability in VMware Fusion, VMware Remote Console for Mac, and Horizon Client for Mac, disclosed on March 17, 2020
CVE-2020-3950 vulnerability in VMware Fusion, VMware Remote Console for Mac, and Horizon Client for Mac, disclosed on March 17, 2020
7.8
Apple iOS and macOS Kernel Type Confusion Vulnerability
CVE-2020-27932 vulnerability in iOS and macOS, disclosed on December 8, 2020
CVE-2020-27932 vulnerability in iOS and macOS, disclosed on December 8, 2020
7.8
Aug 2020: Windows Spoofing Vulnerability
CVE-2020-1464 vulnerability in Windows, disclosed on August 17, 2020
CVE-2020-1464 vulnerability in Windows, disclosed on August 17, 2020
7.8
Apple Multiple Products Memory Corruption Vulnerability
CVE-2020-3837 vulnerability in Multiple Products, disclosed on February 27, 2020
CVE-2020-3837 vulnerability in Multiple Products, disclosed on February 27, 2020
7.8
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
CVE-2020-3433 vulnerability in AnyConnect Secure, disclosed on August 17, 2020
CVE-2020-3433 vulnerability in AnyConnect Secure, disclosed on August 17, 2020
7.8
Trend Micro Apex One and OfficeScan XG Improper Access Control Privilege Escalation Vulnerability
CVE-2020-24557 vulnerability in Trend Micro Apex One and Worry-Free Business Security, disclosed on September 1, 2020
CVE-2020-24557 vulnerability in Trend Micro Apex One and Worry-Free Business Security, disclosed on September 1, 2020
7.8
Jan 2020:
CVE-2020-0638 vulnerability in Update Notification Manager, disclosed on January 14, 2020
CVE-2020-0638 vulnerability in Update Notification Manager, disclosed on January 14, 2020
7.8
Android "AbstractEmu" Root Access Vulnerabilities
CVE-2020-0069 vulnerability in Android OS, disclosed on March 10, 2020
CVE-2020-0069 vulnerability in Android OS, disclosed on March 10, 2020
7.8
Apple Multiple Products Memory Corruption Vulnerability
CVE-2020-9907 vulnerability in Multiple Products, disclosed on October 16, 2020
CVE-2020-9907 vulnerability in Multiple Products, disclosed on October 16, 2020
7.8
Apple 11-13.5 XNU Kernel Vulnerability
CVE-2020-9859 vulnerability in iOS and iPadOS, disclosed on June 5, 2020
CVE-2020-9859 vulnerability in iOS and iPadOS, disclosed on June 5, 2020
7.5
Cisco Adaptive Security Appliance and Cisco Fire Power Threat Defense directory traversal sensitive
CVE-2020-3452 vulnerability in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD), disclosed on July 22, 2020
CVE-2020-3452 vulnerability in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD), disclosed on July 22, 2020
Report Last Updated: June 3, 2026