CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2020-9553 Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 3.3 | LOW | — | 0 |
| CVE-2020-9557 Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 5.5 | MEDIUM | — | 0 |
| CVE-2020-9558 Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 3.3 | LOW | — | 0 |
| CVE-2020-9570 Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . | 7.8 | HIGH | — | 0 |
| CVE-2020-9571 Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 7.8 | HIGH | — | 0 |
| CVE-2020-9572 Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 7.8 | HIGH | — | 0 |
| CVE-2020-9573 Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 7.8 | HIGH | — | 0 |
| CVE-2020-9574 Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . | 7.8 | HIGH | — | 0 |
| CVE-2020-9576 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-9577 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-9578 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-9579 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-9580 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-9581 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-9582 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-9583 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-9584 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-9585 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation coul... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-9587 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to poten... | 7.5 | HIGH | — | 0 |
| CVE-2020-9588 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead... | 7.2 | HIGH | — | 0 |
| CVE-2020-9591 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation coul... | 7.5 | HIGH | — | 0 |
| CVE-2020-9625 Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 7.5 | HIGH | — | 0 |
| CVE-2020-9627 Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 7.5 | HIGH | — | 0 |
| CVE-2020-9628 Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 7.5 | HIGH | — | 0 |
| CVE-2020-11994 Server-Side Template Injection and arbitrary file disclosure on Camel templating components | 7.5 | HIGH | — | 0 |
| CVE-2020-5839 Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data... | 7.5 | HIGH | — | 0 |
| CVE-2020-6938 A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive information in log files. | 7.5 | HIGH | — | 0 |
| CVE-2019-19415 The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affect... | 7.5 | HIGH | — | 0 |
| CVE-2019-19416 The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affect... | 7.5 | HIGH | — | 0 |
| CVE-2019-19417 The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affect... | 7.5 | HIGH | — | 0 |
| CVE-2020-1982 Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. These cloud services include Cortex Data Lake, the ... | 4.8 | MEDIUM | — | 0 |
| CVE-2020-2030 An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts PAN-OS 8.1 v... | 7.2 | HIGH | — | 0 |
| CVE-2020-2031 An integer underflow vulnerability in the dnsproxyd component of the PAN-OS management interface allows authenticated administrators to issue a command from the command line interface that causes the ... | 4.9 | MEDIUM | — | 0 |
| CVE-2020-2034 An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires so... | 8.1 | HIGH | — | 0 |
| CVE-2020-15072 An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section. | 8.8 | HIGH | — | 0 |
| CVE-2020-15073 An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists sec... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-5974 NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privilege... | 7.8 | HIGH | — | 0 |
| CVE-2020-5604 Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of Jav... | 8.1 | HIGH | — | 0 |
| CVE-2020-9376 D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the m... | 7.5 | HIGH | — | 0 |
| CVE-2020-12424 When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; ... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-5366 Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulat... | 7.1 | HIGH | — | 0 |
| CVE-2020-7457 In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socke... | 8.1 | HIGH | — | 0 |
| CVE-2020-7458 In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end o... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7692 PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee... | 7.4 | HIGH | — | 0 |
| CVE-2020-7693 Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-12398 If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent w... | 7.5 | HIGH | — | 0 |
| CVE-2020-12399 NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefo... | 4.4 | MEDIUM | — | 0 |
| CVE-2020-12402 During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perfor... | 4.4 | MEDIUM | — | 0 |
| CVE-2020-12404 For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerab... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-15700 An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability. | 6.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.