LiveActive security incident?Get immediate response
CVE archive

January 2020

Browse CVE records published in January 2020, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 1592 matching CVEs · Page 4 of 32.

High · CVSS 8.8

CVE-2020-36951: Phpscript-sgh 0.1.0 - Time Based Blind SQL Injection

Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit this vulnerability by crafting malicious payloads that trigger time delays, enabling them to extract sensitive database information through conditional sleep techniques.

Published Jan 27, 2026 · Updated Jan 27, 2026

High · CVSS 8.5

CVE-2020-36937: MEMU PLAY 3.7.0 - 'MEmusvc' Unquoted Service Path

Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with elevated LocalSystem privileges.

Published Jan 25, 2026 · Updated Jan 26, 2026

Medium · CVSS 6.1

CVE-2020-36924: Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion

Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type.

Published Jan 6, 2026 · Updated Jan 26, 2026

High · CVSS 8.5

CVE-2020-36935: KMSpico 17.1.0.0 - 'Service KMSELDI' Unquoted Service Path

KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the Service KMSELDI configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\KMSpico\Service_KMS.exe to inject malicious executables and escalate privileges.

Published Jan 25, 2026 · Updated Jan 26, 2026

High · CVSS 8.5

CVE-2020-36934: Deep Instinct Windows Agent 1.2.24.0 - 'DeepNetworkService' Unquoted Service Path

Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetworkService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepNetworkService.exe to inject malicious code that would execute with LocalSystem permissions during service startup.

Published Jan 25, 2026 · Updated Jan 26, 2026

Medium · CVSS 6.4

CVE-2020-36931: Click2Magic 1.1.5 - Stored Cross-Site Scripting

Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests.

Published Jan 25, 2026 · Updated Jan 26, 2026

High · CVSS 8.5

CVE-2020-36928: Brother BRAgent 1.38 - 'WBA_Agent_Client' Unquoted Service Path

Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBA_Agent_Client service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Brother\BRAgent\ to inject and execute malicious code with elevated system permissions.

Published Jan 15, 2026 · Updated Jan 16, 2026

High · CVSS 8.5

CVE-2020-36929: Brother BRPrint Auditor 3.0.7 - 'Multiple' Unquoted Service Path

Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted file paths in BrAuSvc and BRPA_Agent services to inject malicious executables and escalate privileges on the system.

Published Jan 15, 2026 · Updated Jan 16, 2026

High · CVSS 8.6

CVE-2020-36917: iDS6 DSSPro Digital Signage System 6.2 Cleartext Password Disclosure via Cookie

iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middle attacks on HTTP communications.

Published Jan 6, 2026 · Updated Jan 15, 2026

Critical · CVSS 9.8 · CISA KEV

CVE-2020-2551: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Compon...

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Published Jan 15, 2020 · Updated Jan 12, 2026

High · CVSS 8.5

CVE-2020-36913: All-Dynamics Software enlogic:show 2.0.2 Session Fixation Authentication Bypass

All-Dynamics Software enlogic:show 2.0.2 contains a session fixation vulnerability that allows attackers to set a predefined PHP session identifier during the login process. Attackers can forge HTTP GET requests to welcome.php with a manipulated session token to bypass authentication and potentially execute cross-site request forgery attacks.

Published Jan 6, 2026 · Updated Jan 6, 2026

High · CVSS 8.7

CVE-2020-36915: Adtec Digital SignEdje Digital Signage Player v2.08.28 Default Credentials

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions.

Published Jan 6, 2026 · Updated Jan 6, 2026

High · CVSS 8.8

CVE-2020-36920: iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation via Access Control

iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by exploiting insecure direct object references.

Published Jan 6, 2026 · Updated Jan 6, 2026

Medium · CVSS 5.3

CVE-2020-36906: P5 FNIP-8x16A FNIP-4xSH 1.0.20 Cross-Site Request Forgery via User Management

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted form.

Published Jan 6, 2026 · Updated Jan 6, 2026

High · CVSS 8.6

CVE-2020-36914: QiHang Media Web Digital Signage 3.0.9 Cookie Authentication Credentials Disclosure

QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse stored authentication credentials transmitted in an insecure manner.

Published Jan 6, 2026 · Updated Jan 6, 2026

Critical · CVSS 9.8

CVE-2020-36925: Arteco Web Client DVR/NVR Session ID Brute Force Authentication Bypass

Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without authorization.

Published Jan 6, 2026 · Updated Jan 6, 2026

Unknown · CVSS Not scored

CVE-2020-25687: A flaw was found in dnsmasq before version 2.83.

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Published Jan 20, 2021 · Updated Nov 4, 2025

Unknown · CVSS Not scored

CVE-2020-25686: A flaw was found in dnsmasq before version 2.83.

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

Published Jan 20, 2021 · Updated Nov 4, 2025

Unknown · CVSS Not scored

CVE-2020-25685: A flaw was found in dnsmasq before version 2.83.

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

Published Jan 20, 2021 · Updated Nov 4, 2025

Unknown · CVSS Not scored

CVE-2020-25684: A flaw was found in dnsmasq before version 2.83.

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

Published Jan 20, 2021 · Updated Nov 4, 2025

Unknown · CVSS Not scored

CVE-2020-25683: A flaw was found in dnsmasq before version 2.83.

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Published Jan 20, 2021 · Updated Nov 4, 2025

Unknown · CVSS Not scored

CVE-2020-25682: A flaw was found in dnsmasq before 2.83.

A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Published Jan 20, 2021 · Updated Nov 4, 2025

Unknown · CVSS Not scored

CVE-2020-25681: A flaw was found in dnsmasq before version 2.83.

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Published Jan 20, 2021 · Updated Nov 4, 2025

High · CVSS 8.1 · CISA KEV

CVE-2020-0601: A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptog...

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.

Published Jan 14, 2020 · Updated Oct 21, 2025

Critical · CVSS 9.8 · CISA KEV

CVE-2020-2555: Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,In...

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Published Jan 15, 2020 · Updated Oct 21, 2025

Critical · CVSS 9.8 · CISA KEV

CVE-2020-7247: smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote...

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.

Published Jan 29, 2020 · Updated Oct 21, 2025

Critical · CVSS 9.1 · CISA KEV

CVE-2020-17519: Apache Flink directory traversal attack: reading remote files through the REST API

A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.

Published Jan 5, 2021 · Updated Oct 21, 2025

Medium · CVSS 6.5

CVE-2020-27298: Philips Interventional Workstations OS Command Injection

Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.

Published Jan 20, 2021 · Updated Jun 4, 2025