CVEs from 2020
Total
4,157
critical
critical 193
high
high 471
medium
medium 674
low
low 57
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-6520 | critical | — | 9.5 | — | Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-6814 | critical | — | 9.5 | — | Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these co… | |
| CVE-2020-6793 | critical | — | 9.5 | — | When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird < 68.5. | |
| CVE-2020-26963 | critical | — | 9.5 | — | Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox … | |
| CVE-2020-15973 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6523 | critical | — | 9.5 | — | Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-6401 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6531 | critical | — | 9.5 | — | Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2020-6396 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6392 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6457 | critical | — | 9.5 | — | arbitrary code execution in chromium | |
| CVE-2020-6398 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6072 | critical | — | 9.5 | — | An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return … | |
| CVE-2020-6380 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15988 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-26952 | critical | — | 9.5 | — | Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affect… | |
| CVE-2020-15991 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15992 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6800 | critical | — | 9.5 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enoug… | |
| CVE-2020-6397 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6389 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15967 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-26969 | critical | — | 9.5 | — | Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2020-6391 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6403 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6815 | critical | — | 9.5 | — | Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with eno… | |
| CVE-2020-16004 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-28038 | critical | — | 9.5 | — | WordPress before 5.5.2 allows stored XSS via post slugs. | |
| CVE-2020-6416 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-28034 | critical | — | 9.5 | — | WordPress before 5.5.2 allows XSS associated with global variables. | |
| CVE-2020-6801 | critical | — | 9.5 | — | Mozilla developers reported memory safety bugs present in Firefox 72. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2020-6412 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6812 | critical | — | 9.5 | — | The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate de… | |
| CVE-2020-15986 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6415 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15680 | critical | — | 9.5 | — | If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed a… | |
| CVE-2020-9759 | critical | — | 9.5 | — | A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker cou… | |
| CVE-2020-15981 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6534 | critical | — | 9.5 | — | Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-15978 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6408 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6414 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-11523 | critical | — | 9.5 | — | libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. | |
| CVE-2020-6378 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6381 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6390 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-26951 | critical | — | 9.5 | — | A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privilege… | |
| CVE-2020-6388 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-12387 | critical | — | 9.5 | — | A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Fire… | |
| CVE-2020-15970 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6393 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15990 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15968 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-16005 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6413 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15969 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6404 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-11986 | critical | — | 9.5 | — | To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project.… | |
| CVE-2020-26950 | critical | — | 9.5 | — | In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox … | |
| CVE-2020-6395 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-11524 | critical | — | 9.5 | — | libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. | |
| CVE-2020-15681 | critical | — | 9.5 | — | When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potential… | |
| CVE-2020-6402 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6405 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15983 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6410 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15977 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6406 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-16008 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15682 | critical | — | 9.5 | — | When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an o… | |
| CVE-2020-28032 | critical | — | 9.5 | — | WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. | |
| CVE-2020-6533 | critical | — | 9.5 | — | Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-6409 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15982 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6521 | critical | — | 9.5 | — | Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |
| CVE-2020-26965 | critical | — | 9.5 | — | Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remember… | |
| CVE-2020-6516 | critical | — | 9.5 | — | Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2020-6826 | critical | — | 9.5 | — | Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with eno… | |
| CVE-2020-6536 | critical | — | 9.5 | — | Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted… | |
| CVE-2020-15987 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6821 | critical | — | 9.5 | — | When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memor… | |
| CVE-2020-15980 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6399 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15984 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-35730 | high | — | 9.5 | 3y ago | An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference el… | |
| CVE-2020-23256 | critical | — | 9.5 | 3y ago | electerm allows unauthorized users to execute arbitrary commands | |
| CVE-2020-26269 | critical | — | 9.5 | 4y ago | In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the direc… | |
| CVE-2020-6418 | high | — | 9.5 | 5y ago | multiple issues in chromium | |
| CVE-2020-13672 | critical | — | 9.5 | 5y ago | Drupal core Cross-site Scripting (XSS) vulnerability | |
| CVE-2020-26271 | critical | — | 9.5 | 6y ago | In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge … | |
| CVE-2020-26270 | critical | — | 9.5 | 6y ago | In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a q… | |
| CVE-2020-26268 | critical | — | 9.5 | 6y ago | In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor i… | |
| CVE-2020-26267 | critical | — | 9.5 | 6y ago | In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation o… | |
| CVE-2020-26266 | critical | — | 9.5 | 6y ago | In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default … | |
| CVE-2020-16017 | high | — | 9.5 | 6y ago | Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. | |
| CVE-2020-16013 | high | — | 9.5 | 6y ago | Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could… | |
| CVE-2020-15999 | high | — | 9.5 | 6y ago | Important: freetype security update | |
| CVE-2020-15254 | critical | — | 9.5 | 6y ago | Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as th… | |
| CVE-2020-37227 | high | 8.8 | 8.8 | 12d ago | HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can… | |
| CVE-2020-11113 | high | 8.8 | 8.8 | 6y ago | jackson-databind mishandles the interaction between serialization gadgets and typing |