CVEs from 2020
Total
4,781
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.0%
% with KEV
3.1%
% with exploit
3.1%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-12387 | critical | — | 9.5 | — | A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Fire… | |
| CVE-2020-6825 | critical | — | 9.5 | — | Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corrupti… | |
| CVE-2020-6397 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-28039 | critical | — | 9.5 | — | is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. | |
| CVE-2020-16007 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-16006 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6389 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6404 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6391 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6530 | critical | — | 9.5 | — | Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption … | |
| CVE-2020-6380 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-12390 | critical | — | 9.5 | — | Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76. | |
| CVE-2020-28034 | critical | — | 9.5 | — | WordPress before 5.5.2 allows XSS associated with global variables. | |
| CVE-2020-28040 | critical | — | 9.5 | — | WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. | |
| CVE-2020-26961 | critical | — | 9.5 | — | When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped… | |
| CVE-2020-6392 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6525 | critical | — | 9.5 | — | Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-6382 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6080 | critical | — | 9.5 | — | An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is … | |
| CVE-2020-6393 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6381 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-26969 | critical | — | 9.5 | — | Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2020-6403 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6408 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6815 | critical | — | 9.5 | — | Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with eno… | |
| CVE-2020-6810 | critical | — | 9.5 | — | After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the brow… | |
| CVE-2020-6824 | critical | — | 9.5 | — | Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Priv… | |
| CVE-2020-12392 | critical | — | 9.5 | — | The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and past… | |
| CVE-2020-6405 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6410 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6406 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6798 | critical | — | 9.5 | — | If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly… | |
| CVE-2020-6527 | critical | — | 9.5 | — | Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |
| CVE-2020-6412 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6409 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6415 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6400 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15979 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-11986 | critical | — | 9.5 | — | To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project.… | |
| CVE-2020-6395 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6794 | critical | — | 9.5 | — | If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was no… | |
| CVE-2020-6413 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6416 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6414 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6398 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6792 | critical | — | 9.5 | — | When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5. | |
| CVE-2020-6402 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15967 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15968 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-8794 | critical | — | 9.5 | — | OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTP… | |
| CVE-2020-6387 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6826 | critical | — | 9.5 | — | Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with eno… | |
| CVE-2020-6401 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6812 | critical | — | 9.5 | — | The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate de… | |
| CVE-2020-15969 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6823 | critical | — | 9.5 | — | A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the us… | |
| CVE-2020-15970 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6808 | critical | — | 9.5 | — | When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by… | |
| CVE-2020-15987 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6388 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15983 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-28032 | critical | — | 9.5 | — | WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. | |
| CVE-2020-6516 | critical | — | 9.5 | — | Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2020-26958 | critical | — | 9.5 | — | Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerabili… | |
| CVE-2020-6378 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-12395 | critical | — | 9.5 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enoug… | |
| CVE-2020-15973 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6811 | critical | — | 9.5 | — | The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted … | |
| CVE-2020-15982 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15984 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-26950 | critical | — | 9.5 | — | In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox … | |
| CVE-2020-6396 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15988 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-16008 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-16005 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-16004 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15990 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15992 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15991 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15986 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15977 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15981 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15980 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6399 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-23256 | critical | — | 9.5 | 3y ago | electerm allows unauthorized users to execute arbitrary commands | |
| CVE-2020-26269 | critical | — | 9.5 | 4y ago | In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the direc… | |
| CVE-2020-13672 | critical | — | 9.5 | 5y ago | Drupal core Cross-site Scripting (XSS) vulnerability | |
| CVE-2020-26271 | critical | — | 9.5 | 6y ago | In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge … | |
| CVE-2020-26270 | critical | — | 9.5 | 6y ago | In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a q… | |
| CVE-2020-26268 | critical | — | 9.5 | 6y ago | In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor i… | |
| CVE-2020-26267 | critical | — | 9.5 | 6y ago | In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation o… | |
| CVE-2020-26266 | critical | — | 9.5 | 6y ago | In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default … | |
| CVE-2020-15254 | critical | — | 9.5 | 6y ago | Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as th… | |
| CVE-2020-1472 | medium | — | 7.0 | 5y ago | Moderate: samba security, bug fix, and enhancement update | |
| CVE-2020-36193 | medium | — | 7.0 | 5y ago | Moderate: php:7.4 security update | |
| CVE-2020-28949 | medium | — | 7.0 | 6y ago | Moderate: php:7.4 security update | |
| CVE-2020-1938 | medium | — | 7.0 | 6y ago | Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploit… | |
| CVE-2020-11023 | medium | — | 7.0 | 6y ago | Moderate: doxygen security update | |
| CVE-2020-37240 | medium | 6.4 | 6.4 | 12d ago | Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can ins… | |
| CVE-2020-37238 | medium | 6.4 | 6.4 | 12d ago | CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file uploads. Attackers… |