CVEs from 2020
Total
4,160
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-15166 | high | — | 8.0 | — | In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and con… | |
| CVE-2020-6495 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16035 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15676 | high | — | 8.0 | — | Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditabl… | |
| CVE-2020-12405 | high | — | 8.0 | — | When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and… | |
| CVE-2020-6474 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-10188 | high | — | 8.0 | — | utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem … | |
| CVE-2020-15995 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-26976 | high | — | 8.0 | — | When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe … | |
| CVE-2020-10957 | high | — | 8.0 | — | In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. | |
| CVE-2020-35176 | high | — | 8.0 | — | In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf fo… | |
| CVE-2020-3123 | high | — | 8.0 | — | A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service … | |
| CVE-2020-15675 | high | — | 8.0 | — | When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81. | |
| CVE-2020-6464 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6831 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-15674 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2020-16150 | high | — | 8.0 | — | A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode … | |
| CVE-2020-6481 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15963 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-25684 | high | — | 8.0 | — | A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pendin… | |
| CVE-2020-26974 | high | — | 8.0 | — | When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a poten… | |
| CVE-2020-16029 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15238 | high | — | 8.0 | — | Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depe… | |
| CVE-2020-11008 | high | — | 8.0 | — | Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q… | |
| CVE-2020-25687 | high | — | 8.0 | — | A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a rem… | |
| CVE-2020-28011 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root. | |
| CVE-2020-13112 | high | — | 8.0 | — | An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. | |
| CVE-2020-6493 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6486 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6467 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6573 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-12408 | high | — | 8.0 | — | When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77. | |
| CVE-2020-15961 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6491 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28015 | high | — | 8.0 | — | Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character. | |
| CVE-2020-14303 | high | — | 8.0 | — | A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. | |
| CVE-2020-6476 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28023 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client. | |
| CVE-2020-28012 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag. | |
| CVE-2020-6484 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28018 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL. | |
| CVE-2020-28010 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms). | |
| CVE-2020-6480 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-25685 | high | — | 8.0 | — | A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only u… | |
| CVE-2020-6448 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6459 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-0556 | high | — | 8.0 | — | Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access | |
| CVE-2020-28020 | high | — | 8.0 | — | Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header… | |
| CVE-2020-15964 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6447 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6460 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16020 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6440 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6479 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6485 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-13871 | high | — | 8.0 | — | SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. | |
| CVE-2020-15677 | high | — | 8.0 | — | By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open red… | |
| CVE-2020-6446 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6469 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6487 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6468 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28008 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input s… | |
| CVE-2020-15685 | high | — | 8.0 | — | During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7. | |
| CVE-2020-10745 | high | — | 8.0 | — | A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server… | |
| CVE-2020-28021 | high | — | 8.0 | — | Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code executi… | |
| CVE-2020-6463 | high | — | 8.0 | — | Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-6488 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-26973 | high | — | 8.0 | — | Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird … | |
| CVE-2020-6483 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15965 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-12662 | high | — | 8.0 | — | Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. | |
| CVE-2020-6434 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6445 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6465 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28017 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of res… | |
| CVE-2020-12410 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |
| CVE-2020-6475 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16012 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-35733 | high | — | 8.0 | — | certificate verification bypass in erlang | |
| CVE-2020-6461 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-26972 | high | — | 8.0 | — | The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check w… | |
| CVE-2020-1716 | high | — | 8.0 | — | Important: Rocky Enterprise Software Foundation Ceph Storage 4.1 security, bug fix, and enhancement update | |
| CVE-2020-6470 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-35113 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |
| CVE-2020-6437 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16015 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28022 | high | — | 8.0 | — | Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands. | |
| CVE-2020-16021 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16018 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6574 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6490 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28025 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might le… | |
| CVE-2020-6471 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6444 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15652 | high | — | 8.0 | — | By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulne… | |
| CVE-2020-10730 | high | — | 8.0 | — | A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped wit… | |
| CVE-2020-35680 | high | — | 8.0 | — | smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of cl… | |
| CVE-2020-15966 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-35114 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2020-28014 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten. |