CVEs from 2020
Total
4,156
critical
critical 193
high
high 470
medium
medium 674
low
low 57
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-15986 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-12396 | critical | — | 9.5 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… | |
| CVE-2020-15984 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6382 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6389 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6522 | critical | — | 9.5 | — | Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |
| CVE-2020-6517 | critical | — | 9.5 | — | Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-11647 | critical | — | 9.5 | — | In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion. | |
| CVE-2020-15983 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-25125 | critical | — | 9.5 | — | GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD pre… | |
| CVE-2020-16006 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6079 | critical | — | 9.5 | — | An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is … | |
| CVE-2020-6411 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-9760 | critical | — | 9.5 | — | An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a… | |
| CVE-2020-6515 | critical | — | 9.5 | — | Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-15978 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6080 | critical | — | 9.5 | — | An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is … | |
| CVE-2020-6796 | critical | — | 9.5 | — | A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially … | |
| CVE-2020-6513 | critical | — | 9.5 | — | Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |
| CVE-2020-6512 | critical | — | 9.5 | — | Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-26969 | critical | — | 9.5 | — | Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2020-6519 | critical | — | 9.5 | — | Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |
| CVE-2020-16005 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15989 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6394 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15982 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15992 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-16008 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6808 | critical | — | 9.5 | — | When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by… | |
| CVE-2020-6390 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-16004 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6378 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-28032 | critical | — | 9.5 | — | WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. | |
| CVE-2020-15985 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6815 | critical | — | 9.5 | — | Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with eno… | |
| CVE-2020-6395 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6521 | critical | — | 9.5 | — | Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |
| CVE-2020-15684 | critical | — | 9.5 | — | Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2020-6403 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15988 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6412 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6520 | critical | — | 9.5 | — | Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-6813 | critical | — | 9.5 | — | When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Co… | |
| CVE-2020-6415 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-8794 | critical | — | 9.5 | — | OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTP… | |
| CVE-2020-12391 | critical | — | 9.5 | — | Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opa… | |
| CVE-2020-6397 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6826 | critical | — | 9.5 | — | Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with eno… | |
| CVE-2020-6413 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6408 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6814 | critical | — | 9.5 | — | Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these co… | |
| CVE-2020-6792 | critical | — | 9.5 | — | When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5. | |
| CVE-2020-15976 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6405 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6393 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6398 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6392 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-26953 | critical | — | 9.5 | — | It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerabilit… | |
| CVE-2020-28034 | critical | — | 9.5 | — | WordPress before 5.5.2 allows XSS associated with global variables. | |
| CVE-2020-6385 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6416 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6825 | critical | — | 9.5 | — | Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corrupti… | |
| CVE-2020-26952 | critical | — | 9.5 | — | Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affect… | |
| CVE-2020-6821 | critical | — | 9.5 | — | When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memor… | |
| CVE-2020-11521 | critical | — | 9.5 | — | libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. | |
| CVE-2020-6527 | critical | — | 9.5 | — | Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |
| CVE-2020-6525 | critical | — | 9.5 | — | Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-6457 | critical | — | 9.5 | — | arbitrary code execution in chromium | |
| CVE-2020-6401 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6406 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6823 | critical | — | 9.5 | — | A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the us… | |
| CVE-2020-6809 | critical | — | 9.5 | — | When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firef… | |
| CVE-2020-6399 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6071 | critical | — | 9.5 | — | An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression poi… | |
| CVE-2020-6396 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-11100 | critical | — | 9.5 | — | In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2… | |
| CVE-2020-6516 | critical | — | 9.5 | — | Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2020-6404 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6409 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-26950 | critical | — | 9.5 | — | In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox … | |
| CVE-2020-12394 | critical | — | 9.5 | — | A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. This vulne… | |
| CVE-2020-6410 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6534 | critical | — | 9.5 | — | Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-28037 | critical | — | 9.5 | — | is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, lea… | |
| CVE-2020-35730 | high | — | 9.5 | 3y ago | An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference el… | |
| CVE-2020-23256 | critical | — | 9.5 | 3y ago | electerm allows unauthorized users to execute arbitrary commands | |
| CVE-2020-26269 | critical | — | 9.5 | 4y ago | In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the direc… | |
| CVE-2020-6418 | high | — | 9.5 | 5y ago | multiple issues in chromium | |
| CVE-2020-13672 | critical | — | 9.5 | 5y ago | Drupal core Cross-site Scripting (XSS) vulnerability | |
| CVE-2020-26271 | critical | — | 9.5 | 6y ago | In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge … | |
| CVE-2020-26270 | critical | — | 9.5 | 6y ago | In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a q… | |
| CVE-2020-26268 | critical | — | 9.5 | 6y ago | In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor i… | |
| CVE-2020-26267 | critical | — | 9.5 | 6y ago | In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation o… | |
| CVE-2020-26266 | critical | — | 9.5 | 6y ago | In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default … | |
| CVE-2020-16017 | high | — | 9.5 | 6y ago | Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. | |
| CVE-2020-16013 | high | — | 9.5 | 6y ago | Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could… | |
| CVE-2020-15999 | high | — | 9.5 | 6y ago | Important: freetype security update | |
| CVE-2020-15254 | critical | — | 9.5 | 6y ago | Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as th… | |
| CVE-2020-37227 | high | 8.8 | 8.8 | 12d ago | HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can… | |
| CVE-2020-11113 | high | 8.8 | 8.8 | 6y ago | jackson-databind mishandles the interaction between serialization gadgets and typing |