CVEs from 2020
Total
4,634
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.2%
% with KEV
3.2%
% with exploit
3.2%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-6392 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-28034 | critical | — | 9.5 | — | WordPress before 5.5.2 allows XSS associated with global variables. | |
| CVE-2020-6080 | critical | — | 9.5 | — | An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is … | |
| CVE-2020-6071 | critical | — | 9.5 | — | An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression poi… | |
| CVE-2020-6391 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-11986 | critical | — | 9.5 | — | To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project.… | |
| CVE-2020-6519 | critical | — | 9.5 | — | Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |
| CVE-2020-15967 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6534 | critical | — | 9.5 | — | Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-6388 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6381 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15992 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6402 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6792 | critical | — | 9.5 | — | When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5. | |
| CVE-2020-6380 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6414 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6378 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-8794 | critical | — | 9.5 | — | OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTP… | |
| CVE-2020-6416 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6520 | critical | — | 9.5 | — | Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-15991 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6533 | critical | — | 9.5 | — | Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-6413 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6411 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-25125 | critical | — | 9.5 | — | GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD pre… | |
| CVE-2020-6400 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15986 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6826 | critical | — | 9.5 | — | Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with eno… | |
| CVE-2020-6525 | critical | — | 9.5 | — | Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-6415 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-8955 | critical | — | 9.5 | — | irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified othe… | |
| CVE-2020-9760 | critical | — | 9.5 | — | An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a… | |
| CVE-2020-6073 | critical | — | 9.5 | — | An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple… | |
| CVE-2020-6409 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15684 | critical | — | 9.5 | — | Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2020-6412 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6536 | critical | — | 9.5 | — | Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted… | |
| CVE-2020-6526 | critical | — | 9.5 | — | Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |
| CVE-2020-6528 | critical | — | 9.5 | — | Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |
| CVE-2020-15975 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15972 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15971 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6805 | critical | — | 9.5 | — | When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbi… | |
| CVE-2020-6410 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15980 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6379 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6796 | critical | — | 9.5 | — | A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially … | |
| CVE-2020-6405 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6794 | critical | — | 9.5 | — | If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was no… | |
| CVE-2020-26950 | critical | — | 9.5 | — | In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox … | |
| CVE-2020-6814 | critical | — | 9.5 | — | Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these co… | |
| CVE-2020-6557 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-16008 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6518 | critical | — | 9.5 | — | Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a craft… | |
| CVE-2020-6511 | critical | — | 9.5 | — | Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2020-6512 | critical | — | 9.5 | — | Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-6510 | critical | — | 9.5 | — | Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-6515 | critical | — | 9.5 | — | Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-6517 | critical | — | 9.5 | — | Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-6522 | critical | — | 9.5 | — | Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |
| CVE-2020-15984 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6535 | critical | — | 9.5 | — | Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a … | |
| CVE-2020-6404 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6795 | critical | — | 9.5 | — | When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. This vulnerability affects … | |
| CVE-2020-6385 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15978 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-6521 | critical | — | 9.5 | — | Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |
| CVE-2020-12390 | critical | — | 9.5 | — | Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76. | |
| CVE-2020-28033 | critical | — | 9.5 | — | WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. | |
| CVE-2020-15682 | critical | — | 9.5 | — | When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an o… | |
| CVE-2020-6397 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-28039 | critical | — | 9.5 | — | is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. | |
| CVE-2020-6513 | critical | — | 9.5 | — | Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |
| CVE-2020-26965 | critical | — | 9.5 | — | Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remember… | |
| CVE-2020-6401 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15987 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-15982 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-12387 | critical | — | 9.5 | — | A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Fire… | |
| CVE-2020-6399 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-12391 | critical | — | 9.5 | — | Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opa… | |
| CVE-2020-28035 | critical | — | 9.5 | — | WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. | |
| CVE-2020-11523 | critical | — | 9.5 | — | libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. | |
| CVE-2020-15979 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2020-26963 | critical | — | 9.5 | — | Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox … | |
| CVE-2020-23256 | critical | — | 9.5 | 3y ago | electerm allows unauthorized users to execute arbitrary commands | |
| CVE-2020-26269 | critical | — | 9.5 | 4y ago | In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the direc… | |
| CVE-2020-13672 | critical | — | 9.5 | 5y ago | Drupal core Cross-site Scripting (XSS) vulnerability | |
| CVE-2020-26271 | critical | — | 9.5 | 6y ago | In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge … | |
| CVE-2020-26270 | critical | — | 9.5 | 6y ago | In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a q… | |
| CVE-2020-26268 | critical | — | 9.5 | 6y ago | In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor i… | |
| CVE-2020-26267 | critical | — | 9.5 | 6y ago | In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation o… | |
| CVE-2020-26266 | critical | — | 9.5 | 6y ago | In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default … | |
| CVE-2020-15254 | critical | — | 9.5 | 6y ago | Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as th… | |
| CVE-2020-36318 | low | — | 2.5 | — | In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or doub… | |
| CVE-2020-3898 | low | — | 2.5 | — | Low: cups security and bug fix update | |
| CVE-2020-9359 | low | — | 2.5 | — | KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. | |
| CVE-2020-18774 | low | — | 2.5 | — | A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. | |
| CVE-2020-18773 | low | — | 2.5 | — | An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. | |
| CVE-2020-18974 | low | — | 2.5 | — | Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147. | |
| CVE-2020-24825 | low | — | 2.5 | — | A vulnerability in the line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. |