CVEs from 2020
Total
4,160
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-11112 | high | 8.8 | 8.8 | 6y ago | jackson-databind mishandles the interaction between serialization gadgets and typing | |
| CVE-2020-37221 | high | 8.4 | 8.4 | 15d ago | Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Cloc… | |
| CVE-2020-37244 | high | 8.2 | 8.2 | 12d ago | Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' p… | |
| CVE-2020-37243 | high | 8.2 | 8.2 | 12d ago | Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl acti… | |
| CVE-2020-37242 | high | 8.2 | 8.2 | 12d ago | Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parame… | |
| CVE-2020-37218 | high | 8.2 | 8.2 | 15d ago | Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the … | |
| CVE-2020-37004 | high | 8.2 | 8.2 | 4mo ago | The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attac… | |
| CVE-2020-36183 | high | 8.1 | 8.1 | 6y ago | Unsafe Deserialization in jackson-databind | |
| CVE-2020-35728 | high | 8.1 | 8.1 | 6y ago | Serialization gadget exploit in jackson-databind | |
| CVE-2020-14060 | high | 8.1 | 8.1 | 6y ago | Deserialization of untrusted data in Jackson Databind | |
| CVE-2020-14062 | high | 8.1 | 8.1 | 6y ago | Deserialization of untrusted data in Jackson Databind | |
| CVE-2020-11619 | high | 8.1 | 8.1 | 6y ago | jackson-databind mishandles the interaction between serialization gadgets and typing | |
| CVE-2020-6436 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6456 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15889 | high | — | 8.0 | — | Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. | |
| CVE-2020-6464 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6461 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6831 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6407 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28011 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root. | |
| CVE-2020-6476 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-0556 | high | — | 8.0 | — | Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access | |
| CVE-2020-14303 | high | — | 8.0 | — | A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. | |
| CVE-2020-6471 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6475 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28017 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of res… | |
| CVE-2020-6470 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15677 | high | — | 8.0 | — | By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open red… | |
| CVE-2020-36329 | high | — | 8.0 | — | A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and inte… | |
| CVE-2020-28008 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input s… | |
| CVE-2020-6459 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6446 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6439 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6442 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6425 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6435 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6485 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6484 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6486 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6487 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6460 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6489 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6509 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-0549 | high | — | 8.0 | — | Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2020-6496 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6468 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-12411 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2020-12409 | high | — | 8.0 | — | When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox < 77. | |
| CVE-2020-15685 | high | — | 8.0 | — | During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7. | |
| CVE-2020-6490 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15961 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15964 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15963 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15966 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6429 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16012 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-25686 | high | — | 8.0 | — | A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of … | |
| CVE-2020-15953 | high | — | 8.0 | — | LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the clien… | |
| CVE-2020-16021 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16024 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16025 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15673 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |
| CVE-2020-16037 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16014 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-12406 | high | — | 8.0 | — | Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary cod… | |
| CVE-2020-16038 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16027 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-10188 | high | — | 8.0 | — | utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem … | |
| CVE-2020-5260 | high | — | 8.0 | — | Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store … | |
| CVE-2020-6433 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16035 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16028 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-5208 | high | — | 8.0 | — | It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote co… | |
| CVE-2020-8169 | high | — | 8.0 | — | curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). | |
| CVE-2020-15995 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6424 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-8625 | high | — | 8.0 | — | BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not … | |
| CVE-2020-6575 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15960 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-35702 | high | — | 8.0 | — | DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones … | |
| CVE-2020-6463 | high | — | 8.0 | — | Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-15674 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2020-6427 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16150 | high | — | 8.0 | — | A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode … | |
| CVE-2020-28014 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten. | |
| CVE-2020-8696 | high | — | 8.0 | — | Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2020-13777 | high | — | 8.0 | — | GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version i… | |
| CVE-2020-36328 | high | — | 8.0 | — | A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vuln… | |
| CVE-2020-8617 | high | — | 8.0 | — | Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the se… | |
| CVE-2020-16029 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6482 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6477 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28018 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL. | |
| CVE-2020-28009 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation … | |
| CVE-2020-16032 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16043 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-26978 | high | — | 8.0 | — | Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerabi… | |
| CVE-2020-16026 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28010 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms). | |
| CVE-2020-16042 | high | — | 8.0 | — | multiple issues in chromium |