CVEs from 2020
Total
4,634
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.2%
% with KEV
3.2%
% with exploit
3.2%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-24825 | low | — | 2.5 | — | A vulnerability in the line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |
| CVE-2020-29562 | low | — | 2.5 | — | The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, … | |
| CVE-2020-9359 | low | — | 2.5 | — | KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. | |
| CVE-2020-13950 | low | — | 2.5 | — | Low: httpd:2.4 security update | |
| CVE-2020-12049 | low | — | 2.5 | — | An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A loca… | |
| CVE-2020-18974 | low | — | 2.5 | — | Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147. | |
| CVE-2020-18774 | low | — | 2.5 | — | A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. | |
| CVE-2020-27837 | low | — | 2.5 | — | A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessin… | |
| CVE-2020-20448 | low | — | 2.5 | — | FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service. | |
| CVE-2020-12755 | low | — | 2.5 | — | fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended… | |
| CVE-2020-24827 | low | — | 2.5 | — | A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |
| CVE-2020-27675 | low | — | 2.5 | — | An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condit… | |
| CVE-2020-27673 | low | — | 2.5 | — | An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e995… | |
| CVE-2020-25691 | low | — | 2.5 | — | denial of service in darkhttpd | |
| CVE-2020-24823 | low | — | 2.5 | — | A vulnerability in the dwarf::to_string function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |
| CVE-2020-22026 | low | — | 2.5 | — | Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service. | |
| CVE-2020-25219 | low | — | 2.5 | — | url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. T… | |
| CVE-2020-18773 | low | — | 2.5 | — | An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. | |
| CVE-2020-3898 | low | — | 2.5 | — | Low: cups security and bug fix update | |
| CVE-2020-35501 | low | — | 2.5 | — | A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem | |
| CVE-2020-22024 | low | — | 2.5 | — | Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service. | |
| CVE-2020-16121 | low | — | 2.5 | — | PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own. | |
| CVE-2020-14196 | low | — | 2.5 | — | In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced. | |
| CVE-2020-24821 | low | — | 2.5 | — | A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |
| CVE-2020-35450 | low | — | 2.5 | — | Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls. | |
| CVE-2020-24826 | low | — | 2.5 | — | A vulnerability in the elf::section::as_strtab function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |
| CVE-2020-25639 | low | — | 2.5 | — | A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This fl… | |
| CVE-2020-35112 | low | — | 2.5 | — | If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an … | |
| CVE-2020-22028 | low | — | 2.5 | — | Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service. | |
| CVE-2020-15466 | low | — | 2.5 | — | In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations. | |
| CVE-2020-21710 | low | — | 2.5 | 2y ago | Low: ghostscript security update | |
| CVE-2020-23903 | low | — | 2.5 | 4y ago | Low: speex security update | |
| CVE-2020-22083 | low | — | 2.5 | 4y ago | ** DISPUTED ** jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. Note: It has been argued that this is expected and cl… | |
| CVE-2020-17489 | low | — | 2.5 | 4y ago | Low: gnome-shell security and bug fix update | |
| CVE-2020-8562 | low | — | 2.5 | 4y ago | As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Servi… | |
| CVE-2020-24370 | low | — | 2.5 | 5y ago | Low: lua security update | |
| CVE-2020-16135 | low | — | 2.5 | 5y ago | Low: libssh security update | |
| CVE-2020-14155 | low | — | 2.5 | 5y ago | Low: pcre security update | |
| CVE-2020-18442 | low | — | 2.5 | 5y ago | Low: zziplib security update | |
| CVE-2020-8037 | low | — | 2.5 | 5y ago | Low: tcpdump security and bug fix update | |
| CVE-2020-36314 | low | — | 2.5 | 5y ago | Low: file-roller security update | |
| CVE-2020-16117 | low | — | 2.5 | 5y ago | Low: evolution security, bug fix, and enhancement update | |
| CVE-2020-29651 | low | — | 2.5 | 5y ago | A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying … | |
| CVE-2020-14928 | low | — | 2.5 | 6y ago | Low: evolution security and bug fix update | |
| CVE-2020-12803 | low | — | 2.5 | 6y ago | Low: libreoffice security, bug fix, and enhancement update | |
| CVE-2020-12802 | low | — | 2.5 | 6y ago | Low: libreoffice security, bug fix, and enhancement update | |
| CVE-2020-10759 | low | — | 2.5 | 6y ago | A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practi… | |
| CVE-2020-7656 | low | — | 2.5 | 6y ago | Low: pcs security, bug fix, and enhancement update | |
| CVE-2020-11054 | low | — | 2.5 | 6y ago | In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (col… | |
| CVE-2020-13965 | unknown | — | 1.5 | 2y ago | An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview. | |
| CVE-2020-12641 | unknown | — | 1.5 | 3y ago | rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. | |
| CVE-2020-17519 | unknown | — | 1.5 | 6y ago | Path Traversal in Apache Flink | |
| CVE-2020-5410 | unknown | — | 1.5 | 6y ago | Directory traversal attack in Spring Cloud Config | |
| CVE-2020-12625 | unknown | — | — | — | An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message. | |
| CVE-2020-22402 | unknown | — | — | — | Cross Site Scripting (XSS) vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user reads an email containing malicious code. | |
| CVE-2020-15562 | unknown | — | — | — | An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in th… | |
| CVE-2020-13964 | unknown | — | — | — | An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object. | |
| CVE-2020-16093 | unknown | — | — | — | In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::L… | |
| CVE-2020-18671 | unknown | — | — | — | Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php. | |
| CVE-2020-12626 | unknown | — | — | — | An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered. | |
| CVE-2020-12640 | unknown | — | — | — | Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. | |
| CVE-2020-16145 | unknown | — | — | — | Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15. | |
| CVE-2020-18670 | unknown | — | — | — | Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php. | |
| CVE-2020-21485 | unknown | — | — | 3y ago | Alluxio Cross Site Scripting vulnerability | |
| CVE-2020-22755 | unknown | — | — | 3y ago | MCMS vulnerable to arbitrary code execution via crafted thumbnail | |
| CVE-2020-7677 | unknown | — | — | 4y ago | thenify before 3.3.1 made use of unsafe calls to `eval`. | |
| CVE-2020-28191 | unknown | — | — | 4y ago | Togglz console missing cross-site request forgery (CSRF) protection | |
| CVE-2020-16971 | unknown | — | — | 4y ago | Azure SDK for Java Security Feature Bypass Vulnerability | |
| CVE-2020-2318 | unknown | — | — | 4y ago | Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin | |
| CVE-2020-2311 | unknown | — | — | 4y ago | Missing permission check in Jenkins AWS Global Configuration Plugin allows replacing plugin configuration | |
| CVE-2020-2310 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Ansible Plugin allow enumerating credentials IDs | |
| CVE-2020-2303 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Active Directory Plugin | |
| CVE-2020-2294 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Maven Cascade Release Plugin | |
| CVE-2020-2296 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Shared Objects Plugin | |
| CVE-2020-2293 | unknown | — | — | 4y ago | Arbitrary file read vulnerability in Jenkins Persona Plugin | |
| CVE-2020-2288 | unknown | — | — | 4y ago | Incorrect default pattern in Jenkins Audit Trail Plugin | |
| CVE-2020-2285 | unknown | — | — | 4y ago | Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs | |
| CVE-2020-2282 | unknown | — | — | 4y ago | Missing permission check in Jenkins Implied Labels Plugin allows reconfiguring the plugin | |
| CVE-2020-2276 | unknown | — | — | 4y ago | System command execution vulnerability in Selection tasks Jenkins Plugin | |
| CVE-2020-2277 | unknown | — | — | 4y ago | Arbitrary file read vulnerability in Jenkins Storable Configs Plugin | |
| CVE-2020-2273 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins ElasTest Plugin | |
| CVE-2020-2275 | unknown | — | — | 4y ago | Arbitrary file read vulnerability in Copy data to workspace Jenkins Plugin | |
| CVE-2020-2260 | unknown | — | — | 4y ago | Missing permission check in Perfecto Plugin | |
| CVE-2020-2270 | unknown | — | — | 4y ago | Stored XSS vulnerability in ClearCase Release Plugin | |
| CVE-2020-2263 | unknown | — | — | 4y ago | Stored XSS vulnerability in Radiator View Plugin | |
| CVE-2020-2262 | unknown | — | — | 4y ago | Stored XSS vulnerability in android-lint Plugin | |
| CVE-2020-2252 | unknown | — | — | 4y ago | Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin | |
| CVE-2020-2253 | unknown | — | — | 4y ago | Missing hostname validation in Email Extension Plugin | |
| CVE-2020-2248 | unknown | — | — | 4y ago | Reflected XSS vulnerability in Jenkins JSGames Plugin | |
| CVE-2020-2233 | unknown | — | — | 4y ago | Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs | |
| CVE-2020-2232 | unknown | — | — | 4y ago | Jenkins Email Extension Plugin SMTP password transmitted and displayed in plain text | |
| CVE-2020-2236 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin | |
| CVE-2020-15841 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Potentially Reveal LDAP Server Password via Unsafe Connection | |
| CVE-2020-2222 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins 'keep forever' badge icon | |
| CVE-2020-2214 | unknown | — | — | 4y ago | Content-Security-Policy protection for user content disabled by Jenkins ZAP Pipeline Plugin | |
| CVE-2020-2215 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Zephyr for JIRA Test Management Plugin | |
| CVE-2020-2216 | unknown | — | — | 4y ago | Missing permission checks in Zephyr for JIRA Test Management Plugin | |
| CVE-2020-2208 | unknown | — | — | 4y ago | Secret stored in plain text by Jenkins Slack Upload Plugin | |
| CVE-2020-2207 | unknown | — | — | 4y ago | Reflected XSS vulnerability in Jenkins VncViewer Plugin | |
| CVE-2020-2210 | unknown | — | — | 4y ago | Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin |