CVEs from 2020
Total
4,634
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.2%
% with KEV
3.2%
% with exploit
3.2%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-28624 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |
| CVE-2020-18971 | medium | — | 5.5 | — | Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'. | |
| CVE-2020-28630 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |
| CVE-2020-28086 | medium | — | 5.5 | — | pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the… | |
| CVE-2020-28629 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |
| CVE-2020-20453 | medium | — | 5.5 | — | FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service | |
| CVE-2020-28628 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |
| CVE-2020-26797 | medium | — | 5.5 | — | Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping. | |
| CVE-2020-35629 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |
| CVE-2020-24027 | medium | — | 5.5 | — | multiple issues in live-media | |
| CVE-2020-28631 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |
| CVE-2020-12403 | medium | — | 5.5 | — | A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly di… | |
| CVE-2020-35632 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |
| CVE-2020-35964 | medium | — | 5.5 | — | track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing. | |
| CVE-2020-7957 | medium | — | 5.5 | — | The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a den… | |
| CVE-2020-21604 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file. | |
| CVE-2020-35636 | medium | — | 5.5 | — | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially cra… | |
| CVE-2020-35480 | medium | — | 5.5 | — | An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the vi… | |
| CVE-2020-28941 | medium | — | 5.5 | — | An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack… | |
| CVE-2020-23922 | medium | — | 5.5 | — | An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read. | |
| CVE-2020-18972 | medium | — | 5.5 | — | Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'. | |
| CVE-2020-23932 | medium | — | 5.5 | — | An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service. | |
| CVE-2020-28611 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |
| CVE-2020-35453 | medium | — | 5.5 | — | privilege escalation in vault | |
| CVE-2020-12460 | medium | — | 5.5 | — | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a spe… | |
| CVE-2020-28594 | medium | — | 5.5 | — | A use-after-free vulnerability exists in the _3MF_Importer::_handle_end_model() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted 3MF file can lead … | |
| CVE-2020-12108 | medium | — | 5.5 | — | Moderate: mailman:2.1 security update | |
| CVE-2020-36229 | medium | — | 5.5 | — | A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. | |
| CVE-2020-13357 | medium | — | 5.5 | — | multiple issues in gitlab | |
| CVE-2020-28612 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |
| CVE-2020-28610 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |
| CVE-2020-26664 | medium | — | 5.5 | — | arbitrary code execution in vlc | |
| CVE-2020-35631 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |
| CVE-2020-26419 | medium | — | 5.5 | — | Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. | |
| CVE-2020-26408 | medium | — | 5.5 | — | multiple issues in gitlab | |
| CVE-2020-36149 | medium | — | 5.5 | — | Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protec… | |
| CVE-2020-12399 | medium | — | 5.5 | — | NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firef… | |
| CVE-2020-35479 | medium | — | 5.5 | — | MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is alway… | |
| CVE-2020-13938 | medium | — | 5.5 | — | denial of service in apache | |
| CVE-2020-11653 | medium | — | 5.5 | — | An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There … | |
| CVE-2020-36151 | medium | — | 5.5 | — | Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block. | |
| CVE-2020-35979 | medium | — | 5.5 | — | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c. | |
| CVE-2020-22021 | medium | — | 5.5 | — | Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service. | |
| CVE-2020-35605 | medium | — | 5.5 | — | The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error messa… | |
| CVE-2020-12244 | medium | — | 5.5 | — | An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allow… | |
| CVE-2020-37174 | medium | 5.5 | 5.5 | 15d ago | WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design … | |
| CVE-2020-37169 | medium | 5.5 | 5.5 | 15d ago | WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-u… | |
| CVE-2020-36855 | medium | 5.5 | 5.5 | 7mo ago | A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stac… | |
| CVE-2020-16156 | medium | — | 5.5 | 1y ago | Moderate: perl-CPAN security update | |
| CVE-2020-13790 | medium | — | 5.5 | 1y ago | Moderate: libjpeg-turbo security update | |
| CVE-2020-27792 | medium | — | 5.5 | 1y ago | Moderate: ghostscript security update | |
| CVE-2020-27827 | medium | — | 5.5 | 2y ago | Moderate: lldpd security update | |
| CVE-2020-10135 | medium | — | 5.5 | 2y ago | RHSA-2024:9315: kernel security update (Moderate) | |
| CVE-2020-36777 | medium | — | 5.5 | 2y ago | Moderate: kernel-rt security and bug fix update | |
| CVE-2020-36024 | medium | — | 5.5 | 2y ago | Moderate: poppler security update | |
| CVE-2020-18651 | medium | — | 5.5 | 2y ago | Moderate: exempi security update | |
| CVE-2020-15778 | medium | — | 5.5 | 2y ago | Moderate: openssh security update | |
| CVE-2020-25656 | medium | — | 5.5 | 2y ago | Moderate: kernel-rt security and bug fix update | |
| CVE-2020-18652 | medium | — | 5.5 | 2y ago | Moderate: exempi security update | |
| CVE-2020-18770 | medium | — | 5.5 | 2y ago | Moderate: zziplib security update | |
| CVE-2020-14370 | medium | — | 5.5 | 2y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |
| CVE-2020-28991 | medium | — | 5.5 | 2y ago | Improper Access Control in Gitea | |
| CVE-2020-28241 | medium | — | 5.5 | 2y ago | Moderate: libmaxminddb security update | |
| CVE-2020-35177 | medium | — | 5.5 | 2y ago | Enumeration of users in HashiCorp Vault in github.com/hashicorp/vault | |
| CVE-2020-28053 | medium | — | 5.5 | 2y ago | Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul | |
| CVE-2020-25201 | medium | — | 5.5 | 2y ago | Denial of service in HashiCorp Consul in github.com/hashicorp/consul | |
| CVE-2020-22217 | medium | — | 5.5 | 3y ago | Moderate: c-ares security update | |
| CVE-2020-12762 | medium | — | 5.5 | 3y ago | Moderate: libfastjson security update | |
| CVE-2020-24736 | medium | — | 5.5 | 3y ago | Moderate: sqlite security update | |
| CVE-2020-36518 | medium | — | 5.5 | 3y ago | Deeply nested json in jackson-databind | |
| CVE-2020-17049 | medium | — | 5.5 | 3y ago | Moderate: krb5 security, bug fix, and enhancement update | |
| CVE-2020-36516 | medium | — | 5.5 | 4y ago | Moderate: kernel-rt security and bug fix update | |
| CVE-2020-28852 | medium | — | 5.5 | 4y ago | Moderate: podman security and bug fix update | |
| CVE-2020-28851 | medium | — | 5.5 | 4y ago | Moderate: podman security and bug fix update | |
| CVE-2020-36558 | medium | — | 5.5 | 4y ago | Moderate: kernel-rt security and bug fix update | |
| CVE-2020-0256 | medium | — | 5.5 | 4y ago | Moderate: gdisk security update | |
| CVE-2020-10735 | medium | — | 5.5 | 4y ago | Moderate: python3.9 security update | |
| CVE-2020-35527 | medium | — | 5.5 | 4y ago | Moderate: sqlite security update | |
| CVE-2020-35525 | medium | — | 5.5 | 4y ago | Moderate: sqlite security update | |
| CVE-2020-28469 | medium | — | 5.5 | 4y ago | Moderate: nodejs and nodejs-nodemon security and bug fix update | |
| CVE-2020-7788 | medium | — | 5.5 | 4y ago | Moderate: nodejs:10 security update | |
| CVE-2020-35509 | medium | — | 5.5 | 4y ago | Keycloak vulnerable to Improper Certificate Validation | |
| CVE-2020-29652 | medium | — | 5.5 | 4y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |
| CVE-2020-1695 | medium | — | 5.5 | 4y ago | Improper Input Validation in RESTEasy | |
| CVE-2020-25864 | medium | — | 5.5 | 4y ago | HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul | |
| CVE-2020-10770 | medium | — | 5.5 | 4y ago | Keycloak vulnerable to Server-Side Request Forgery | |
| CVE-2020-24303 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2020-11110 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2020-10749 | medium | — | 5.5 | 4y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |
| CVE-2020-13430 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2020-12458 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2020-12459 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2020-12245 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2020-1726 | medium | — | 5.5 | 4y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |
| CVE-2020-35492 | medium | — | 5.5 | 4y ago | Moderate: cairo and pixman security and bug fix update | |
| CVE-2020-35452 | medium | — | 5.5 | 4y ago | Moderate: httpd:2.4 security and bug fix update | |
| CVE-2020-19131 | medium | — | 5.5 | 4y ago | Moderate: libtiff security update | |
| CVE-2020-18898 | medium | — | 5.5 | 4y ago | Moderate: compat-exiv2-026 security update | |
| CVE-2020-27826 | medium | — | 5.5 | 4y ago | Authentication Bypass in keycloak | |
| CVE-2020-29509 | medium | — | 5.5 | 4y ago | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that … |