CVEs from 2020
Total
4,634
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.2%
% with KEV
3.2%
% with exploit
3.2%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-11112 | high | 8.8 | 8.8 | 6y ago | jackson-databind mishandles the interaction between serialization gadgets and typing | |
| CVE-2020-37221 | high | 8.4 | 8.4 | 15d ago | Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Cloc… | |
| CVE-2020-37244 | high | 8.2 | 8.2 | 12d ago | Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' p… | |
| CVE-2020-37243 | high | 8.2 | 8.2 | 12d ago | Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl acti… | |
| CVE-2020-37242 | high | 8.2 | 8.2 | 12d ago | Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parame… | |
| CVE-2020-37218 | high | 8.2 | 8.2 | 15d ago | Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the … | |
| CVE-2020-37004 | high | 8.2 | 8.2 | 4mo ago | The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attac… | |
| CVE-2020-36183 | high | 8.1 | 8.1 | 6y ago | Unsafe Deserialization in jackson-databind | |
| CVE-2020-35728 | high | 8.1 | 8.1 | 6y ago | Serialization gadget exploit in jackson-databind | |
| CVE-2020-14060 | high | 8.1 | 8.1 | 6y ago | Deserialization of untrusted data in Jackson Databind | |
| CVE-2020-14062 | high | 8.1 | 8.1 | 6y ago | Deserialization of untrusted data in Jackson Databind | |
| CVE-2020-11619 | high | 8.1 | 8.1 | 6y ago | jackson-databind mishandles the interaction between serialization gadgets and typing | |
| CVE-2020-16030 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16025 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16024 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6456 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6439 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6442 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6438 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6436 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6425 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6435 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6433 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6432 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6431 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6430 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6452 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6428 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6407 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6450 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6429 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6422 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6449 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6427 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6424 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-25685 | high | — | 8.0 | — | A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only u… | |
| CVE-2020-6423 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15238 | high | — | 8.0 | — | Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depe… | |
| CVE-2020-16042 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16027 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16038 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16036 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16031 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16014 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16037 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16019 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-27187 | high | — | 8.0 | — | An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker … | |
| CVE-2020-24489 | high | — | 8.0 | — | Important: microcode_ctl security, bug fix and enhancement update | |
| CVE-2020-24513 | high | — | 8.0 | — | Important: microcode_ctl security, bug fix and enhancement update | |
| CVE-2020-28011 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root. | |
| CVE-2020-28010 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms). | |
| CVE-2020-35733 | high | — | 8.0 | — | certificate verification bypass in erlang | |
| CVE-2020-11008 | high | — | 8.0 | — | Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q… | |
| CVE-2020-6434 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28023 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client. | |
| CVE-2020-16022 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-13114 | high | — | 8.0 | — | An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. | |
| CVE-2020-12767 | high | — | 8.0 | — | exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. | |
| CVE-2020-15655 | high | — | 8.0 | — | A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affe… | |
| CVE-2020-28024 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can … | |
| CVE-2020-16023 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16034 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15675 | high | — | 8.0 | — | When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81. | |
| CVE-2020-24654 | high | — | 8.0 | — | arbitrary filesystem access in ark | |
| CVE-2020-36328 | high | — | 8.0 | — | A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vuln… | |
| CVE-2020-8169 | high | — | 8.0 | — | curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). | |
| CVE-2020-10188 | high | — | 8.0 | — | utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem … | |
| CVE-2020-13871 | high | — | 8.0 | — | SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. | |
| CVE-2020-25681 | high | — | 8.0 | — | A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge… | |
| CVE-2020-35111 | high | — | 8.0 | — | When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a us… | |
| CVE-2020-28020 | high | — | 8.0 | — | Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header… | |
| CVE-2020-14387 | high | — | 8.0 | — | A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing… | |
| CVE-2020-25683 | high | — | 8.0 | — | A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who… | |
| CVE-2020-25829 | high | — | 8.0 | — | An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSS… | |
| CVE-2020-1712 | high | — | 8.0 | — | A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse… | |
| CVE-2020-25686 | high | — | 8.0 | — | A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of … | |
| CVE-2020-15652 | high | — | 8.0 | — | By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulne… | |
| CVE-2020-6474 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-12409 | high | — | 8.0 | — | When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox < 77. | |
| CVE-2020-8696 | high | — | 8.0 | — | Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2020-25687 | high | — | 8.0 | — | A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a rem… | |
| CVE-2020-0549 | high | — | 8.0 | — | Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2020-28025 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might le… | |
| CVE-2020-12406 | high | — | 8.0 | — | Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary cod… | |
| CVE-2020-26262 | high | — | 8.0 | — | Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.… | |
| CVE-2020-28021 | high | — | 8.0 | — | Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code executi… | |
| CVE-2020-28022 | high | — | 8.0 | — | Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands. | |
| CVE-2020-15685 | high | — | 8.0 | — | During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7. | |
| CVE-2020-28012 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag. | |
| CVE-2020-12408 | high | — | 8.0 | — | When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77. | |
| CVE-2020-6472 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6576 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-35701 | high | — | 8.0 | — | An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id paramete… | |
| CVE-2020-35113 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |
| CVE-2020-15889 | high | — | 8.0 | — | Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. | |
| CVE-2020-6455 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6458 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15965 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-3123 | high | — | 8.0 | — | A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service … | |
| CVE-2020-28009 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation … |