CVEs from 2020
Total
4,157
critical
critical 193
high
high 471
medium
medium 674
low
low 57
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-11112 | high | 8.8 | 8.8 | 6y ago | jackson-databind mishandles the interaction between serialization gadgets and typing | |
| CVE-2020-37221 | high | 8.4 | 8.4 | 15d ago | Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Cloc… | |
| CVE-2020-37244 | high | 8.2 | 8.2 | 12d ago | Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' p… | |
| CVE-2020-37243 | high | 8.2 | 8.2 | 12d ago | Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl acti… | |
| CVE-2020-37242 | high | 8.2 | 8.2 | 12d ago | Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parame… | |
| CVE-2020-37218 | high | 8.2 | 8.2 | 15d ago | Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the … | |
| CVE-2020-37004 | high | 8.2 | 8.2 | 4mo ago | The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attac… | |
| CVE-2020-36183 | high | 8.1 | 8.1 | 6y ago | Unsafe Deserialization in jackson-databind | |
| CVE-2020-35728 | high | 8.1 | 8.1 | 6y ago | Serialization gadget exploit in jackson-databind | |
| CVE-2020-14060 | high | 8.1 | 8.1 | 6y ago | Deserialization of untrusted data in Jackson Databind | |
| CVE-2020-14062 | high | 8.1 | 8.1 | 6y ago | Deserialization of untrusted data in Jackson Databind | |
| CVE-2020-11619 | high | 8.1 | 8.1 | 6y ago | jackson-databind mishandles the interaction between serialization gadgets and typing | |
| CVE-2020-6423 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28008 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input s… | |
| CVE-2020-15961 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6468 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-12663 | high | — | 8.0 | — | Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. | |
| CVE-2020-6496 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6481 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6459 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6445 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-14303 | high | — | 8.0 | — | A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. | |
| CVE-2020-6493 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6437 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6444 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-4031 | high | — | 8.0 | — | In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2. | |
| CVE-2020-6494 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6484 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6486 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15964 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6491 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6573 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6509 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-16022 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-24654 | high | — | 8.0 | — | arbitrary filesystem access in ark | |
| CVE-2020-6487 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15659 | high | — | 8.0 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enoug… | |
| CVE-2020-16012 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16018 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16021 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-13114 | high | — | 8.0 | — | An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. | |
| CVE-2020-6446 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6574 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6490 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-26164 | high | — | 8.0 | — | In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a De… | |
| CVE-2020-6489 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6475 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-26971 | high | — | 8.0 | — | Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefo… | |
| CVE-2020-6488 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-12767 | high | — | 8.0 | — | exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. | |
| CVE-2020-28007 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting crit… | |
| CVE-2020-6480 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6469 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-23171 | high | — | 8.0 | — | multiple issues in nim | |
| CVE-2020-6467 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-13112 | high | — | 8.0 | — | An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. | |
| CVE-2020-26976 | high | — | 8.0 | — | When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe … | |
| CVE-2020-6463 | high | — | 8.0 | — | Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-6471 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6485 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6460 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-8617 | high | — | 8.0 | — | Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the se… | |
| CVE-2020-15677 | high | — | 8.0 | — | By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open red… | |
| CVE-2020-15675 | high | — | 8.0 | — | When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81. | |
| CVE-2020-15674 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2020-8169 | high | — | 8.0 | — | curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). | |
| CVE-2020-6483 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16150 | high | — | 8.0 | — | A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode … | |
| CVE-2020-0556 | high | — | 8.0 | — | Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access | |
| CVE-2020-28019 | high | — | 8.0 | — | Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a clien… | |
| CVE-2020-28026 | high | — | 8.0 | — | Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline … | |
| CVE-2020-6476 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15166 | high | — | 8.0 | — | In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and con… | |
| CVE-2020-8616 | high | — | 8.0 | — | A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause … | |
| CVE-2020-15654 | high | — | 8.0 | — | When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived brok… | |
| CVE-2020-15655 | high | — | 8.0 | — | A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affe… | |
| CVE-2020-10760 | high | — | 8.0 | — | A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba. | |
| CVE-2020-25682 | high | — | 8.0 | — | A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the n… | |
| CVE-2020-8698 | high | — | 8.0 | — | Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2020-15965 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-13113 | high | — | 8.0 | — | An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. | |
| CVE-2020-8695 | high | — | 8.0 | — | Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | |
| CVE-2020-6462 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6470 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15888 | high | — | 8.0 | — | Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free. | |
| CVE-2020-25687 | high | — | 8.0 | — | A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a rem… | |
| CVE-2020-28015 | high | — | 8.0 | — | Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character. | |
| CVE-2020-16040 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6440 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-13871 | high | — | 8.0 | — | SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. | |
| CVE-2020-6461 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-16016 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6831 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-16020 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6447 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6465 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28017 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of res… | |
| CVE-2020-28014 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten. | |
| CVE-2020-6448 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15653 | high | — | 8.0 | — | An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed po… |