CVEs from 2020
Total
4,160
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-18971 | medium | — | 5.5 | — | Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'. | |
| CVE-2020-15660 | medium | — | 5.5 | — | cross-site request forgery in geckodriver | |
| CVE-2020-36151 | medium | — | 5.5 | — | Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block. | |
| CVE-2020-20453 | medium | — | 5.5 | — | FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service | |
| CVE-2020-28086 | medium | — | 5.5 | — | pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the… | |
| CVE-2020-23928 | medium | — | 5.5 | — | An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. | |
| CVE-2020-21595 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file. | |
| CVE-2020-35766 | medium | — | 5.5 | — | The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c… | |
| CVE-2020-23932 | medium | — | 5.5 | — | An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service. | |
| CVE-2020-35981 | medium | — | 5.5 | — | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c. | |
| CVE-2020-29510 | medium | — | 5.5 | — | The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave … | |
| CVE-2020-26413 | medium | — | 5.5 | — | multiple issues in gitlab | |
| CVE-2020-35850 | medium | — | 5.5 | — | multiple issues in cockpit | |
| CVE-2020-36405 | medium | — | 5.5 | — | arbitrary code execution in keystone | |
| CVE-2020-28200 | medium | — | 5.5 | — | The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension. | |
| CVE-2020-8286 | medium | — | 5.5 | — | Moderate: curl security and bug fix update | |
| CVE-2020-25718 | medium | — | 5.5 | — | A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. | |
| CVE-2020-22037 | medium | — | 5.5 | — | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c. | |
| CVE-2020-36230 | medium | — | 5.5 | — | A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. | |
| CVE-2020-12399 | medium | — | 5.5 | — | NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firef… | |
| CVE-2020-26422 | medium | — | 5.5 | — | Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file | |
| CVE-2020-29511 | medium | — | 5.5 | — | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that be… | |
| CVE-2020-8618 | medium | — | 5.5 | — | An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clie… | |
| CVE-2020-21601 | medium | — | 5.5 | — | libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file. | |
| CVE-2020-35518 | medium | — | 5.5 | — | information disclosure in 389-ds-base | |
| CVE-2020-28935 | medium | — | 5.5 | — | NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing … | |
| CVE-2020-26977 | medium | — | 5.5 | — | By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar displayed the original domain. *Note: This issue only affects F… | |
| CVE-2020-28610 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |
| CVE-2020-27637 | medium | — | 5.5 | — | The R programming language’s default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability affects packages installed via the R CMD… | |
| CVE-2020-26418 | medium | — | 5.5 | — | Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | |
| CVE-2020-36152 | medium | — | 5.5 | — | Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA. | |
| CVE-2020-26142 | medium | — | 5.5 | — | insufficient validation in linux | |
| CVE-2020-22015 | medium | — | 5.5 | — | Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Deni… | |
| CVE-2020-28407 | medium | — | 5.5 | — | In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall. | |
| CVE-2020-25693 | medium | — | 5.5 | — | A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can l… | |
| CVE-2020-36226 | medium | — | 5.5 | — | A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. | |
| CVE-2020-21603 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file. | |
| CVE-2020-21599 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file. | |
| CVE-2020-35499 | medium | — | 5.5 | — | A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when usin… | |
| CVE-2020-10543 | medium | — | 5.5 | — | Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. | |
| CVE-2020-0198 | medium | — | 5.5 | — | In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. … | |
| CVE-2020-28600 | medium | — | 5.5 | — | An out-of-bounds write vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can … | |
| CVE-2020-35635 | medium | — | 5.5 | — | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB r… | |
| CVE-2020-35634 | medium | — | 5.5 | — | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() s… | |
| CVE-2020-35633 | medium | — | 5.5 | — | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() s… | |
| CVE-2020-37174 | medium | 5.5 | 5.5 | 15d ago | WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design … | |
| CVE-2020-37169 | medium | 5.5 | 5.5 | 15d ago | WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-u… | |
| CVE-2020-36855 | medium | 5.5 | 5.5 | 7mo ago | A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stac… | |
| CVE-2020-16156 | medium | — | 5.5 | 1y ago | Moderate: perl-CPAN security update | |
| CVE-2020-13790 | medium | — | 5.5 | 1y ago | Moderate: libjpeg-turbo security update | |
| CVE-2020-27792 | medium | — | 5.5 | 1y ago | Moderate: ghostscript security update | |
| CVE-2020-27827 | medium | — | 5.5 | 2y ago | Moderate: lldpd security update | |
| CVE-2020-10135 | medium | — | 5.5 | 2y ago | RHSA-2024:9315: kernel security update (Moderate) | |
| CVE-2020-36777 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: Fix memory leak in dvb_media_device_free() dvb_media_device_free() is leaking memory. Free `dvbdev->adapter->conn`… | |
| CVE-2020-18651 | medium | — | 5.5 | 2y ago | Moderate: exempi security update | |
| CVE-2020-36024 | medium | — | 5.5 | 2y ago | Moderate: poppler security update | |
| CVE-2020-18652 | medium | — | 5.5 | 2y ago | Moderate: exempi security update | |
| CVE-2020-15778 | medium | — | 5.5 | 2y ago | Moderate: openssh security update | |
| CVE-2020-25656 | medium | — | 5.5 | 2y ago | A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access … | |
| CVE-2020-18770 | medium | — | 5.5 | 2y ago | Moderate: zziplib security update | |
| CVE-2020-14370 | medium | — | 5.5 | 2y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |
| CVE-2020-28991 | medium | — | 5.5 | 2y ago | Improper Access Control in Gitea | |
| CVE-2020-28241 | medium | — | 5.5 | 2y ago | Moderate: libmaxminddb security update | |
| CVE-2020-35177 | medium | — | 5.5 | 2y ago | Enumeration of users in HashiCorp Vault in github.com/hashicorp/vault | |
| CVE-2020-28053 | medium | — | 5.5 | 2y ago | Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul | |
| CVE-2020-25201 | medium | — | 5.5 | 2y ago | Denial of service in HashiCorp Consul in github.com/hashicorp/consul | |
| CVE-2020-22217 | medium | — | 5.5 | 3y ago | Moderate: c-ares security update | |
| CVE-2020-12762 | medium | — | 5.5 | 3y ago | Moderate: libfastjson security update | |
| CVE-2020-24736 | medium | — | 5.5 | 3y ago | Moderate: sqlite security update | |
| CVE-2020-36518 | medium | — | 5.5 | 3y ago | Deeply nested json in jackson-databind | |
| CVE-2020-17049 | medium | — | 5.5 | 3y ago | Moderate: krb5 security, bug fix, and enhancement update | |
| CVE-2020-28852 | medium | — | 5.5 | 4y ago | Moderate: podman security and bug fix update | |
| CVE-2020-28851 | medium | — | 5.5 | 4y ago | Moderate: podman security and bug fix update | |
| CVE-2020-36516 | medium | — | 5.5 | 4y ago | An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP… | |
| CVE-2020-36558 | medium | — | 5.5 | 4y ago | A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. | |
| CVE-2020-0256 | medium | — | 5.5 | 4y ago | Moderate: gdisk security update | |
| CVE-2020-10735 | medium | — | 5.5 | 4y ago | Moderate: python3.9 security update | |
| CVE-2020-35527 | medium | — | 5.5 | 4y ago | Moderate: sqlite security update | |
| CVE-2020-35525 | medium | — | 5.5 | 4y ago | Moderate: sqlite security update | |
| CVE-2020-28469 | medium | — | 5.5 | 4y ago | Moderate: nodejs and nodejs-nodemon security and bug fix update | |
| CVE-2020-7788 | medium | — | 5.5 | 4y ago | Moderate: nodejs:10 security update | |
| CVE-2020-35509 | medium | — | 5.5 | 4y ago | Keycloak vulnerable to Improper Certificate Validation | |
| CVE-2020-29652 | medium | — | 5.5 | 4y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |
| CVE-2020-1695 | medium | — | 5.5 | 4y ago | Improper Input Validation in RESTEasy | |
| CVE-2020-25864 | medium | — | 5.5 | 4y ago | HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul | |
| CVE-2020-10770 | medium | — | 5.5 | 4y ago | Keycloak vulnerable to Server-Side Request Forgery | |
| CVE-2020-24303 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2020-11110 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2020-10749 | medium | — | 5.5 | 4y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |
| CVE-2020-13430 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2020-12458 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2020-12459 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2020-12245 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2020-1726 | medium | — | 5.5 | 4y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |
| CVE-2020-35492 | medium | — | 5.5 | 4y ago | Moderate: cairo and pixman security and bug fix update | |
| CVE-2020-35452 | medium | — | 5.5 | 4y ago | Moderate: httpd:2.4 security and bug fix update | |
| CVE-2020-19131 | medium | — | 5.5 | 4y ago | Moderate: libtiff security update | |
| CVE-2020-18898 | medium | — | 5.5 | 4y ago | Moderate: compat-exiv2-026 security update | |
| CVE-2020-27826 | medium | — | 5.5 | 4y ago | Authentication Bypass in keycloak | |
| CVE-2020-29509 | medium | — | 5.5 | 4y ago | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that … |