CVEs from 2020
Total
4,010
critical
critical 194
high
high 479
medium
medium 679
low
low 57
% Critical
4.8%
% with KEV
3.6%
% with exploit
4.0%
Top vendors
- oracle 339
- schneider-electric 136
- netapp 12
- fasterxml 8
- denx 2
- nsasoft 1
- rubyonrails 1
- google 1
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-15011 | medium | — | 5.5 | — | Moderate: mailman:2.1 security update | |||
| CVE-2020-15358 | medium | — | 5.5 | — | In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. | |||
| CVE-2020-26420 | medium | — | 5.5 | — | Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | |||
| CVE-2020-26560 | medium | — | 5.5 | — | multiple issues in linux | |||
| CVE-2020-28928 | medium | — | 5.5 | — | In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). | |||
| CVE-2020-35636 | medium | — | 5.5 | — | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially cra… | |||
| CVE-2020-7957 | medium | — | 5.5 | — | The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a den… | |||
| CVE-2020-8231 | medium | — | 5.5 | — | Moderate: curl security and bug fix update | |||
| CVE-2020-35632 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28605 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-12399 | medium | — | 5.5 | — | NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firef… | |||
| CVE-2020-36230 | medium | — | 5.5 | — | A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. | |||
| CVE-2020-28601 | medium | — | 5.5 | — | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of… | |||
| CVE-2020-8285 | medium | — | 5.5 | — | Moderate: curl security and bug fix update | |||
| CVE-2020-25693 | medium | — | 5.5 | — | A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can l… | |||
| CVE-2020-18771 | medium | — | 5.5 | — | Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak. | |||
| CVE-2020-27841 | medium | — | 5.5 | — | There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bo… | |||
| CVE-2020-35630 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-24977 | medium | — | 5.5 | — | GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. | |||
| CVE-2020-25669 | medium | — | 5.5 | — | A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkb… | |||
| CVE-2020-20445 | medium | — | 5.5 | — | FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service. | |||
| CVE-2020-10932 | medium | — | 5.5 | — | An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) rec… | |||
| CVE-2020-26558 | medium | — | 5.5 | — | Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authe… | |||
| CVE-2020-27170 | medium | — | 5.5 | — | An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spec… | |||
| CVE-2020-35738 | medium | — | 5.5 | — | WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" re… | |||
| CVE-2020-12402 | medium | — | 5.5 | — | During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perfo… | |||
| CVE-2020-36229 | medium | — | 5.5 | — | A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. | |||
| CVE-2020-27844 | medium | — | 5.5 | — | A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bou… | |||
| CVE-2020-26117 | medium | — | 5.5 | — | In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a cert… | |||
| CVE-2020-23109 | medium | — | 5.5 | — | Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a craf… | |||
| CVE-2020-16154 | medium | — | 5.5 | — | The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. | |||
| CVE-2020-28616 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-24491 | medium | — | 5.5 | — | information disclosure in intel-ucode | |||
| CVE-2020-27840 | medium | — | 5.5 | — | A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds me… | |||
| CVE-2020-22021 | medium | — | 5.5 | — | Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service. | |||
| CVE-2020-25722 | medium | — | 5.5 | — | Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. | |||
| CVE-2020-25718 | medium | — | 5.5 | — | A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. | |||
| CVE-2020-24027 | medium | — | 5.5 | — | multiple issues in live-media | |||
| CVE-2020-23932 | medium | — | 5.5 | — | An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service. | |||
| CVE-2020-8619 | medium | — | 5.5 | — | In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative s… | |||
| CVE-2020-12460 | medium | — | 5.5 | — | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a spe… | |||
| CVE-2020-29385 | medium | — | 5.5 | — | GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign t… | |||
| CVE-2020-36151 | medium | — | 5.5 | — | Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block. | |||
| CVE-2020-36225 | medium | — | 5.5 | — | A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. | |||
| CVE-2020-22033 | medium | — | 5.5 | — | A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service. | |||
| CVE-2020-13938 | medium | — | 5.5 | — | denial of service in apache | |||
| CVE-2020-26415 | medium | — | 5.5 | — | multiple issues in gitlab | |||
| CVE-2020-26416 | medium | — | 5.5 | — | information disclosure in gitlab | |||
| CVE-2020-37174 | medium | 5.5 | 5.5 | 16d ago | WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design … | |||
| CVE-2020-37169 | medium | 5.5 | 5.5 | 16d ago | WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-u… | |||
| CVE-2020-36855 | medium | 5.5 | 5.5 | 7mo ago | A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stac… | |||
| CVE-2020-16156 | medium | — | 5.5 | 1y ago | Moderate: perl-CPAN security update | |||
| CVE-2020-13790 | medium | — | 5.5 | 1y ago | Moderate: libjpeg-turbo security update | |||
| CVE-2020-27792 | medium | — | 5.5 | 1y ago | A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF fil… | |||
| CVE-2020-27827 | medium | — | 5.5 | 2y ago | Moderate: lldpd security update | |||
| CVE-2020-10135 | medium | — | 5.5 | 2y ago | RHSA-2024:9315: kernel security update (Moderate) | |||
| CVE-2020-36777 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: Fix memory leak in dvb_media_device_free() dvb_media_device_free() is leaking memory. Free `dvbdev->adapter->conn`… | |||
| CVE-2020-18651 | medium | — | 5.5 | 2y ago | Moderate: exempi security update | |||
| CVE-2020-18652 | medium | — | 5.5 | 2y ago | Moderate: exempi security update | |||
| CVE-2020-36024 | medium | — | 5.5 | 2y ago | Moderate: poppler security update | |||
| CVE-2020-25656 | medium | — | 5.5 | 2y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2020-15778 | medium | — | 5.5 | 2y ago | scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that t… | |||
| CVE-2020-18770 | medium | — | 5.5 | 2y ago | Moderate: zziplib security update | |||
| CVE-2020-14370 | medium | — | 5.5 | 2y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |||
| CVE-2020-28991 | medium | — | 5.5 | 2y ago | Improper Access Control in Gitea | |||
| CVE-2020-28241 | medium | — | 5.5 | 2y ago | Moderate: libmaxminddb security update | |||
| CVE-2020-35177 | medium | — | 5.5 | 2y ago | Enumeration of users in HashiCorp Vault in github.com/hashicorp/vault | |||
| CVE-2020-28053 | medium | — | 5.5 | 2y ago | Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul | |||
| CVE-2020-25201 | medium | — | 5.5 | 2y ago | Denial of service in HashiCorp Consul in github.com/hashicorp/consul | |||
| CVE-2020-22217 | medium | — | 5.5 | 3y ago | Moderate: c-ares security update | |||
| CVE-2020-12762 | medium | — | 5.5 | 3y ago | Moderate: libfastjson security update | |||
| CVE-2020-24736 | medium | — | 5.5 | 3y ago | Moderate: sqlite security update | |||
| CVE-2020-36518 | medium | — | 5.5 | 3y ago | Moderate: pki-core:10.6 and pki-deps:10.6 security update | |||
| CVE-2020-17049 | medium | — | 5.5 | 3y ago | Moderate: krb5 security, bug fix, and enhancement update | |||
| CVE-2020-36516 | medium | — | 5.5 | 4y ago | An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP… | |||
| CVE-2020-28851 | medium | — | 5.5 | 4y ago | Moderate: podman security and bug fix update | |||
| CVE-2020-28852 | medium | — | 5.5 | 4y ago | Moderate: podman security and bug fix update | |||
| CVE-2020-0256 | medium | — | 5.5 | 4y ago | Moderate: gdisk security update | |||
| CVE-2020-36558 | medium | — | 5.5 | 4y ago | A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. | |||
| CVE-2020-10735 | medium | — | 5.5 | 4y ago | A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for… | |||
| CVE-2020-35525 | medium | — | 5.5 | 4y ago | Moderate: sqlite security update | |||
| CVE-2020-35527 | medium | — | 5.5 | 4y ago | Moderate: sqlite security update | |||
| CVE-2020-7788 | medium | — | 5.5 | 4y ago | Moderate: nodejs:14 security, bug fix, and enhancement update | |||
| CVE-2020-28469 | medium | — | 5.5 | 4y ago | Moderate: nodejs:14 security, bug fix, and enhancement update | |||
| CVE-2020-35509 | medium | — | 5.5 | 4y ago | Keycloak vulnerable to Improper Certificate Validation | |||
| CVE-2020-29652 | medium | — | 5.5 | 4y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |||
| CVE-2020-1695 | medium | — | 5.5 | 4y ago | Improper Input Validation in RESTEasy | |||
| CVE-2020-25864 | medium | — | 5.5 | 4y ago | HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul | |||
| CVE-2020-10770 | medium | — | 5.5 | 4y ago | Keycloak vulnerable to Server-Side Request Forgery | |||
| CVE-2020-24303 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |||
| CVE-2020-11110 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |||
| CVE-2020-10749 | medium | — | 5.5 | 4y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |||
| CVE-2020-13430 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |||
| CVE-2020-12458 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |||
| CVE-2020-12459 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |||
| CVE-2020-12245 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |||
| CVE-2020-1726 | medium | — | 5.5 | 4y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |||
| CVE-2020-35492 | medium | — | 5.5 | 4y ago | Moderate: cairo and pixman security and bug fix update | |||
| CVE-2020-35452 | medium | — | 5.5 | 4y ago | Moderate: httpd:2.4 security and bug fix update | |||
| CVE-2020-19131 | medium | — | 5.5 | 4y ago | Moderate: libtiff security update |