CVEs from 2020
Total
4,156
critical
critical 193
high
high 470
medium
medium 674
low
low 57
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-8177 | high | — | 8.0 | — | curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | |
| CVE-2020-35679 | high | — | 8.0 | — | smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups. | |
| CVE-2020-12410 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |
| CVE-2020-0543 | high | — | 8.0 | — | Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2020-12351 | high | — | 8.0 | — | Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |
| CVE-2020-12352 | high | — | 8.0 | — | Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | |
| CVE-2020-1712 | high | — | 8.0 | — | privilege escalation in systemd | |
| CVE-2020-10745 | high | — | 8.0 | — | A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server… | |
| CVE-2020-26973 | high | — | 8.0 | — | Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird … | |
| CVE-2020-26974 | high | — | 8.0 | — | When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a poten… | |
| CVE-2020-8835 | high | — | 8.0 | — | In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel … | |
| CVE-2020-9383 | high | — | 8.0 | — | An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before a… | |
| CVE-2020-12405 | high | — | 8.0 | — | When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and… | |
| CVE-2020-15953 | high | — | 8.0 | — | LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the clien… | |
| CVE-2020-24511 | high | — | 8.0 | — | Important: microcode_ctl security, bug fix and enhancement update | |
| CVE-2020-24512 | high | — | 8.0 | — | Important: microcode_ctl security, bug fix and enhancement update | |
| CVE-2020-12663 | high | — | 8.0 | — | Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. | |
| CVE-2020-15962 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6451 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6454 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6466 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6576 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28021 | high | — | 8.0 | — | Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code executi… | |
| CVE-2020-12406 | high | — | 8.0 | — | Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary cod… | |
| CVE-2020-16034 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-27780 | high | — | 8.0 | — | A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of … | |
| CVE-2020-15656 | high | — | 8.0 | — | JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only … | |
| CVE-2020-35113 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |
| CVE-2020-15678 | high | — | 8.0 | — | When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClipped… | |
| CVE-2020-1971 | high | — | 8.0 | — | The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares d… | |
| CVE-2020-15654 | high | — | 8.0 | — | When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived brok… | |
| CVE-2020-6507 | high | — | 8.0 | — | Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-6423 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6456 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6439 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6442 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6438 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6436 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6425 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6435 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6433 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6432 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6431 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6430 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6452 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6428 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6407 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6450 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6429 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6422 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6449 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6427 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6424 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15965 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-0548 | high | — | 8.0 | — | Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2020-8625 | high | — | 8.0 | — | BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not … | |
| CVE-2020-26972 | high | — | 8.0 | — | The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check w… | |
| CVE-2020-6420 | high | — | 8.0 | — | access restriction bypass in chromium | |
| CVE-2020-35114 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2020-28026 | high | — | 8.0 | — | Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline … | |
| CVE-2020-23171 | high | — | 8.0 | — | multiple issues in nim | |
| CVE-2020-28011 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root. | |
| CVE-2020-35733 | high | — | 8.0 | — | certificate verification bypass in erlang | |
| CVE-2020-35702 | high | — | 8.0 | — | DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones … | |
| CVE-2020-15960 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6575 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6482 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6477 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-8616 | high | — | 8.0 | — | A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause … | |
| CVE-2020-25682 | high | — | 8.0 | — | A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the n… | |
| CVE-2020-12662 | high | — | 8.0 | — | Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. | |
| CVE-2020-15811 | high | — | 8.0 | — | An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poi… | |
| CVE-2020-15673 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |
| CVE-2020-6463 | high | — | 8.0 | — | Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-15674 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2020-13777 | high | — | 8.0 | — | GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version i… | |
| CVE-2020-5208 | high | — | 8.0 | — | It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote co… | |
| CVE-2020-25681 | high | — | 8.0 | — | A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge… | |
| CVE-2020-14303 | high | — | 8.0 | — | A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. | |
| CVE-2020-13112 | high | — | 8.0 | — | An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. | |
| CVE-2020-12409 | high | — | 8.0 | — | When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox < 77. | |
| CVE-2020-0556 | high | — | 8.0 | — | Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access | |
| CVE-2020-10957 | high | — | 8.0 | — | In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. | |
| CVE-2020-15653 | high | — | 8.0 | — | An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed po… | |
| CVE-2020-5260 | high | — | 8.0 | — | Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store … | |
| CVE-2020-0093 | high | — | 8.0 | — | In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privile… | |
| CVE-2020-25686 | high | — | 8.0 | — | A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of … | |
| CVE-2020-4031 | high | — | 8.0 | — | In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2. | |
| CVE-2020-15685 | high | — | 8.0 | — | During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7. | |
| CVE-2020-28019 | high | — | 8.0 | — | Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a clien… | |
| CVE-2020-12408 | high | — | 8.0 | — | When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77. | |
| CVE-2020-1723 | high | — | 8.0 | — | multiple issues in keycloak | |
| CVE-2020-15889 | high | — | 8.0 | — | Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. | |
| CVE-2020-16021 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16020 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16018 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16012 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16016 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-15966 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15963 | high | — | 8.0 | — | multiple issues in chromium |