CVEs from 2020
Total
4,033
critical
critical 194
high
high 475
medium
medium 679
low
low 57
% Critical
4.8%
% with KEV
3.6%
% with exploit
4.0%
Top vendors
- oracle 339
- schneider-electric 75
- netapp 12
- fasterxml 8
- denx 2
- nsasoft 1
- rubyonrails 1
- google 1
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-25717 | high | — | 8.0 | 5y ago | Important: samba security update | |||
| CVE-2020-1472 | medium | — | 8.0 | 5y ago | Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An at… | |||
| CVE-2020-36385 | high | — | 8.0 | 5y ago | An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_… | |||
| CVE-2020-14765 | high | — | 8.0 | 5y ago | Important: mariadb:10.3 security, bug fix, and enhancement update | |||
| CVE-2020-13675 | high | — | 8.0 | 5y ago | Unrestricted Upload of File with Dangerous Type in Drupal core | |||
| CVE-2020-13673 | high | — | 8.0 | 5y ago | The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it i… | |||
| CVE-2020-13677 | high | — | 8.0 | 5y ago | Drupal core access bypass vulnerability | |||
| CVE-2020-13676 | high | — | 8.0 | 5y ago | Incorrect Authorization in Drupal core | |||
| CVE-2020-13674 | high | — | 8.0 | 5y ago | Cross-Site Request Forgery in Drupal core | |||
| CVE-2020-26265 | high | — | 8.0 | 5y ago | Consensus flaw in github.com/ethereum/go-ethereum | |||
| CVE-2020-26541 | high | — | 8.0 | 5y ago | The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. | |||
| CVE-2020-15257 | high | — | 8.0 | 5y ago | containerd-shim API Exposed to Host Network Containers in github.com/containerd/containerd | |||
| CVE-2020-10696 | high | — | 8.0 | 5y ago | Important: container-tools:2.0 security update | |||
| CVE-2020-25097 | high | — | 8.0 | 5y ago | Important: squid:4 security update | |||
| CVE-2020-35508 | high | — | 8.0 | 5y ago | A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local… | |||
| CVE-2020-25284 | high | — | 8.0 | 5y ago | The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map … | |||
| CVE-2020-25285 | high | — | 8.0 | 5y ago | A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly hav… | |||
| CVE-2020-24394 | high | — | 8.0 | 5y ago | In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs be… | |||
| CVE-2020-25212 | high | — | 8.0 | 5y ago | A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nf… | |||
| CVE-2020-27835 | high | — | 8.0 | 5y ago | A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash… | |||
| CVE-2020-25643 | high | — | 8.0 | 5y ago | A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function wh… | |||
| CVE-2020-12362 | high | — | 8.0 | 5y ago | Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a… | |||
| CVE-2020-12364 | high | — | 8.0 | 5y ago | Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a den… | |||
| CVE-2020-12363 | high | — | 8.0 | 5y ago | Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial o… | |||
| CVE-2020-27786 | high | — | 8.0 | 5y ago | A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue.… | |||
| CVE-2020-12464 | high | — | 8.0 | 5y ago | usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. | |||
| CVE-2020-28974 | high | — | 8.0 | 5y ago | A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs … | |||
| CVE-2020-12114 | high | — | 8.0 | 5y ago | A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to … | |||
| CVE-2020-25704 | high | — | 8.0 | 5y ago | A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denia… | |||
| CVE-2020-14356 | high | — | 8.0 | 5y ago | A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or e… | |||
| CVE-2020-14314 | high | — | 8.0 | 5y ago | A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to… | |||
| CVE-2020-0431 | high | — | 8.0 | 5y ago | In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. U… | |||
| CVE-2020-11608 | high | — | 8.0 | 5y ago | An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoin… | |||
| CVE-2020-36322 | high | — | 8.0 | 5y ago | An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a … | |||
| CVE-2020-15437 | high | — | 8.0 | 5y ago | The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service… | |||
| CVE-2020-28052 | high | — | 8.0 | 5y ago | Logic error in Legion of the Bouncy Castle BC Java | |||
| CVE-2020-28468 | high | — | 8.0 | 5y ago | This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code ex… | |||
| CVE-2020-28362 | high | — | 8.0 | 5y ago | Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. | |||
| CVE-2020-28374 | high | — | 8.0 | 5y ago | In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via direct… | |||
| CVE-2020-27152 | high | — | 8.0 | 5y ago | An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge trigg… | |||
| CVE-2020-0466 | high | — | 8.0 | 5y ago | In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privilege… | |||
| CVE-2020-35517 | high | — | 8.0 | 5y ago | Important: virt:rhel and virt-devel:rhel security update | |||
| CVE-2020-14351 | high | — | 8.0 | 5y ago | A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly esca… | |||
| CVE-2020-25705 | high | — | 8.0 | 5y ago | A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Soft… | |||
| CVE-2020-29661 | high | — | 8.0 | 5y ago | A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. | |||
| CVE-2020-17525 | high | — | 8.0 | 5y ago | Important: subversion:1.10 security update | |||
| CVE-2020-25694 | high | — | 8.0 | 6y ago | Important: postgresql:12 security update | |||
| CVE-2020-14349 | high | — | 8.0 | 6y ago | Important: postgresql:12 security update | |||
| CVE-2020-1720 | high | — | 8.0 | 6y ago | Important: postgresql:12 security update | |||
| CVE-2020-25695 | high | — | 8.0 | 6y ago | Important: postgresql:12 security update | |||
| CVE-2020-25696 | high | — | 8.0 | 6y ago | Important: postgresql:12 security update | |||
| CVE-2020-14350 | high | — | 8.0 | 6y ago | Important: postgresql:12 security update | |||
| CVE-2020-13249 | high | — | 8.0 | 6y ago | Important: mariadb:10.3 security, bug fix, and enhancement update | |||
| CVE-2020-15180 | high | — | 8.0 | 6y ago | Important: mariadb:10.3 security, bug fix, and enhancement update | |||
| CVE-2020-0452 | high | — | 8.0 | 6y ago | Important: libexif security update | |||
| CVE-2020-17521 | high | — | 8.0 | 6y ago | Information Disclosure in Apache Groovy | |||
| CVE-2020-28949 | medium | — | 8.0 | 6y ago | PEAR Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and di… | |||
| CVE-2020-26890 | high | — | 8.0 | 6y ago | Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service atta… | |||
| CVE-2020-26891 | high | — | 8.0 | 6y ago | AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Syn… | |||
| CVE-2020-6506 | high | — | 8.0 | 6y ago | Android WebView Universal Cross-site Scripting | |||
| CVE-2020-36327 | high | — | 8.0 | 6y ago | Important: ruby:2.5 security update | |||
| CVE-2020-14364 | high | — | 8.0 | 6y ago | Important: virt:rhel security update | |||
| CVE-2020-2804 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14597 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2588 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2577 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14697 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2589 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14550 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2760 | high | — | 8.0 | 6y ago | Important: mariadb:10.3 security, bug fix, and enhancement update | |||
| CVE-2020-2814 | high | — | 8.0 | 6y ago | Important: mariadb:10.3 security, bug fix, and enhancement update | |||
| CVE-2020-2921 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2580 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2925 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2923 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2896 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2895 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2892 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2770 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2924 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2627 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2903 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2579 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14678 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14586 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14680 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14576 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14568 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14567 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14539 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14614 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14575 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14624 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2928 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14799 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2574 | high | — | 8.0 | 6y ago | Important: mariadb:10.3 security, bug fix, and enhancement update | |||
| CVE-2020-2926 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2584 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2752 | high | — | 8.0 | 6y ago | Important: mariadb:10.3 security, bug fix, and enhancement update | |||
| CVE-2020-2779 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update |