CVEs from 2020
Total
4,157
critical
critical 193
high
high 471
medium
medium 674
low
low 57
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-13871 | high | — | 8.0 | — | SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. | |
| CVE-2020-15675 | high | — | 8.0 | — | When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81. | |
| CVE-2020-26970 | high | — | 8.0 | — | When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, … | |
| CVE-2020-25829 | high | — | 8.0 | — | An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSS… | |
| CVE-2020-13398 | high | — | 8.0 | — | An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. | |
| CVE-2020-8835 | high | — | 8.0 | — | In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel … | |
| CVE-2020-9383 | high | — | 8.0 | — | An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before a… | |
| CVE-2020-25684 | high | — | 8.0 | — | A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pendin… | |
| CVE-2020-25687 | high | — | 8.0 | — | A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a rem… | |
| CVE-2020-15888 | high | — | 8.0 | — | Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free. | |
| CVE-2020-24511 | high | — | 8.0 | — | Important: microcode_ctl security, bug fix and enhancement update | |
| CVE-2020-24512 | high | — | 8.0 | — | Important: microcode_ctl security, bug fix and enhancement update | |
| CVE-2020-35701 | high | — | 8.0 | — | An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id paramete… | |
| CVE-2020-28015 | high | — | 8.0 | — | Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character. | |
| CVE-2020-16041 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6514 | high | — | 8.0 | — | Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. | |
| CVE-2020-6426 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6451 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6454 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6466 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6473 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6494 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6505 | high | — | 8.0 | — | Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |
| CVE-2020-6495 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28007 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting crit… | |
| CVE-2020-6576 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16034 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16033 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28024 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can … | |
| CVE-2020-6478 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6467 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6479 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-35680 | high | — | 8.0 | — | smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of cl… | |
| CVE-2020-10730 | high | — | 8.0 | — | A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped wit… | |
| CVE-2020-23171 | high | — | 8.0 | — | multiple issues in nim | |
| CVE-2020-28019 | high | — | 8.0 | — | Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a clien… | |
| CVE-2020-6420 | high | — | 8.0 | — | access restriction bypass in chromium | |
| CVE-2020-15655 | high | — | 8.0 | — | A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affe… | |
| CVE-2020-16023 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-35111 | high | — | 8.0 | — | When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a us… | |
| CVE-2020-28926 | high | — | 8.0 | — | ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug re… | |
| CVE-2020-5260 | high | — | 8.0 | — | Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store … | |
| CVE-2020-12409 | high | — | 8.0 | — | When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox < 77. | |
| CVE-2020-13112 | high | — | 8.0 | — | An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. | |
| CVE-2020-14303 | high | — | 8.0 | — | A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. | |
| CVE-2020-4032 | high | — | 8.0 | — | In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1… | |
| CVE-2020-8169 | high | — | 8.0 | — | curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). | |
| CVE-2020-25681 | high | — | 8.0 | — | A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge… | |
| CVE-2020-24489 | high | — | 8.0 | — | Important: microcode_ctl security, bug fix and enhancement update | |
| CVE-2020-24513 | high | — | 8.0 | — | Important: microcode_ctl security, bug fix and enhancement update | |
| CVE-2020-12405 | high | — | 8.0 | — | When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and… | |
| CVE-2020-15658 | high | — | 8.0 | — | The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file typ… | |
| CVE-2020-15810 | high | — | 8.0 | — | An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poi… | |
| CVE-2020-13113 | high | — | 8.0 | — | An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. | |
| CVE-2020-13904 | high | — | 8.0 | — | FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_inp… | |
| CVE-2020-15677 | high | — | 8.0 | — | By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open red… | |
| CVE-2020-36328 | high | — | 8.0 | — | A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vuln… | |
| CVE-2020-10188 | high | — | 8.0 | — | utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem … | |
| CVE-2020-12662 | high | — | 8.0 | — | Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. | |
| CVE-2020-8177 | high | — | 8.0 | — | curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | |
| CVE-2020-8695 | high | — | 8.0 | — | Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | |
| CVE-2020-8698 | high | — | 8.0 | — | Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2020-12410 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |
| CVE-2020-13777 | high | — | 8.0 | — | GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version i… | |
| CVE-2020-10745 | high | — | 8.0 | — | A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server… | |
| CVE-2020-26973 | high | — | 8.0 | — | Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird … | |
| CVE-2020-26974 | high | — | 8.0 | — | When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a poten… | |
| CVE-2020-10957 | high | — | 8.0 | — | In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. | |
| CVE-2020-25686 | high | — | 8.0 | — | A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of … | |
| CVE-2020-8696 | high | — | 8.0 | — | Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2020-4031 | high | — | 8.0 | — | In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2. | |
| CVE-2020-15685 | high | — | 8.0 | — | During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7. | |
| CVE-2020-12408 | high | — | 8.0 | — | When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77. | |
| CVE-2020-35702 | high | — | 8.0 | — | DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones … | |
| CVE-2020-15995 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16032 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16043 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16028 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16026 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16035 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16042 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16027 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16038 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16036 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16031 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16014 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16037 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16019 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16030 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16025 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16024 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16021 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16020 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16018 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16012 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16016 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-15966 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15963 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15964 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6574 | high | — | 8.0 | — | multiple issues in chromium |