CVEs from 2020
Total
4,160
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-15366 | medium | — | 5.5 | 4y ago | Moderate: nodejs:10 security update | |
| CVE-2020-11996 | medium | — | 5.5 | 4y ago | Uncontrolled Resource Consumption in Apache Tomcat | |
| CVE-2020-17527 | medium | — | 5.5 | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | |
| CVE-2020-14366 | medium | — | 5.5 | 4y ago | Path Traversal | |
| CVE-2020-11988 | medium | — | 5.5 | 4y ago | Server-side request forgery (SSRF) in Apache XmlGraphics Commons | |
| CVE-2020-24553 | medium | — | 5.5 | 4y ago | Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. | |
| CVE-2020-11987 | medium | — | 5.5 | 4y ago | Server-side request forgery (SSRF) in Apache Batik | |
| CVE-2020-25719 | medium | — | 5.5 | 5y ago | Moderate: idm:DL1 security update | |
| CVE-2020-13435 | medium | — | 5.5 | 5y ago | Moderate: sqlite security update | |
| CVE-2020-10001 | medium | — | 5.5 | 5y ago | Moderate: cups security and bug fix update | |
| CVE-2020-36241 | medium | — | 5.5 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2020-24870 | medium | — | 5.5 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2020-27918 | medium | — | 5.5 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2020-29623 | medium | — | 5.5 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2020-13558 | medium | — | 5.5 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2020-14145 | medium | — | 5.5 | 5y ago | Moderate: openssh security update | |
| CVE-2020-35448 | medium | — | 5.5 | 5y ago | Moderate: binutils security update | |
| CVE-2020-13529 | medium | — | 5.5 | 5y ago | Moderate: NetworkManager security, bug fix, and enhancement update | |
| CVE-2020-26139 | medium | — | 5.5 | 5y ago | An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be… | |
| CVE-2020-26145 | medium | — | 5.5 | 5y ago | An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and proces… | |
| CVE-2020-26141 | medium | — | 5.5 | 5y ago | An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adver… | |
| CVE-2020-26147 | medium | — | 5.5 | 5y ago | An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused … | |
| CVE-2020-24587 | medium | — | 5.5 | 5y ago | The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An a… | |
| CVE-2020-24502 | medium | — | 5.5 | 5y ago | Moderate: kernel security, bug fix, and enhancement update | |
| CVE-2020-26143 | medium | — | 5.5 | 5y ago | Moderate: kernel security, bug fix, and enhancement update | |
| CVE-2020-36386 | medium | — | 5.5 | 5y ago | An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. | |
| CVE-2020-36312 | medium | — | 5.5 | 5y ago | An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. | |
| CVE-2020-36158 | medium | — | 5.5 | 5y ago | mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID… | |
| CVE-2020-24588 | medium | — | 5.5 | 5y ago | The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authentica… | |
| CVE-2020-24586 | medium | — | 5.5 | 5y ago | The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting … | |
| CVE-2020-24504 | medium | — | 5.5 | 5y ago | Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local acces… | |
| CVE-2020-0427 | medium | — | 5.5 | 5y ago | In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User inter… | |
| CVE-2020-26144 | medium | — | 5.5 | 5y ago | Moderate: kernel security, bug fix, and enhancement update | |
| CVE-2020-29368 | medium | — | 5.5 | 5y ago | An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a T… | |
| CVE-2020-27777 | medium | — | 5.5 | 5y ago | A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors … | |
| CVE-2020-26140 | medium | — | 5.5 | 5y ago | Moderate: kernel security, bug fix, and enhancement update | |
| CVE-2020-26146 | medium | — | 5.5 | 5y ago | Moderate: kernel security, bug fix, and enhancement update | |
| CVE-2020-29660 | medium | — | 5.5 | 5y ago | A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIO… | |
| CVE-2020-24503 | medium | — | 5.5 | 5y ago | Moderate: kernel security, bug fix, and enhancement update | |
| CVE-2020-1946 | medium | — | 5.5 | 5y ago | Moderate: spamassassin security update | |
| CVE-2020-17541 | medium | — | 5.5 | 5y ago | Moderate: libjpeg-turbo security and bug fix update | |
| CVE-2020-18032 | medium | — | 5.5 | 5y ago | Moderate: graphviz security update | |
| CVE-2020-27823 | medium | — | 5.5 | 5y ago | Moderate: openjpeg2 security update | |
| CVE-2020-27845 | medium | — | 5.5 | 5y ago | Moderate: openjpeg2 security update | |
| CVE-2020-27814 | medium | — | 5.5 | 5y ago | Moderate: openjpeg2 security update | |
| CVE-2020-27843 | medium | — | 5.5 | 5y ago | Moderate: openjpeg2 security update | |
| CVE-2020-15389 | medium | — | 5.5 | 5y ago | Moderate: openjpeg2 security update | |
| CVE-2020-27824 | medium | — | 5.5 | 5y ago | Moderate: openjpeg2 security update | |
| CVE-2020-27842 | medium | — | 5.5 | 5y ago | Moderate: openjpeg2 security update | |
| CVE-2020-35523 | medium | — | 5.5 | 5y ago | Moderate: libtiff security and bug fix update | |
| CVE-2020-35521 | medium | — | 5.5 | 5y ago | Moderate: libtiff security and bug fix update | |
| CVE-2020-35524 | medium | — | 5.5 | 5y ago | Moderate: libtiff security and bug fix update | |
| CVE-2020-35522 | medium | — | 5.5 | 5y ago | Moderate: libtiff security and bug fix update | |
| CVE-2020-27828 | medium | — | 5.5 | 5y ago | Moderate: jasper security update | |
| CVE-2020-36332 | medium | — | 5.5 | 5y ago | Moderate: libwebp security update | |
| CVE-2020-36331 | medium | — | 5.5 | 5y ago | Moderate: libwebp security update | |
| CVE-2020-36330 | medium | — | 5.5 | 5y ago | Moderate: libwebp security update | |
| CVE-2020-7071 | medium | — | 5.5 | 5y ago | Moderate: php:7.4 security, bug fix, and enhancement update | |
| CVE-2020-7068 | medium | — | 5.5 | 5y ago | Moderate: php:7.4 security, bug fix, and enhancement update | |
| CVE-2020-7070 | medium | — | 5.5 | 5y ago | Moderate: php:7.4 security, bug fix, and enhancement update | |
| CVE-2020-7069 | medium | — | 5.5 | 5y ago | Moderate: php:7.4 security, bug fix, and enhancement update | |
| CVE-2020-15859 | medium | — | 5.5 | 5y ago | Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update | |
| CVE-2020-28896 | medium | — | 5.5 | 5y ago | Moderate: mutt security, bug fix, and enhancement update | |
| CVE-2020-27619 | medium | — | 5.5 | 5y ago | Moderate: python38:3.8 and python38-devel:3.8 security update | |
| CVE-2020-8561 | medium | — | 5.5 | 5y ago | A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver re… | |
| CVE-2020-14809 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14891 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14860 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14790 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14844 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14839 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14786 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14794 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14672 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14791 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14821 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14845 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14814 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14804 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14828 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14830 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14829 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14836 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14769 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14785 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14888 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14866 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14777 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14837 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14861 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14868 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14800 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14793 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14873 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14852 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14773 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14848 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14870 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14846 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2020-14838 | medium | — | 5.5 | 5y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update |