CVEs from 2020
Total
4,010
critical
critical 194
high
high 479
medium
medium 679
low
low 57
% Critical
4.8%
% with KEV
3.6%
% with exploit
4.0%
Top vendors
- oracle 339
- schneider-electric 136
- netapp 12
- fasterxml 8
- denx 2
- nsasoft 1
- rubyonrails 1
- google 1
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-2762 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14547 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14540 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14559 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14620 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14619 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14553 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14656 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14651 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2780 | high | — | 8.0 | 6y ago | Important: mariadb:10.3 security, bug fix, and enhancement update | |||
| CVE-2020-14631 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14702 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14614 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14624 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2570 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2903 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2893 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2774 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2925 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2924 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2923 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2928 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2921 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14634 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2904 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14725 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2898 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2896 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2895 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2897 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2853 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2686 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14799 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2759 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2579 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2761 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2573 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14623 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14632 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2679 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-14697 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2577 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-2589 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2020-11538 | high | — | 8.0 | 6y ago | In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. | |||
| CVE-2020-8172 | high | — | 8.0 | 6y ago | Important: nodejs:12 security update | |||
| CVE-2020-8174 | high | — | 8.0 | 6y ago | Important: nodejs:12 security update | |||
| CVE-2020-11080 | high | — | 8.0 | 6y ago | Important: nodejs:12 security update | |||
| CVE-2020-1938 | medium | — | 8.0 | 6y ago | Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploit… | |||
| CVE-2020-9402 | high | — | 8.0 | 6y ago | Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a sui… | |||
| CVE-2020-9484 | high | — | 8.0 | 6y ago | Potential remote code execution in Apache Tomcat | |||
| CVE-2020-11945 | high | — | 8.0 | 6y ago | Important: squid:4 security update | |||
| CVE-2020-1967 | high | — | 8.0 | 6y ago | Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signat… | |||
| CVE-2020-7039 | high | — | 8.0 | 6y ago | Important: container-tools:rhel8 security, bug fix, and enhancement update | |||
| CVE-2020-1711 | high | — | 8.0 | 6y ago | Important: virt:rhel security and bug fix update | |||
| CVE-2020-8608 | high | — | 8.0 | 6y ago | Important: virt:rhel security update | |||
| CVE-2020-7598 | high | — | 8.0 | 6y ago | Important: nodejs:12 security update | |||
| CVE-2020-5313 | high | — | 8.0 | 6y ago | libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. | |||
| CVE-2020-10531 | high | — | 8.0 | 6y ago | Important: nodejs:10 security update | |||
| CVE-2020-8597 | high | — | 8.0 | 6y ago | Important: ppp security update | |||
| CVE-2020-37247 | high | 7.8 | 7.8 | 13d ago | Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers … | |||
| CVE-2020-37232 | high | 7.8 | 7.8 | 13d ago | Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Atta… | |||
| CVE-2020-37231 | high | 7.8 | 7.8 | 13d ago | Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Atta… | |||
| CVE-2020-37230 | high | 7.8 | 7.8 | 13d ago | Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path… | |||
| CVE-2020-37229 | high | 7.8 | 7.8 | 13d ago | OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unqu… | |||
| CVE-2020-37223 | high | 7.8 | 7.8 | 16d ago | IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a maliciou… | |||
| CVE-2020-10648 | high | 7.8 | 7.8 | 6y ago | Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default con… | |||
| CVE-2020-37245 | high | 7.5 | 7.5 | 13d ago | Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequ… | |||
| CVE-2020-37220 | high | 7.5 | 7.5 | 16d ago | Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can quer… | |||
| CVE-2020-37219 | high | 7.5 | 7.5 | 16d ago | Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET reques… | |||
| CVE-2020-37130 | high | 7.5 | 7.5 | 4mo ago | Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 byte… | |||
| CVE-2020-37015 | high | 7.5 | 7.5 | 4mo ago | The Ruijie Networks Switch eWeb S29_RGOS version 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file p… | |||
| CVE-2020-37011 | high | 7.5 | 7.5 | 4mo ago | Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially cr… | |||
| CVE-2020-25720 | high | 7.5 | 7.5 | 2y ago | A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-se… | |||
| CVE-2020-16927 | high | 7.5 | 7.5 | 6y ago | <p>A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfull… | |||
| CVE-2020-7488 | high | 7.5 | 7.5 | 6y ago | A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 cont… | |||
| CVE-2020-7477 | high | 7.5 | 7.5 | 6y ago | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethern… | |||
| CVE-2020-7565 | high | 7.3 | 7.3 | 6y ago | A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured … | |||
| CVE-2020-37222 | high | 7.2 | 7.2 | 16d ago | Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoi… | |||
| CVE-2020-37226 | high | 7.1 | 7.1 | 16d ago | Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Att… | |||
| CVE-2020-37224 | high | 7.1 | 7.1 | 16d ago | Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Att… | |||
| CVE-2020-36193 | medium | — | 7.0 | 5y ago | PEAR Archive_Tar Tar.php allows write operations with directory traversal due to inadequate checking of symbolic links. PEAR stands for PHP Extension and Application Repository and it is an open-sour… | |||
| CVE-2020-17103 | high | 7.0 | 7.0 | 6y ago | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||
| CVE-2020-28209 | high | 7.0 | 7.0 | 6y ago | A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any… | |||
| CVE-2020-11023 | medium | — | 7.0 | 6y ago | Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update | |||
| CVE-2020-28220 | medium | 6.8 | 6.8 | 6y ago | A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion softw… | |||
| CVE-2020-9850 | medium | — | 6.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-37240 | medium | 6.4 | 6.4 | 13d ago | Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can ins… | |||
| CVE-2020-37238 | medium | 6.4 | 6.4 | 13d ago | CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file uploads. Attackers… | |||
| CVE-2020-37237 | medium | 6.4 | 6.4 | 13d ago | Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers wi… | |||
| CVE-2020-37236 | medium | 6.4 | 6.4 | 13d ago | NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news additio… | |||
| CVE-2020-37235 | medium | 6.4 | 6.4 | 13d ago | WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parame… | |||
| CVE-2020-37233 | medium | 6.4 | 6.4 | 13d ago | WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the fi… | |||
| CVE-2020-37225 | medium | 6.4 | 6.4 | 16d ago | Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by exploiting unsanitized input fields in… | |||
| CVE-2020-37246 | medium | 6.2 | 6.2 | 13d ago | Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers ca… | |||
| CVE-2020-37234 | medium | 6.2 | 6.2 | 13d ago | Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. Attackers can … | |||
| CVE-2020-28210 | medium | 6.1 | 6.1 | 6y ago | A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker … | |||
| CVE-2020-6829 | medium | — | 5.5 | — | When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-m… | |||
| CVE-2020-26142 | medium | — | 5.5 | — | insufficient validation in linux | |||
| CVE-2020-10932 | medium | — | 5.5 | — | An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) rec… | |||
| CVE-2020-12108 | medium | — | 5.5 | — | Moderate: mailman:2.1 security update |