CVEs from 2020
Total
4,634
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.2%
% with KEV
3.2%
% with exploit
3.2%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-26972 | high | — | 8.0 | — | The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check w… | |
| CVE-2020-26978 | high | — | 8.0 | — | Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerabi… | |
| CVE-2020-28026 | high | — | 8.0 | — | Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline … | |
| CVE-2020-28019 | high | — | 8.0 | — | Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a clien… | |
| CVE-2020-16023 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28926 | high | — | 8.0 | — | ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug re… | |
| CVE-2020-12663 | high | — | 8.0 | — | Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. | |
| CVE-2020-5260 | high | — | 8.0 | — | Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store … | |
| CVE-2020-13114 | high | — | 8.0 | — | An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. | |
| CVE-2020-12767 | high | — | 8.0 | — | exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. | |
| CVE-2020-0548 | high | — | 8.0 | — | Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2020-12409 | high | — | 8.0 | — | When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox < 77. | |
| CVE-2020-15675 | high | — | 8.0 | — | When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81. | |
| CVE-2020-12398 | high | — | 8.0 | — | If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent … | |
| CVE-2020-14303 | high | — | 8.0 | — | A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. | |
| CVE-2020-14387 | high | — | 8.0 | — | A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing… | |
| CVE-2020-15166 | high | — | 8.0 | — | In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and con… | |
| CVE-2020-25683 | high | — | 8.0 | — | A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who… | |
| CVE-2020-24489 | high | — | 8.0 | — | Important: microcode_ctl security, bug fix and enhancement update | |
| CVE-2020-24513 | high | — | 8.0 | — | Important: microcode_ctl security, bug fix and enhancement update | |
| CVE-2020-1716 | high | — | 8.0 | — | Important: Rocky Enterprise Software Foundation Ceph Storage 4.1 security, bug fix, and enhancement update | |
| CVE-2020-6463 | high | — | 8.0 | — | Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-15811 | high | — | 8.0 | — | An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poi… | |
| CVE-2020-36328 | high | — | 8.0 | — | A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vuln… | |
| CVE-2020-13777 | high | — | 8.0 | — | GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version i… | |
| CVE-2020-28008 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input s… | |
| CVE-2020-6424 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6427 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6485 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-0543 | high | — | 8.0 | — | Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2020-6422 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-24490 | high | — | 8.0 | — | Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ. | |
| CVE-2020-6429 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6450 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6407 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6428 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6452 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6430 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6431 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6432 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6433 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-25684 | high | — | 8.0 | — | A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pendin… | |
| CVE-2020-6435 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6425 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6436 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6438 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6442 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6439 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6456 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6460 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6446 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6459 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-36329 | high | — | 8.0 | — | A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and inte… | |
| CVE-2020-6464 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-8835 | high | — | 8.0 | — | In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel … | |
| CVE-2020-6445 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6447 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6461 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6831 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6465 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6448 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6462 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6470 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6437 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6440 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6444 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6476 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6469 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6471 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6480 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-12406 | high | — | 8.0 | — | Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary cod… | |
| CVE-2020-6475 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-26555 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |
| CVE-2020-22219 | high | — | 8.0 | 3y ago | Important: flac security update | |
| CVE-2020-28367 | high | — | 8.0 | 4y ago | Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. | |
| CVE-2020-28366 | high | — | 8.0 | 4y ago | Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. | |
| CVE-2020-28915 | high | — | 8.0 | 4y ago | Important: kernel-rt security and bug fix update | |
| CVE-2020-27838 | high | — | 8.0 | 4y ago | Keycloak discloses information without authentication | |
| CVE-2020-7613 | high | — | 8.0 | 4y ago | Clamscan vulnerable to command injection | |
| CVE-2020-13974 | high | — | 8.0 | 4y ago | Important: kernel security, bug fix, and enhancement update | |
| CVE-2020-27820 | high | — | 8.0 | 4y ago | Important: kernel security, bug fix, and enhancement update | |
| CVE-2020-0404 | high | — | 8.0 | 4y ago | Important: kernel security, bug fix, and enhancement update | |
| CVE-2020-4788 | high | — | 8.0 | 4y ago | Important: kernel security, bug fix, and enhancement update | |
| CVE-2020-10734 | high | — | 8.0 | 4y ago | OIDC Logout redirect in keycloak | |
| CVE-2020-13692 | high | — | 8.0 | 4y ago | Improper Restriction of XML External Entity Reference | |
| CVE-2020-1717 | high | — | 8.0 | 4y ago | Generation of Error Message Containing Sensitive Information in Keycloak | |
| CVE-2020-1725 | high | — | 8.0 | 4y ago | Incorrect Authorization in keycloak | |
| CVE-2020-1714 | high | — | 8.0 | 4y ago | Improper Input Validation in Keycloak | |
| CVE-2020-14359 | high | — | 8.0 | 4y ago | Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers | |
| CVE-2020-13935 | high | — | 8.0 | 4y ago | The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could t… | |
| CVE-2020-13934 | high | — | 8.0 | 4y ago | Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat | |
| CVE-2020-8927 | high | — | 8.0 | 5y ago | Important: .NET 5.0 security and bugfix update | |
| CVE-2020-25717 | high | — | 8.0 | 5y ago | Important: samba security update | |
| CVE-2020-36385 | high | — | 8.0 | 5y ago | Important: kernel security, bug fix, and enhancement update | |
| CVE-2020-14765 | high | — | 8.0 | 5y ago | Important: mariadb:10.3 security, bug fix, and enhancement update | |
| CVE-2020-13675 | high | — | 8.0 | 5y ago | Unrestricted Upload of File with Dangerous Type in Drupal core | |
| CVE-2020-13673 | high | — | 8.0 | 5y ago | The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it i… | |
| CVE-2020-13677 | high | — | 8.0 | 5y ago | Drupal core access bypass vulnerability | |
| CVE-2020-13676 | high | — | 8.0 | 5y ago | Incorrect Authorization in Drupal core | |
| CVE-2020-13674 | high | — | 8.0 | 5y ago | Cross-Site Request Forgery in Drupal core |