CVEs from 2020
Total
4,157
critical
critical 193
high
high 471
medium
medium 674
low
low 57
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-14386 | high | — | 8.0 | — | A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data conf… | |||
| CVE-2020-10957 | high | — | 8.0 | — | In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. | |||
| CVE-2020-12352 | high | — | 8.0 | — | Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | |||
| CVE-2020-12351 | high | — | 8.0 | — | Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||
| CVE-2020-0543 | high | — | 8.0 | — | Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||
| CVE-2020-6441 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-12406 | high | — | 8.0 | — | Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary cod… | |||
| CVE-2020-15656 | high | — | 8.0 | — | JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only … | |||
| CVE-2020-15678 | high | — | 8.0 | — | When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClipped… | |||
| CVE-2020-1971 | high | — | 8.0 | — | The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares d… | |||
| CVE-2020-4031 | high | — | 8.0 | — | In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2. | |||
| CVE-2020-12408 | high | — | 8.0 | — | When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77. | |||
| CVE-2020-15889 | high | — | 8.0 | — | Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. | |||
| CVE-2020-13398 | high | — | 8.0 | — | An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. | |||
| CVE-2020-16021 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-16020 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-16018 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-16012 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-16016 | high | — | 8.0 | — | arbitrary code execution in chromium | |||
| CVE-2020-15966 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-15963 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-15964 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6574 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-15961 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6490 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6483 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6481 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6468 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6573 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6496 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6493 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6509 | high | — | 8.0 | — | arbitrary code execution in chromium | |||
| CVE-2020-6491 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6489 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6488 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6487 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6486 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6484 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6485 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6475 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6480 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6471 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6469 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6476 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6444 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6440 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6437 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6470 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6462 | high | — | 8.0 | — | arbitrary code execution in chromium | |||
| CVE-2020-6448 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6465 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6831 | high | — | 8.0 | — | arbitrary code execution in chromium | |||
| CVE-2020-6461 | high | — | 8.0 | — | arbitrary code execution in chromium | |||
| CVE-2020-6447 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6445 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6464 | high | — | 8.0 | — | arbitrary code execution in chromium | |||
| CVE-2020-6459 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6446 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6460 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-28008 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input s… | |||
| CVE-2020-16150 | high | — | 8.0 | — | A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode … | |||
| CVE-2020-28019 | high | — | 8.0 | — | Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a clien… | |||
| CVE-2020-6423 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-6420 | high | — | 8.0 | — | access restriction bypass in chromium | |||
| CVE-2020-15655 | high | — | 8.0 | — | A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affe… | |||
| CVE-2020-25829 | high | — | 8.0 | — | An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSS… | |||
| CVE-2020-16023 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2020-15676 | high | — | 8.0 | — | Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditabl… | |||
| CVE-2020-1716 | high | — | 8.0 | — | Important: Rocky Enterprise Software Foundation Ceph Storage 4.1 security, bug fix, and enhancement update | |||
| CVE-2020-35111 | high | — | 8.0 | — | When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a us… | |||
| CVE-2020-28926 | high | — | 8.0 | — | ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug re… | |||
| CVE-2020-26970 | high | — | 8.0 | — | When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, … | |||
| CVE-2020-26555 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2020-22219 | high | — | 8.0 | 3y ago | Important: flac security update | |||
| CVE-2020-28367 | high | — | 8.0 | 4y ago | Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. | |||
| CVE-2020-28366 | high | — | 8.0 | 4y ago | Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. | |||
| CVE-2020-28915 | high | — | 8.0 | 4y ago | A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. | |||
| CVE-2020-27838 | high | — | 8.0 | 4y ago | Keycloak discloses information without authentication | |||
| CVE-2020-7613 | high | — | 8.0 | 4y ago | Clamscan vulnerable to command injection | |||
| CVE-2020-0404 | high | — | 8.0 | 4y ago | In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional e… | |||
| CVE-2020-13974 | high | — | 8.0 | 4y ago | An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in th… | |||
| CVE-2020-27820 | high | — | 8.0 | 4y ago | A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-o… | |||
| CVE-2020-4788 | high | — | 8.0 | 4y ago | IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. | |||
| CVE-2020-10734 | high | — | 8.0 | 4y ago | OIDC Logout redirect in keycloak | |||
| CVE-2020-13692 | high | — | 8.0 | 4y ago | Improper Restriction of XML External Entity Reference | |||
| CVE-2020-1717 | high | — | 8.0 | 4y ago | Generation of Error Message Containing Sensitive Information in Keycloak | |||
| CVE-2020-1725 | high | — | 8.0 | 4y ago | Incorrect Authorization in keycloak | |||
| CVE-2020-1714 | high | — | 8.0 | 4y ago | Improper Input Validation in Keycloak | |||
| CVE-2020-14359 | high | — | 8.0 | 4y ago | Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers | |||
| CVE-2020-13935 | high | — | 8.0 | 4y ago | Infinite Loop in Apache Tomcat | |||
| CVE-2020-13934 | high | — | 8.0 | 4y ago | Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat | |||
| CVE-2020-8927 | high | — | 8.0 | 5y ago | Important: .NET 5.0 security and bugfix update | |||
| CVE-2020-25717 | high | — | 8.0 | 5y ago | Important: samba security update | |||
| CVE-2020-36385 | high | — | 8.0 | 5y ago | An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_… | |||
| CVE-2020-14765 | high | — | 8.0 | 5y ago | Important: mariadb:10.3 security, bug fix, and enhancement update | |||
| CVE-2020-13675 | high | — | 8.0 | 5y ago | Unrestricted Upload of File with Dangerous Type in Drupal core | |||
| CVE-2020-13673 | high | — | 8.0 | 5y ago | The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it i… | |||
| CVE-2020-13677 | high | — | 8.0 | 5y ago | Drupal core access bypass vulnerability | |||
| CVE-2020-13676 | high | — | 8.0 | 5y ago | Incorrect Authorization in Drupal core | |||
| CVE-2020-13674 | high | — | 8.0 | 5y ago | Cross-Site Request Forgery in Drupal core |