CVEs from 2020
Total
4,160
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-14634 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-14619 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-14553 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-14539 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-14614 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-14651 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-2760 | high | — | 8.0 | 6y ago | Important: mariadb:10.3 security, bug fix, and enhancement update | |
| CVE-2020-2763 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-2580 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-14597 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-14633 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-2660 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-2574 | high | — | 8.0 | 6y ago | Important: mariadb:10.3 security, bug fix, and enhancement update | |
| CVE-2020-2780 | high | — | 8.0 | 6y ago | Important: mariadb:10.3 security, bug fix, and enhancement update | |
| CVE-2020-2903 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-14680 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-2893 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-2774 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-2765 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-2901 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-2804 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-14641 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-2570 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-2759 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-2762 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-2686 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-2588 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-2589 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-2577 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-2752 | high | — | 8.0 | 6y ago | Important: mariadb:10.3 security, bug fix, and enhancement update | |
| CVE-2020-14697 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-2814 | high | — | 8.0 | 6y ago | Important: mariadb:10.3 security, bug fix, and enhancement update | |
| CVE-2020-14643 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-14632 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-14623 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-14550 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-14624 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2020-11538 | high | — | 8.0 | 6y ago | In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. | |
| CVE-2020-8172 | high | — | 8.0 | 6y ago | Important: nodejs:12 security update | |
| CVE-2020-8174 | high | — | 8.0 | 6y ago | Important: nodejs:12 security update | |
| CVE-2020-11080 | high | — | 8.0 | 6y ago | Important: nodejs:12 security update | |
| CVE-2020-9402 | high | — | 8.0 | 6y ago | Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a sui… | |
| CVE-2020-9484 | high | — | 8.0 | 6y ago | Potential remote code execution in Apache Tomcat | |
| CVE-2020-11945 | high | — | 8.0 | 6y ago | Important: squid:4 security update | |
| CVE-2020-1967 | high | — | 8.0 | 6y ago | Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signat… | |
| CVE-2020-7039 | high | — | 8.0 | 6y ago | Important: container-tools:rhel8 security, bug fix, and enhancement update | |
| CVE-2020-1711 | high | — | 8.0 | 6y ago | Important: virt:rhel security and bug fix update | |
| CVE-2020-8608 | high | — | 8.0 | 6y ago | Important: virt:rhel security update | |
| CVE-2020-7598 | high | — | 8.0 | 6y ago | Important: nodejs:12 security update | |
| CVE-2020-5313 | high | — | 8.0 | 6y ago | libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. | |
| CVE-2020-10531 | high | — | 8.0 | 6y ago | Important: nodejs:10 security update | |
| CVE-2020-8597 | high | — | 8.0 | 6y ago | Important: ppp security update | |
| CVE-2020-37247 | high | 7.8 | 7.8 | 12d ago | Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers … | |
| CVE-2020-37232 | high | 7.8 | 7.8 | 12d ago | Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Atta… | |
| CVE-2020-37231 | high | 7.8 | 7.8 | 12d ago | Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Atta… | |
| CVE-2020-37230 | high | 7.8 | 7.8 | 12d ago | Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path… | |
| CVE-2020-37229 | high | 7.8 | 7.8 | 12d ago | OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unqu… | |
| CVE-2020-37223 | high | 7.8 | 7.8 | 15d ago | IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a maliciou… | |
| CVE-2020-10648 | high | 7.8 | 7.8 | 6y ago | Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default con… | |
| CVE-2020-37245 | high | 7.5 | 7.5 | 12d ago | Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequ… | |
| CVE-2020-37220 | high | 7.5 | 7.5 | 15d ago | Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can quer… | |
| CVE-2020-37219 | high | 7.5 | 7.5 | 15d ago | Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET reques… | |
| CVE-2020-37130 | high | 7.5 | 7.5 | 4mo ago | Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 byte… | |
| CVE-2020-37015 | high | 7.5 | 7.5 | 4mo ago | The Ruijie Networks Switch eWeb S29_RGOS version 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file p… | |
| CVE-2020-37011 | high | 7.5 | 7.5 | 4mo ago | Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially cr… | |
| CVE-2020-25720 | high | 7.5 | 7.5 | 2y ago | A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-se… | |
| CVE-2020-37222 | high | 7.2 | 7.2 | 15d ago | Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoi… | |
| CVE-2020-37226 | high | 7.1 | 7.1 | 15d ago | Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Att… | |
| CVE-2020-37224 | high | 7.1 | 7.1 | 15d ago | Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Att… | |
| CVE-2020-17103 | high | 7.0 | 7.0 | 6y ago | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |
| CVE-2020-24822 | low | — | 2.5 | — | A vulnerability in the dwarf::cursor::uleb function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |
| CVE-2020-12823 | low | — | 2.5 | — | OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. | |
| CVE-2020-36317 | low | — | 2.5 | — | In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could res… | |
| CVE-2020-28030 | low | — | 2.5 | — | In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. | |
| CVE-2020-9359 | low | — | 2.5 | — | KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. | |
| CVE-2020-25639 | low | — | 2.5 | — | A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This fl… | |
| CVE-2020-22024 | low | — | 2.5 | — | Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service. | |
| CVE-2020-35450 | low | — | 2.5 | — | Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls. | |
| CVE-2020-29562 | low | — | 2.5 | — | The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, … | |
| CVE-2020-13950 | low | — | 2.5 | — | Low: httpd:2.4 security update | |
| CVE-2020-22028 | low | — | 2.5 | — | Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service. | |
| CVE-2020-12049 | low | — | 2.5 | — | An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A loca… | |
| CVE-2020-16121 | low | — | 2.5 | — | PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own. | |
| CVE-2020-18974 | low | — | 2.5 | — | Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147. | |
| CVE-2020-24821 | low | — | 2.5 | — | A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |
| CVE-2020-24823 | low | — | 2.5 | — | A vulnerability in the dwarf::to_string function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |
| CVE-2020-14196 | low | — | 2.5 | — | In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced. | |
| CVE-2020-25691 | low | — | 2.5 | — | denial of service in darkhttpd | |
| CVE-2020-24827 | low | — | 2.5 | — | A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |
| CVE-2020-20448 | low | — | 2.5 | — | FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service. | |
| CVE-2020-24825 | low | — | 2.5 | — | A vulnerability in the line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |
| CVE-2020-15466 | low | — | 2.5 | — | In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations. | |
| CVE-2020-27837 | low | — | 2.5 | — | A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessin… | |
| CVE-2020-3898 | low | — | 2.5 | — | Low: cups security and bug fix update | |
| CVE-2020-18773 | low | — | 2.5 | — | An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. | |
| CVE-2020-24826 | low | — | 2.5 | — | A vulnerability in the elf::section::as_strtab function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |
| CVE-2020-27673 | low | — | 2.5 | — | An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e995… | |
| CVE-2020-36318 | low | — | 2.5 | — | In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or doub… | |
| CVE-2020-27675 | low | — | 2.5 | — | An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condit… | |
| CVE-2020-11867 | low | — | 2.5 | — | Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and… |