CVEs from 2020
Total
4,160
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-12460 | medium | — | 5.5 | — | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a spe… | |
| CVE-2020-28631 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |
| CVE-2020-35632 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |
| CVE-2020-29511 | medium | — | 5.5 | — | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that be… | |
| CVE-2020-28049 | medium | — | 5.5 | — | An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server with… | |
| CVE-2020-8618 | medium | — | 5.5 | — | An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clie… | |
| CVE-2020-28610 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |
| CVE-2020-7957 | medium | — | 5.5 | — | The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a den… | |
| CVE-2020-8112 | medium | — | 5.5 | — | opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. | |
| CVE-2020-35636 | medium | — | 5.5 | — | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially cra… | |
| CVE-2020-28616 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |
| CVE-2020-28612 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |
| CVE-2020-0198 | medium | — | 5.5 | — | In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. … | |
| CVE-2020-8284 | medium | — | 5.5 | — | Moderate: curl security and bug fix update | |
| CVE-2020-28611 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |
| CVE-2020-28607 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |
| CVE-2020-28603 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |
| CVE-2020-26412 | medium | — | 5.5 | — | information disclosure in gitlab | |
| CVE-2020-25693 | medium | — | 5.5 | — | A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can l… | |
| CVE-2020-25718 | medium | — | 5.5 | — | A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. | |
| CVE-2020-22037 | medium | — | 5.5 | — | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c. | |
| CVE-2020-36222 | medium | — | 5.5 | — | A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. | |
| CVE-2020-6851 | medium | — | 5.5 | — | OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. | |
| CVE-2020-15078 | medium | — | 5.5 | — | OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentia… | |
| CVE-2020-11810 | medium | — | 5.5 | — | An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arri… | |
| CVE-2020-35498 | medium | — | 5.5 | — | A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow i… | |
| CVE-2020-15720 | medium | — | 5.5 | — | Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update | |
| CVE-2020-25715 | medium | — | 5.5 | — | Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update | |
| CVE-2020-21603 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file. | |
| CVE-2020-21599 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file. | |
| CVE-2020-28629 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |
| CVE-2020-28628 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |
| CVE-2020-22015 | medium | — | 5.5 | — | Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Deni… | |
| CVE-2020-27748 | medium | — | 5.5 | — | A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderb… | |
| CVE-2020-11736 | medium | — | 5.5 | — | Moderate: file-roller security update | |
| CVE-2020-36225 | medium | — | 5.5 | — | A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. | |
| CVE-2020-35512 | medium | — | 5.5 | — | A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharin… | |
| CVE-2020-18771 | medium | — | 5.5 | — | Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak. | |
| CVE-2020-37174 | medium | 5.5 | 5.5 | 15d ago | WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design … | |
| CVE-2020-37169 | medium | 5.5 | 5.5 | 15d ago | WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-u… | |
| CVE-2020-36855 | medium | 5.5 | 5.5 | 7mo ago | A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stac… | |
| CVE-2020-16156 | medium | — | 5.5 | 1y ago | Moderate: perl-CPAN security update | |
| CVE-2020-13790 | medium | — | 5.5 | 1y ago | Moderate: libjpeg-turbo security update | |
| CVE-2020-27792 | medium | — | 5.5 | 1y ago | Moderate: ghostscript security update | |
| CVE-2020-10135 | medium | — | 5.5 | 2y ago | RHSA-2024:9315: kernel security update (Moderate) | |
| CVE-2020-27827 | medium | — | 5.5 | 2y ago | Moderate: lldpd security update | |
| CVE-2020-36777 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: Fix memory leak in dvb_media_device_free() dvb_media_device_free() is leaking memory. Free `dvbdev->adapter->conn`… | |
| CVE-2020-18651 | medium | — | 5.5 | 2y ago | Moderate: exempi security update | |
| CVE-2020-36024 | medium | — | 5.5 | 2y ago | Moderate: poppler security update | |
| CVE-2020-18652 | medium | — | 5.5 | 2y ago | Moderate: exempi security update | |
| CVE-2020-15778 | medium | — | 5.5 | 2y ago | Moderate: openssh security update | |
| CVE-2020-25656 | medium | — | 5.5 | 2y ago | A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access … | |
| CVE-2020-18770 | medium | — | 5.5 | 2y ago | Moderate: zziplib security update | |
| CVE-2020-14370 | medium | — | 5.5 | 2y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |
| CVE-2020-28991 | medium | — | 5.5 | 2y ago | Improper Access Control in Gitea | |
| CVE-2020-28241 | medium | — | 5.5 | 2y ago | Moderate: libmaxminddb security update | |
| CVE-2020-35177 | medium | — | 5.5 | 2y ago | Enumeration of users in HashiCorp Vault in github.com/hashicorp/vault | |
| CVE-2020-28053 | medium | — | 5.5 | 2y ago | Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul | |
| CVE-2020-25201 | medium | — | 5.5 | 2y ago | Denial of service in HashiCorp Consul in github.com/hashicorp/consul | |
| CVE-2020-22217 | medium | — | 5.5 | 3y ago | Moderate: c-ares security update | |
| CVE-2020-12762 | medium | — | 5.5 | 3y ago | Moderate: libfastjson security update | |
| CVE-2020-24736 | medium | — | 5.5 | 3y ago | Moderate: sqlite security update | |
| CVE-2020-36518 | medium | — | 5.5 | 3y ago | Deeply nested json in jackson-databind | |
| CVE-2020-17049 | medium | — | 5.5 | 3y ago | Moderate: krb5 security, bug fix, and enhancement update | |
| CVE-2020-28852 | medium | — | 5.5 | 4y ago | Moderate: podman security and bug fix update | |
| CVE-2020-36516 | medium | — | 5.5 | 4y ago | An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP… | |
| CVE-2020-28851 | medium | — | 5.5 | 4y ago | Moderate: podman security and bug fix update | |
| CVE-2020-36558 | medium | — | 5.5 | 4y ago | A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. | |
| CVE-2020-0256 | medium | — | 5.5 | 4y ago | Moderate: gdisk security update | |
| CVE-2020-10735 | medium | — | 5.5 | 4y ago | Moderate: python3.9 security update | |
| CVE-2020-35525 | medium | — | 5.5 | 4y ago | Moderate: sqlite security update | |
| CVE-2020-35527 | medium | — | 5.5 | 4y ago | Moderate: sqlite security update | |
| CVE-2020-28469 | medium | — | 5.5 | 4y ago | Moderate: nodejs and nodejs-nodemon security and bug fix update | |
| CVE-2020-7788 | medium | — | 5.5 | 4y ago | Moderate: nodejs:10 security update | |
| CVE-2020-35509 | medium | — | 5.5 | 4y ago | Keycloak vulnerable to Improper Certificate Validation | |
| CVE-2020-29652 | medium | — | 5.5 | 4y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |
| CVE-2020-1695 | medium | — | 5.5 | 4y ago | Improper Input Validation in RESTEasy | |
| CVE-2020-25864 | medium | — | 5.5 | 4y ago | HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul | |
| CVE-2020-10770 | medium | — | 5.5 | 4y ago | Keycloak vulnerable to Server-Side Request Forgery | |
| CVE-2020-24303 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2020-11110 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2020-10749 | medium | — | 5.5 | 4y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |
| CVE-2020-13430 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2020-12458 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2020-12459 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2020-12245 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2020-1726 | medium | — | 5.5 | 4y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |
| CVE-2020-35492 | medium | — | 5.5 | 4y ago | Moderate: cairo and pixman security and bug fix update | |
| CVE-2020-35452 | medium | — | 5.5 | 4y ago | Moderate: httpd:2.4 security and bug fix update | |
| CVE-2020-19131 | medium | — | 5.5 | 4y ago | Moderate: libtiff security update | |
| CVE-2020-18898 | medium | — | 5.5 | 4y ago | Moderate: compat-exiv2-026 security update | |
| CVE-2020-27826 | medium | — | 5.5 | 4y ago | Authentication Bypass in keycloak | |
| CVE-2020-29509 | medium | — | 5.5 | 4y ago | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that … | |
| CVE-2020-15366 | medium | — | 5.5 | 4y ago | Moderate: nodejs:10 security update | |
| CVE-2020-11996 | medium | — | 5.5 | 4y ago | Uncontrolled Resource Consumption in Apache Tomcat | |
| CVE-2020-17527 | medium | — | 5.5 | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | |
| CVE-2020-14366 | medium | — | 5.5 | 4y ago | Path Traversal | |
| CVE-2020-11988 | medium | — | 5.5 | 4y ago | Server-side request forgery (SSRF) in Apache XmlGraphics Commons | |
| CVE-2020-24553 | medium | — | 5.5 | 4y ago | Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. | |
| CVE-2020-11987 | medium | — | 5.5 | 4y ago | Server-side request forgery (SSRF) in Apache Batik |