CVEs from 2020
Total
4,160
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-6437 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6470 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6462 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6448 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6465 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6831 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6461 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6447 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6445 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6464 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6459 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6446 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6460 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-35176 | high | — | 8.0 | — | In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf fo… | |
| CVE-2020-35733 | high | — | 8.0 | — | certificate verification bypass in erlang | |
| CVE-2020-28010 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms). | |
| CVE-2020-28011 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root. | |
| CVE-2020-16150 | high | — | 8.0 | — | A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode … | |
| CVE-2020-28008 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input s… | |
| CVE-2020-6423 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15675 | high | — | 8.0 | — | When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81. | |
| CVE-2020-26970 | high | — | 8.0 | — | When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, … | |
| CVE-2020-25829 | high | — | 8.0 | — | An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSS… | |
| CVE-2020-28016 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase. | |
| CVE-2020-14302 | high | — | 8.0 | — | multiple issues in keycloak | |
| CVE-2020-26164 | high | — | 8.0 | — | In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a De… | |
| CVE-2020-6579 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-12407 | high | — | 8.0 | — | Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the u… | |
| CVE-2020-6443 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15888 | high | — | 8.0 | — | Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free. | |
| CVE-2020-26971 | high | — | 8.0 | — | Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefo… | |
| CVE-2020-26976 | high | — | 8.0 | — | When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe … | |
| CVE-2020-11008 | high | — | 8.0 | — | Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q… | |
| CVE-2020-25685 | high | — | 8.0 | — | A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only u… | |
| CVE-2020-12663 | high | — | 8.0 | — | Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. | |
| CVE-2020-6426 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6473 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6494 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6505 | high | — | 8.0 | — | Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |
| CVE-2020-16034 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6472 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6474 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15652 | high | — | 8.0 | — | By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulne… | |
| CVE-2020-23171 | high | — | 8.0 | — | multiple issues in nim | |
| CVE-2020-15655 | high | — | 8.0 | — | A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affe… | |
| CVE-2020-0548 | high | — | 8.0 | — | Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2020-25681 | high | — | 8.0 | — | A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge… | |
| CVE-2020-24489 | high | — | 8.0 | — | Important: microcode_ctl security, bug fix and enhancement update | |
| CVE-2020-24513 | high | — | 8.0 | — | Important: microcode_ctl security, bug fix and enhancement update | |
| CVE-2020-12405 | high | — | 8.0 | — | When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and… | |
| CVE-2020-13113 | high | — | 8.0 | — | An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. | |
| CVE-2020-13904 | high | — | 8.0 | — | FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_inp… | |
| CVE-2020-25682 | high | — | 8.0 | — | A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the n… | |
| CVE-2020-8177 | high | — | 8.0 | — | curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | |
| CVE-2020-8695 | high | — | 8.0 | — | Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | |
| CVE-2020-8698 | high | — | 8.0 | — | Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2020-8617 | high | — | 8.0 | — | Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the se… | |
| CVE-2020-13777 | high | — | 8.0 | — | GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version i… | |
| CVE-2020-5208 | high | — | 8.0 | — | It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote co… | |
| CVE-2020-10957 | high | — | 8.0 | — | In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. | |
| CVE-2020-4031 | high | — | 8.0 | — | In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2. | |
| CVE-2020-15960 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6575 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6482 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6477 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28023 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client. | |
| CVE-2020-3123 | high | — | 8.0 | — | A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service … | |
| CVE-2020-28025 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might le… | |
| CVE-2020-28014 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten. | |
| CVE-2020-28017 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of res… | |
| CVE-2020-6507 | high | — | 8.0 | — | Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-15676 | high | — | 8.0 | — | Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditabl… | |
| CVE-2020-26555 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |
| CVE-2020-22219 | high | — | 8.0 | 3y ago | Important: flac security update | |
| CVE-2020-28367 | high | — | 8.0 | 4y ago | Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. | |
| CVE-2020-28366 | high | — | 8.0 | 4y ago | Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. | |
| CVE-2020-28915 | high | — | 8.0 | 4y ago | A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. | |
| CVE-2020-27838 | high | — | 8.0 | 4y ago | Keycloak discloses information without authentication | |
| CVE-2020-7613 | high | — | 8.0 | 4y ago | Clamscan vulnerable to command injection | |
| CVE-2020-0404 | high | — | 8.0 | 4y ago | In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional e… | |
| CVE-2020-13974 | high | — | 8.0 | 4y ago | An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in th… | |
| CVE-2020-4788 | high | — | 8.0 | 4y ago | IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. | |
| CVE-2020-27820 | high | — | 8.0 | 4y ago | A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-o… | |
| CVE-2020-10734 | high | — | 8.0 | 4y ago | OIDC Logout redirect in keycloak | |
| CVE-2020-13692 | high | — | 8.0 | 4y ago | Improper Restriction of XML External Entity Reference | |
| CVE-2020-1717 | high | — | 8.0 | 4y ago | Generation of Error Message Containing Sensitive Information in Keycloak | |
| CVE-2020-1725 | high | — | 8.0 | 4y ago | Incorrect Authorization in keycloak | |
| CVE-2020-1714 | high | — | 8.0 | 4y ago | Improper Input Validation in Keycloak | |
| CVE-2020-14359 | high | — | 8.0 | 4y ago | Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers | |
| CVE-2020-13935 | high | — | 8.0 | 4y ago | Infinite Loop in Apache Tomcat | |
| CVE-2020-13934 | high | — | 8.0 | 4y ago | Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat | |
| CVE-2020-8927 | high | — | 8.0 | 5y ago | Important: .NET 5.0 security and bugfix update | |
| CVE-2020-25717 | high | — | 8.0 | 5y ago | Important: samba security update | |
| CVE-2020-36385 | high | — | 8.0 | 5y ago | An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_… | |
| CVE-2020-14765 | high | — | 8.0 | 5y ago | Important: mariadb:10.3 security, bug fix, and enhancement update | |
| CVE-2020-13675 | high | — | 8.0 | 5y ago | Unrestricted Upload of File with Dangerous Type in Drupal core | |
| CVE-2020-13673 | high | — | 8.0 | 5y ago | The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it i… | |
| CVE-2020-13677 | high | — | 8.0 | 5y ago | Drupal core access bypass vulnerability | |
| CVE-2020-13676 | high | — | 8.0 | 5y ago | Incorrect Authorization in Drupal core | |
| CVE-2020-13674 | high | — | 8.0 | 5y ago | Cross-Site Request Forgery in Drupal core |