CVEs from 2020
Total
4,010
critical
critical 194
high
high 479
medium
medium 679
low
low 57
% Critical
4.8%
% with KEV
3.6%
% with exploit
4.0%
Top vendors
- oracle 339
- schneider-electric 136
- netapp 12
- fasterxml 8
- denx 2
- nsasoft 1
- rubyonrails 1
- google 1
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-24331 | medium | — | 5.5 | 5y ago | Moderate: trousers security, bug fix, and enhancement update | |||
| CVE-2020-29363 | medium | — | 5.5 | 5y ago | Moderate: p11-kit security, bug fix, and enhancement update | |||
| CVE-2020-29362 | medium | — | 5.5 | 5y ago | Moderate: p11-kit security, bug fix, and enhancement update | |||
| CVE-2020-29361 | medium | — | 5.5 | 5y ago | Moderate: p11-kit security, bug fix, and enhancement update | |||
| CVE-2020-26571 | medium | — | 5.5 | 5y ago | Moderate: opensc security, bug fix, and enhancement update | |||
| CVE-2020-26572 | medium | — | 5.5 | 5y ago | Moderate: opensc security, bug fix, and enhancement update | |||
| CVE-2020-26570 | medium | — | 5.5 | 5y ago | Moderate: opensc security, bug fix, and enhancement update | |||
| CVE-2020-27153 | medium | — | 5.5 | 5y ago | Moderate: bluez security update | |||
| CVE-2020-16125 | medium | — | 5.5 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9951 | medium | — | 5.5 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-13543 | medium | — | 5.5 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-13584 | medium | — | 5.5 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9948 | medium | — | 5.5 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9983 | medium | — | 5.5 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-27618 | medium | — | 5.5 | 5y ago | Moderate: glibc security, bug fix, and enhancement update | |||
| CVE-2020-7754 | medium | — | 5.5 | 5y ago | Moderate: nodejs:12 security update | |||
| CVE-2020-1747 | medium | — | 5.5 | 5y ago | Moderate: python38:3.8 security, bug fix, and enhancement update | |||
| CVE-2020-35678 | medium | — | 5.5 | 5y ago | Autobahn|Python before 20.12.3 allows redirect header injection. | |||
| CVE-2020-28473 | medium | — | 5.5 | 5y ago | The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), … | |||
| CVE-2020-28463 | medium | — | 5.5 | 5y ago | All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Step… | |||
| CVE-2020-7774 | medium | — | 5.5 | 5y ago | Moderate: nodejs:10 security update | |||
| CVE-2020-14343 | medium | — | 5.5 | 5y ago | Moderate: python38:3.8 and python38-devel:3.8 security update | |||
| CVE-2020-28493 | medium | — | 5.5 | 5y ago | Moderate: python-jinja2 security update | |||
| CVE-2020-24583 | medium | — | 5.5 | 5y ago | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level d… | |||
| CVE-2020-24584 | medium | — | 5.5 | 5y ago | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's st… | |||
| CVE-2020-35653 | medium | — | 5.5 | 5y ago | Moderate: python-pillow security update | |||
| CVE-2020-35655 | medium | — | 5.5 | 5y ago | Moderate: python-pillow security update | |||
| CVE-2020-35654 | medium | — | 5.5 | 5y ago | In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. | |||
| CVE-2020-13949 | medium | — | 5.5 | 5y ago | Uncontrolled Resource Consumption in Apache Thrift | |||
| CVE-2020-8265 | medium | — | 5.5 | 5y ago | Moderate: nodejs:10 security update | |||
| CVE-2020-8287 | medium | — | 5.5 | 5y ago | Moderate: nodejs:10 security update | |||
| CVE-2020-36242 | medium | — | 5.5 | 5y ago | In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrate… | |||
| CVE-2020-11979 | medium | — | 5.5 | 5y ago | Code injection in Apache Ant | |||
| CVE-2020-26272 | medium | — | 5.5 | 5y ago | IPC messages delivered to the wrong frame in Electron | |||
| CVE-2020-27783 | medium | — | 5.5 | 6y ago | Moderate: python27:2.7 security and bug fix update | |||
| CVE-2020-26297 | medium | — | 5.5 | 6y ago | XSS in mdBook's search page | |||
| CVE-2020-26275 | medium | — | 5.5 | 6y ago | The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version … | |||
| CVE-2020-13249 | medium | — | 5.5 | 6y ago | Moderate: mariadb-connector-c security, bug fix, and enhancement update | |||
| CVE-2020-8277 | medium | — | 5.5 | 6y ago | Moderate: nodejs:14 security and bug fix update | |||
| CVE-2020-25654 | medium | — | 5.5 | 6y ago | Moderate: pacemaker security update | |||
| CVE-2020-28214 | medium | 5.5 | 5.5 | 6y ago | A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictiona… | |||
| CVE-2020-26257 | medium | — | 5.5 | 6y ago | Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed e… | |||
| CVE-2020-28948 | medium | — | 5.5 | 6y ago | Moderate: php:7.4 security update | |||
| CVE-2020-15266 | medium | — | 5.5 | 6y ago | In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Atte… | |||
| CVE-2020-15265 | medium | — | 5.5 | 6y ago | In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tens… | |||
| CVE-2020-25690 | medium | — | 5.5 | 6y ago | Moderate: fontforge security update | |||
| CVE-2020-10958 | medium | — | 5.5 | 6y ago | Moderate: dovecot security update | |||
| CVE-2020-10967 | medium | — | 5.5 | 6y ago | Moderate: dovecot security update | |||
| CVE-2020-1927 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |||
| CVE-2020-1934 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |||
| CVE-2020-8450 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |||
| CVE-2020-14058 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |||
| CVE-2020-24606 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |||
| CVE-2020-8449 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |||
| CVE-2020-15049 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |||
| CVE-2020-0569 | medium | — | 5.5 | 6y ago | Moderate: qt5-qtbase and qt5-qtwebsockets security and bug fix update | |||
| CVE-2020-0570 | medium | — | 5.5 | 6y ago | Moderate: qt5-qtbase and qt5-qtwebsockets security and bug fix update | |||
| CVE-2020-13962 | medium | — | 5.5 | 6y ago | Moderate: qt5-qtbase and qt5-qtwebsockets security and bug fix update | |||
| CVE-2020-12052 | medium | — | 5.5 | 6y ago | Moderate: grafana security, bug fix, and enhancement update | |||
| CVE-2020-10703 | medium | — | 5.5 | 6y ago | A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more de… | |||
| CVE-2020-14339 | medium | — | 5.5 | 6y ago | A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapp… | |||
| CVE-2020-14301 | medium | — | 5.5 | 6y ago | An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows… | |||
| CVE-2020-1722 | medium | — | 5.5 | 6y ago | Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update | |||
| CVE-2020-11019 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-11525 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-11040 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-11087 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-11049 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-11085 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-11045 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-11043 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-11047 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-11046 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-11039 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-13396 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-11526 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-11041 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-13397 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-11048 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-11522 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-11044 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-11042 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-11058 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-11038 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-11086 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-11018 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-11088 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-11089 | medium | — | 5.5 | 6y ago | Moderate: freerdp and vinagre security, bug fix, and enhancement update | |||
| CVE-2020-14422 | medium | — | 5.5 | 6y ago | Moderate: python38:3.8 security, bug fix, and enhancement update | |||
| CVE-2020-8492 | medium | — | 5.5 | 6y ago | Moderate: python38:3.8 security, bug fix, and enhancement update | |||
| CVE-2020-12831 | medium | — | 5.5 | 6y ago | Moderate: frr security and bug fix update | |||
| CVE-2020-9894 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3895 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9807 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3867 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9893 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9862 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9915 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-10018 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3899 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update |