CVEs from 2020
Total
3,976
critical
critical 169
high
high 590
medium
medium 739
low
low 59
% Critical
4.3%
% with KEV
3.7%
% with exploit
4.0%
Top vendors
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-12108 | medium | — | 5.5 | 5y ago | RHSA-2021:1751: mailman:2.1 security update (Moderate) | |||
| CVE-2020-10878 | medium | — | 5.5 | 5y ago | RHSA-2021:1678: perl security and bug fix update (Moderate) | |||
| CVE-2020-15011 | medium | — | 5.5 | 5y ago | RHSA-2021:1751: mailman:2.1 security update (Moderate) | |||
| CVE-2020-28196 | medium | — | 5.5 | 5y ago | RHSA-2021:1593: krb5 security update (Moderate) | |||
| CVE-2020-8284 | medium | — | 5.5 | 5y ago | RHSA-2021:1610: curl security and bug fix update (Moderate) | |||
| CVE-2020-8285 | medium | — | 5.5 | 5y ago | RHSA-2021:1610: curl security and bug fix update (Moderate) | |||
| CVE-2020-8286 | medium | — | 5.5 | 5y ago | RHSA-2021:1610: curl security and bug fix update (Moderate) | |||
| CVE-2020-13776 | medium | — | 5.5 | 5y ago | RHSA-2021:1611: systemd security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-7754 | medium | — | 5.5 | 5y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-1747 | medium | — | 5.5 | 5y ago | RHSA-2021:2583: python38:3.8 and python38-devel:3.8 security update (Moderate) | |||
| CVE-2020-35678 | medium | — | 5.5 | 5y ago | Autobahn|Python before 20.12.3 allows redirect header injection. | |||
| CVE-2020-28473 | medium | — | 5.5 | 5y ago | The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), … | |||
| CVE-2020-35518 | medium | — | 5.5 | 5y ago | RHSA-2021:1086: 389-ds:1.4 security and bug fix update (Moderate) | |||
| CVE-2020-28463 | medium | — | 5.5 | 5y ago | All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Step… | |||
| CVE-2020-7774 | medium | — | 5.5 | 5y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-14343 | medium | — | 5.5 | 5y ago | RHSA-2021:2583: python38:3.8 and python38-devel:3.8 security update (Moderate) | |||
| CVE-2020-28493 | medium | — | 5.5 | 5y ago | RHSA-2021:4162: python38:3.8 and python38-devel:3.8 security update (Moderate) | |||
| CVE-2020-24583 | medium | — | 5.5 | 5y ago | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level d… | |||
| CVE-2020-24584 | medium | — | 5.5 | 5y ago | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's st… | |||
| CVE-2020-35653 | medium | — | 5.5 | 5y ago | RHSA-2021:4149: python-pillow security update (Moderate) | |||
| CVE-2020-35655 | medium | — | 5.5 | 5y ago | RHSA-2021:4149: python-pillow security update (Moderate) | |||
| CVE-2020-35654 | medium | — | 5.5 | 5y ago | In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. | |||
| CVE-2020-13949 | medium | — | 5.5 | 5y ago | Uncontrolled Resource Consumption in Apache Thrift | |||
| CVE-2020-8265 | medium | — | 5.5 | 5y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-8287 | medium | — | 5.5 | 5y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-12400 | medium | — | 5.5 | 5y ago | RHSA-2021:0538: nss security and bug fix update (Moderate) | |||
| CVE-2020-12401 | medium | — | 5.5 | 5y ago | RHSA-2021:0538: nss security and bug fix update (Moderate) | |||
| CVE-2020-12403 | medium | — | 5.5 | 5y ago | RHSA-2021:0538: nss security and bug fix update (Moderate) | |||
| CVE-2020-12723 | medium | — | 5.5 | 5y ago | RHSA-2021:0557: perl security update (Moderate) | |||
| CVE-2020-6829 | medium | — | 5.5 | 5y ago | RHSA-2021:0538: nss security and bug fix update (Moderate) | |||
| CVE-2020-36242 | medium | — | 5.5 | 5y ago | RHSA-2021:1608: python-cryptography security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11979 | medium | — | 5.5 | 5y ago | Code injection in Apache Ant | |||
| CVE-2020-26272 | medium | — | 5.5 | 5y ago | IPC messages delivered to the wrong frame in Electron | |||
| CVE-2020-27783 | medium | — | 5.5 | 6y ago | RHSA-2021:1898: python-lxml security update (Moderate) | |||
| CVE-2020-26297 | medium | — | 5.5 | 6y ago | XSS in mdBook's search page | |||
| CVE-2020-26275 | medium | — | 5.5 | 6y ago | The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version … | |||
| CVE-2020-13249 | medium | — | 5.5 | 6y ago | RHSA-2020:5503: mariadb-connector-c security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14789 | medium | — | 5.5 | 6y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14812 | medium | — | 5.5 | 6y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14776 | medium | — | 5.5 | 6y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8277 | medium | — | 5.5 | 6y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-25654 | medium | — | 5.5 | 6y ago | RHSA-2020:5487: pacemaker security update (Moderate) | |||
| CVE-2020-16166 | medium | — | 5.5 | 6y ago | RHSA-2020:5506: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2020-24659 | medium | — | 5.5 | 6y ago | RHSA-2020:5483: gnutls security and bug fix update (Moderate) | |||
| CVE-2020-28214 | medium | 5.5 | 5.5 | 6y ago | A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictiona… | |||
| CVE-2020-26257 | medium | — | 5.5 | 6y ago | Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed e… | |||
| CVE-2020-28948 | medium | — | 5.5 | 6y ago | RHSA-2022:6542: php:7.4 security update (Moderate) | |||
| CVE-2020-28941 | medium | 5.5 | 5.5 | 6y ago | An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack… | |||
| CVE-2020-15266 | medium | — | 5.5 | 6y ago | In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Atte… | |||
| CVE-2020-15265 | medium | — | 5.5 | 6y ago | In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tens… | |||
| CVE-2020-11653 | medium | — | 5.5 | 6y ago | RHSA-2020:4756: varnish:6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-10730 | medium | — | 5.5 | 6y ago | RHSA-2020:4568: libldb security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-6405 | medium | — | 5.5 | 6y ago | RHSA-2020:4442: sqlite security update (Moderate) | |||
| CVE-2020-8624 | medium | — | 5.5 | 6y ago | RHSA-2020:4500: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8632 | medium | — | 5.5 | 6y ago | RHSA-2020:4650: cloud-init security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8631 | medium | — | 5.5 | 6y ago | RHSA-2020:4650: cloud-init security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-12137 | medium | — | 5.5 | 6y ago | RHSA-2020:4667: mailman:2.1 security and bug fix update (Moderate) | |||
| CVE-2020-0198 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-12767 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-15720 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1721 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0182 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8177 | medium | — | 5.5 | 6y ago | RHSA-2020:4599: curl security and bug fix update (Moderate) | |||
| CVE-2020-1930 | medium | — | 5.5 | 6y ago | RHSA-2020:4625: spamassassin security update (Moderate) | |||
| CVE-2020-0556 | medium | — | 5.5 | 6y ago | RHSA-2020:4481: bluez security update (Moderate) | |||
| CVE-2020-1730 | medium | — | 5.5 | 6y ago | RHSA-2020:4545: libssh security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14382 | medium | — | 5.5 | 6y ago | RHSA-2020:4542: cryptsetup security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0093 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0181 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-10737 | medium | — | 5.5 | 6y ago | RHSA-2020:4687: oddjob security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1931 | medium | — | 5.5 | 6y ago | RHSA-2020:4625: spamassassin security update (Moderate) | |||
| CVE-2020-1752 | medium | — | 5.5 | 6y ago | RHSA-2020:4444: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1751 | medium | — | 5.5 | 6y ago | RHSA-2020:4444: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8619 | medium | — | 5.5 | 6y ago | RHSA-2020:4500: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8622 | medium | — | 5.5 | 6y ago | RHSA-2020:4500: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13867 | medium | — | 5.5 | 6y ago | RHSA-2020:4697: targetcli security and enhancement update (Moderate) | |||
| CVE-2020-8623 | medium | — | 5.5 | 6y ago | RHSA-2020:4500: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-9327 | medium | — | 5.5 | 6y ago | RHSA-2020:4442: sqlite security update (Moderate) | |||
| CVE-2020-25715 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13114 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13113 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-10029 | medium | — | 5.5 | 6y ago | RHSA-2020:4444: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-25690 | medium | — | 5.5 | 6y ago | RHSA-2020:4844: fontforge security update (Moderate) | |||
| CVE-2020-10958 | medium | — | 5.5 | 6y ago | RHSA-2020:4763: dovecot security update (Moderate) | |||
| CVE-2020-10967 | medium | — | 5.5 | 6y ago | RHSA-2020:4763: dovecot security update (Moderate) | |||
| CVE-2020-1934 | medium | — | 5.5 | 6y ago | RHSA-2020:4751: httpd:2.4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1927 | medium | — | 5.5 | 6y ago | RHSA-2020:4751: httpd:2.4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8450 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8449 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-24606 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14058 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-15049 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0570 | medium | — | 5.5 | 6y ago | RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate) | |||
| CVE-2020-13962 | medium | — | 5.5 | 6y ago | RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate) | |||
| CVE-2020-0569 | medium | — | 5.5 | 6y ago | RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate) | |||
| CVE-2020-12052 | medium | — | 5.5 | 6y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14339 | medium | — | 5.5 | 6y ago | RHSA-2020:4676: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14301 | medium | — | 5.5 | 6y ago | RHSA-2020:4676: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-10703 | medium | — | 5.5 | 6y ago | RHSA-2020:4676: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1722 | medium | — | 5.5 | 6y ago | RHSA-2020:4670: idm:DL1 and idm:client security, bug fix, and enhancement update (Moderate) |