CVEs from 2020
Total
4,011
critical
critical 194
high
high 478
medium
medium 683
low
low 57
% Critical
4.8%
% with KEV
3.6%
% with exploit
4.0%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
- financial_services_institutional_performance_analytics 10
- communications_contacts_server 9
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-9862 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9802 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9895 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9893 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-15503 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9803 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-11793 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3894 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9843 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3900 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3901 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-10018 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3895 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3868 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3864 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9806 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3867 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9807 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-14391 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3885 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3862 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9925 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9952 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-10942 | medium | — | 5.5 | 6y ago | In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. | |||
| CVE-2020-8647 | medium | — | 5.5 | 6y ago | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. | |||
| CVE-2020-8649 | medium | — | 5.5 | 6y ago | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. | |||
| CVE-2020-8648 | medium | — | 5.5 | 6y ago | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. | |||
| CVE-2020-10774 | medium | — | 5.5 | 6y ago | A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysctl subsystem when reading the /proc/sys/kernel/rh_features file. This flaw allows a local user to re… | |||
| CVE-2020-12465 | medium | — | 5.5 | 6y ago | An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragmen… | |||
| CVE-2020-11668 | medium | — | 5.5 | 6y ago | In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. | |||
| CVE-2020-14381 | medium | — | 5.5 | 6y ago | A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is abou… | |||
| CVE-2020-12655 | medium | — | 5.5 | 6y ago | An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata… | |||
| CVE-2020-12659 | medium | — | 5.5 | 6y ago | An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom val… | |||
| CVE-2020-12770 | medium | — | 5.5 | 6y ago | An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. | |||
| CVE-2020-12826 | medium | — | 5.5 | 6y ago | A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a… | |||
| CVE-2020-10751 | medium | — | 5.5 | 6y ago | A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrec… | |||
| CVE-2020-0444 | medium | — | 5.5 | 6y ago | In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution priv… | |||
| CVE-2020-10732 | medium | — | 5.5 | 6y ago | A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. | |||
| CVE-2020-10773 | medium | — | 5.5 | 6y ago | A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local us… | |||
| CVE-2020-11565 | medium | — | 5.5 | 6y ago | An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, … | |||
| CVE-2020-25641 | medium | — | 5.5 | 6y ago | A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loo… | |||
| CVE-2020-0305 | medium | — | 5.5 | 6y ago | In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no… | |||
| CVE-2020-25659 | medium | — | 5.5 | 6y ago | python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. | |||
| CVE-2020-8252 | medium | — | 5.5 | 6y ago | Moderate: nodejs:10 security update | |||
| CVE-2020-8201 | medium | — | 5.5 | 6y ago | Moderate: nodejs:12 security and bug fix update | |||
| CVE-2020-10756 | medium | — | 5.5 | 6y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |||
| CVE-2020-25613 | medium | — | 5.5 | 6y ago | Moderate: ruby:2.5 security, bug fix, and enhancement update | |||
| CVE-2020-1945 | medium | — | 5.5 | 6y ago | Sensitive Data Exposure in Apache Ant | |||
| CVE-2020-2922 | medium | — | 5.5 | 6y ago | Moderate: mariadb-connector-c security, bug fix, and enhancement update | |||
| CVE-2020-2574 | medium | — | 5.5 | 6y ago | Moderate: mariadb-connector-c security, bug fix, and enhancement update | |||
| CVE-2020-2752 | medium | — | 5.5 | 6y ago | Moderate: mariadb-connector-c security, bug fix, and enhancement update | |||
| CVE-2020-7064 | medium | — | 5.5 | 6y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |||
| CVE-2020-7059 | medium | — | 5.5 | 6y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |||
| CVE-2020-7060 | medium | — | 5.5 | 6y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |||
| CVE-2020-7062 | medium | — | 5.5 | 6y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |||
| CVE-2020-7063 | medium | — | 5.5 | 6y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |||
| CVE-2020-7066 | medium | — | 5.5 | 6y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |||
| CVE-2020-7065 | medium | — | 5.5 | 6y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |||
| CVE-2020-12825 | medium | — | 5.5 | 6y ago | Moderate: libcroco security update | |||
| CVE-2020-7608 | medium | — | 5.5 | 6y ago | Moderate: nodejs:10 security update | |||
| CVE-2020-8116 | medium | — | 5.5 | 6y ago | Moderate: nodejs:10 security update | |||
| CVE-2020-1983 | medium | — | 5.5 | 6y ago | Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update | |||
| CVE-2020-15095 | medium | — | 5.5 | 6y ago | Moderate: nodejs:10 security update | |||
| CVE-2020-15368 | medium | 5.5 | 5.5 | 6y ago | AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3. | |||
| CVE-2020-13596 | medium | — | 5.5 | 6y ago | An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility … | |||
| CVE-2020-13254 | medium | — | 5.5 | 6y ago | An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collis… | |||
| CVE-2020-9547 | medium | — | 5.5 | 6y ago | jackson-databind mishandles the interaction between serialization gadgets and typing | |||
| CVE-2020-10673 | medium | — | 5.5 | 6y ago | jackson-databind mishandles the interaction between serialization gadgets and typing | |||
| CVE-2020-9548 | medium | — | 5.5 | 6y ago | jackson-databind mishandles the interaction between serialization gadgets and typing | |||
| CVE-2020-11022 | medium | — | 5.5 | 6y ago | Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update | |||
| CVE-2020-1702 | medium | — | 5.5 | 6y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |||
| CVE-2020-10672 | medium | — | 5.5 | 6y ago | jackson-databind mishandles the interaction between serialization gadgets and typing | |||
| CVE-2020-10663 | medium | — | 5.5 | 6y ago | Moderate: ruby:2.5 security, bug fix, and enhancement update | |||
| CVE-2020-8840 | medium | — | 5.5 | 6y ago | Deserialization of Untrusted Data in jackson-databind | |||
| CVE-2020-1935 | medium | — | 5.5 | 6y ago | Potential HTTP request smuggling in Apache Tomcat | |||
| CVE-2020-7595 | medium | — | 5.5 | 6y ago | libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation | |||
| CVE-2020-7471 | medium | — | 5.5 | 6y ago | Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data … | |||
| CVE-2020-37241 | medium | 5.3 | 5.3 | 13d ago | bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can… | |||
| CVE-2020-7549 | medium | 5.3 | 5.3 | 6y ago | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication … | |||
| CVE-2020-29372 | medium | 4.7 | 4.7 | 6y ago | An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1… | |||
| CVE-2020-37217 | medium | 4.3 | 4.3 | 16d ago | Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attack… | |||
| CVE-2020-7568 | medium | 4.3 | 4.3 | 6y ago | A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when th… | |||
| CVE-2020-8166 | medium | 4.3 | 4.3 | 6y ago | Ability to forge per-form CSRF tokens in Rails | |||
| CVE-2020-24823 | low | — | 2.5 | — | A vulnerability in the dwarf::to_string function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||
| CVE-2020-24827 | low | — | 2.5 | — | A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||
| CVE-2020-9359 | low | — | 2.5 | — | KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. | |||
| CVE-2020-12755 | low | — | 2.5 | — | fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended… | |||
| CVE-2020-24825 | low | — | 2.5 | — | A vulnerability in the line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||
| CVE-2020-35112 | low | — | 2.5 | — | If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an … | |||
| CVE-2020-22024 | low | — | 2.5 | — | Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service. | |||
| CVE-2020-28030 | low | — | 2.5 | — | In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. | |||
| CVE-2020-18773 | low | — | 2.5 | — | An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. | |||
| CVE-2020-36317 | low | — | 2.5 | — | In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could res… | |||
| CVE-2020-25219 | low | — | 2.5 | — | url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. T… | |||
| CVE-2020-24822 | low | — | 2.5 | — | A vulnerability in the dwarf::cursor::uleb function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||
| CVE-2020-18974 | low | — | 2.5 | — | Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147. | |||
| CVE-2020-20448 | low | — | 2.5 | — | FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service. | |||
| CVE-2020-3898 | low | — | 2.5 | — | Low: cups security and bug fix update | |||
| CVE-2020-13950 | low | — | 2.5 | — | Low: httpd:2.4 security update | |||
| CVE-2020-22026 | low | — | 2.5 | — | Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service. |