CVEs from 2020
Total
4,012
critical
critical 194
high
high 478
medium
medium 683
low
low 58
% Critical
4.8%
% with KEV
3.6%
% with exploit
4.0%
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-9806 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9894 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9843 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3864 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3868 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9952 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-15503 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3897 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9893 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3900 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3867 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-11793 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9803 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3865 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9925 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3862 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3895 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3901 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3885 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-3899 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9805 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-9895 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-14391 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-12465 | medium | — | 5.5 | 6y ago | An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragmen… | |||
| CVE-2020-12655 | medium | — | 5.5 | 6y ago | An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata… | |||
| CVE-2020-12659 | medium | — | 5.5 | 6y ago | An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom val… | |||
| CVE-2020-12826 | medium | — | 5.5 | 6y ago | A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a… | |||
| CVE-2020-8648 | medium | — | 5.5 | 6y ago | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. | |||
| CVE-2020-8647 | medium | — | 5.5 | 6y ago | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. | |||
| CVE-2020-8649 | medium | — | 5.5 | 6y ago | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. | |||
| CVE-2020-12770 | medium | — | 5.5 | 6y ago | An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. | |||
| CVE-2020-0444 | medium | — | 5.5 | 6y ago | In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution priv… | |||
| CVE-2020-14381 | medium | — | 5.5 | 6y ago | A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is abou… | |||
| CVE-2020-0305 | medium | — | 5.5 | 6y ago | In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no… | |||
| CVE-2020-25641 | medium | — | 5.5 | 6y ago | A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loo… | |||
| CVE-2020-11565 | medium | — | 5.5 | 6y ago | An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, … | |||
| CVE-2020-10774 | medium | — | 5.5 | 6y ago | A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysctl subsystem when reading the /proc/sys/kernel/rh_features file. This flaw allows a local user to re… | |||
| CVE-2020-10942 | medium | — | 5.5 | 6y ago | In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. | |||
| CVE-2020-10773 | medium | — | 5.5 | 6y ago | A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local us… | |||
| CVE-2020-11668 | medium | — | 5.5 | 6y ago | In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. | |||
| CVE-2020-10751 | medium | — | 5.5 | 6y ago | A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrec… | |||
| CVE-2020-10732 | medium | — | 5.5 | 6y ago | A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. | |||
| CVE-2020-25659 | medium | — | 5.5 | 6y ago | python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. | |||
| CVE-2020-8252 | medium | — | 5.5 | 6y ago | Moderate: nodejs:10 security update | |||
| CVE-2020-8201 | medium | — | 5.5 | 6y ago | Moderate: nodejs:12 security and bug fix update | |||
| CVE-2020-10756 | medium | — | 5.5 | 6y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |||
| CVE-2020-25613 | medium | — | 5.5 | 6y ago | Moderate: ruby:2.5 security, bug fix, and enhancement update | |||
| CVE-2020-1945 | medium | — | 5.5 | 6y ago | Sensitive Data Exposure in Apache Ant | |||
| CVE-2020-2574 | medium | — | 5.5 | 6y ago | Moderate: mariadb-connector-c security, bug fix, and enhancement update | |||
| CVE-2020-2752 | medium | — | 5.5 | 6y ago | Moderate: mariadb-connector-c security, bug fix, and enhancement update | |||
| CVE-2020-2922 | medium | — | 5.5 | 6y ago | Moderate: mariadb-connector-c security, bug fix, and enhancement update | |||
| CVE-2020-7060 | medium | — | 5.5 | 6y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |||
| CVE-2020-7066 | medium | — | 5.5 | 6y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |||
| CVE-2020-7059 | medium | — | 5.5 | 6y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |||
| CVE-2020-7065 | medium | — | 5.5 | 6y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |||
| CVE-2020-7063 | medium | — | 5.5 | 6y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |||
| CVE-2020-7062 | medium | — | 5.5 | 6y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |||
| CVE-2020-7064 | medium | — | 5.5 | 6y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |||
| CVE-2020-12825 | medium | — | 5.5 | 6y ago | Moderate: libcroco security update | |||
| CVE-2020-7608 | medium | — | 5.5 | 6y ago | Moderate: nodejs:10 security update | |||
| CVE-2020-8116 | medium | — | 5.5 | 6y ago | Moderate: nodejs:10 security update | |||
| CVE-2020-1983 | medium | — | 5.5 | 6y ago | Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update | |||
| CVE-2020-15095 | medium | — | 5.5 | 6y ago | Moderate: nodejs:10 security update | |||
| CVE-2020-15368 | medium | 5.5 | 5.5 | 6y ago | AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3. | |||
| CVE-2020-13596 | medium | — | 5.5 | 6y ago | An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility … | |||
| CVE-2020-13254 | medium | — | 5.5 | 6y ago | An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collis… | |||
| CVE-2020-9547 | medium | — | 5.5 | 6y ago | jackson-databind mishandles the interaction between serialization gadgets and typing | |||
| CVE-2020-10673 | medium | — | 5.5 | 6y ago | jackson-databind mishandles the interaction between serialization gadgets and typing | |||
| CVE-2020-9548 | medium | — | 5.5 | 6y ago | jackson-databind mishandles the interaction between serialization gadgets and typing | |||
| CVE-2020-11022 | medium | — | 5.5 | 6y ago | Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update | |||
| CVE-2020-1702 | medium | — | 5.5 | 6y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |||
| CVE-2020-10672 | medium | — | 5.5 | 6y ago | jackson-databind mishandles the interaction between serialization gadgets and typing | |||
| CVE-2020-10663 | medium | — | 5.5 | 6y ago | Moderate: ruby:2.5 security, bug fix, and enhancement update | |||
| CVE-2020-8840 | medium | — | 5.5 | 6y ago | Deserialization of Untrusted Data in jackson-databind | |||
| CVE-2020-1935 | medium | — | 5.5 | 6y ago | Potential HTTP request smuggling in Apache Tomcat | |||
| CVE-2020-7595 | medium | — | 5.5 | 6y ago | libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation | |||
| CVE-2020-7471 | medium | — | 5.5 | 6y ago | Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data … | |||
| CVE-2020-37241 | medium | 5.3 | 5.3 | 13d ago | bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can… | |||
| CVE-2020-7549 | medium | 5.3 | 5.3 | 6y ago | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication … | |||
| CVE-2020-29372 | medium | 4.7 | 4.7 | 6y ago | An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1… | |||
| CVE-2020-37217 | medium | 4.3 | 4.3 | 16d ago | Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attack… | |||
| CVE-2020-7568 | medium | 4.3 | 4.3 | 6y ago | A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when th… | |||
| CVE-2020-8166 | medium | 4.3 | 4.3 | 6y ago | Ability to forge per-form CSRF tokens in Rails | |||
| CVE-2020-9488 | low | 3.7 | 3.7 | 6y ago | Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log mess… | |||
| CVE-2020-27673 | low | — | 2.5 | — | An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e995… | |||
| CVE-2020-25691 | low | — | 2.5 | — | denial of service in darkhttpd | |||
| CVE-2020-24827 | low | — | 2.5 | — | A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||
| CVE-2020-24826 | low | — | 2.5 | — | A vulnerability in the elf::section::as_strtab function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||
| CVE-2020-35450 | low | — | 2.5 | — | Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls. | |||
| CVE-2020-16121 | low | — | 2.5 | — | PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own. | |||
| CVE-2020-9359 | low | — | 2.5 | — | KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. | |||
| CVE-2020-22026 | low | — | 2.5 | — | Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service. | |||
| CVE-2020-12823 | low | — | 2.5 | — | OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. | |||
| CVE-2020-24824 | low | — | 2.5 | — | A global buffer overflow issue in the dwarf::line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS). | |||
| CVE-2020-27675 | low | — | 2.5 | — | An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condit… | |||
| CVE-2020-18773 | low | — | 2.5 | — | An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. | |||
| CVE-2020-27837 | low | — | 2.5 | — | A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessin… | |||
| CVE-2020-12049 | low | — | 2.5 | — | An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A loca… | |||
| CVE-2020-29562 | low | — | 2.5 | — | The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, … | |||
| CVE-2020-18974 | low | — | 2.5 | — | Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147. |