CVEs from 2020
Total
4,012
critical
critical 194
high
high 478
medium
medium 683
low
low 58
% Critical
4.8%
% with KEV
3.6%
% with exploit
4.0%
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-28635 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28634 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-6097 | medium | — | 5.5 | — | An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() ca… | |||
| CVE-2020-28633 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28636 | medium | — | 5.5 | — | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->… | |||
| CVE-2020-27748 | medium | — | 5.5 | — | A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderb… | |||
| CVE-2020-36230 | medium | — | 5.5 | — | A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. | |||
| CVE-2020-26420 | medium | — | 5.5 | — | Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | |||
| CVE-2020-28621 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-18972 | medium | — | 5.5 | — | Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'. | |||
| CVE-2020-22019 | medium | — | 5.5 | — | Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service. | |||
| CVE-2020-26977 | medium | — | 5.5 | — | By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar displayed the original domain. *Note: This issue only affects F… | |||
| CVE-2020-15358 | medium | — | 5.5 | — | In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. | |||
| CVE-2020-35634 | medium | — | 5.5 | — | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() s… | |||
| CVE-2020-12740 | medium | — | 5.5 | — | tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c. | |||
| CVE-2020-8112 | medium | — | 5.5 | — | opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. | |||
| CVE-2020-12272 | medium | — | 5.5 | — | OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsin… | |||
| CVE-2020-28049 | medium | — | 5.5 | — | An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server with… | |||
| CVE-2020-8231 | medium | — | 5.5 | — | Moderate: curl security and bug fix update | |||
| CVE-2020-35518 | medium | — | 5.5 | — | information disclosure in 389-ds-base | |||
| CVE-2020-36401 | medium | — | 5.5 | — | mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free). | |||
| CVE-2020-36152 | medium | — | 5.5 | — | Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA. | |||
| CVE-2020-23932 | medium | — | 5.5 | — | An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service. | |||
| CVE-2020-35766 | medium | — | 5.5 | — | The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c… | |||
| CVE-2020-36148 | medium | — | 5.5 | — | Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protec… | |||
| CVE-2020-11653 | medium | — | 5.5 | — | An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There … | |||
| CVE-2020-35635 | medium | — | 5.5 | — | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB r… | |||
| CVE-2020-37174 | medium | 5.5 | 5.5 | 16d ago | WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design … | |||
| CVE-2020-37169 | medium | 5.5 | 5.5 | 16d ago | WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-u… | |||
| CVE-2020-36855 | medium | 5.5 | 5.5 | 7mo ago | A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stac… | |||
| CVE-2020-16156 | medium | — | 5.5 | 1y ago | Moderate: perl-CPAN security update | |||
| CVE-2020-13790 | medium | — | 5.5 | 1y ago | Moderate: libjpeg-turbo security update | |||
| CVE-2020-27792 | medium | — | 5.5 | 1y ago | A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF fil… | |||
| CVE-2020-10135 | medium | — | 5.5 | 2y ago | RHSA-2024:9315: kernel security update (Moderate) | |||
| CVE-2020-27827 | medium | — | 5.5 | 2y ago | Moderate: lldpd security update | |||
| CVE-2020-36777 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: Fix memory leak in dvb_media_device_free() dvb_media_device_free() is leaking memory. Free `dvbdev->adapter->conn`… | |||
| CVE-2020-18651 | medium | — | 5.5 | 2y ago | Moderate: exempi security update | |||
| CVE-2020-25656 | medium | — | 5.5 | 2y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2020-18652 | medium | — | 5.5 | 2y ago | Moderate: exempi security update | |||
| CVE-2020-15778 | medium | — | 5.5 | 2y ago | scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that t… | |||
| CVE-2020-36024 | medium | — | 5.5 | 2y ago | Moderate: poppler security update | |||
| CVE-2020-18770 | medium | — | 5.5 | 2y ago | Moderate: zziplib security update | |||
| CVE-2020-14370 | medium | — | 5.5 | 2y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |||
| CVE-2020-28991 | medium | — | 5.5 | 2y ago | Improper Access Control in Gitea | |||
| CVE-2020-28241 | medium | — | 5.5 | 2y ago | Moderate: libmaxminddb security update | |||
| CVE-2020-35177 | medium | — | 5.5 | 2y ago | Enumeration of users in HashiCorp Vault in github.com/hashicorp/vault | |||
| CVE-2020-28053 | medium | — | 5.5 | 2y ago | Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul | |||
| CVE-2020-25201 | medium | — | 5.5 | 2y ago | Denial of service in HashiCorp Consul in github.com/hashicorp/consul | |||
| CVE-2020-22217 | medium | — | 5.5 | 3y ago | Moderate: c-ares security update | |||
| CVE-2020-12762 | medium | — | 5.5 | 3y ago | Moderate: libfastjson security update | |||
| CVE-2020-24736 | medium | — | 5.5 | 3y ago | Moderate: sqlite security update | |||
| CVE-2020-36518 | medium | — | 5.5 | 3y ago | Moderate: pki-core:10.6 and pki-deps:10.6 security update | |||
| CVE-2020-17049 | medium | — | 5.5 | 3y ago | Moderate: krb5 security, bug fix, and enhancement update | |||
| CVE-2020-36516 | medium | — | 5.5 | 4y ago | An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP… | |||
| CVE-2020-28852 | medium | — | 5.5 | 4y ago | Moderate: podman security and bug fix update | |||
| CVE-2020-28851 | medium | — | 5.5 | 4y ago | Moderate: podman security and bug fix update | |||
| CVE-2020-0256 | medium | — | 5.5 | 4y ago | Moderate: gdisk security update | |||
| CVE-2020-36558 | medium | — | 5.5 | 4y ago | A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. | |||
| CVE-2020-10735 | medium | — | 5.5 | 4y ago | A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for… | |||
| CVE-2020-35525 | medium | — | 5.5 | 4y ago | Moderate: sqlite security update | |||
| CVE-2020-35527 | medium | — | 5.5 | 4y ago | Moderate: sqlite security update | |||
| CVE-2020-7788 | medium | — | 5.5 | 4y ago | Moderate: nodejs:14 security, bug fix, and enhancement update | |||
| CVE-2020-28469 | medium | — | 5.5 | 4y ago | Moderate: nodejs:14 security, bug fix, and enhancement update | |||
| CVE-2020-35509 | medium | — | 5.5 | 4y ago | Keycloak vulnerable to Improper Certificate Validation | |||
| CVE-2020-29652 | medium | — | 5.5 | 4y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |||
| CVE-2020-1695 | medium | — | 5.5 | 4y ago | Improper Input Validation in RESTEasy | |||
| CVE-2020-25864 | medium | — | 5.5 | 4y ago | HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul | |||
| CVE-2020-10770 | medium | — | 5.5 | 4y ago | Keycloak vulnerable to Server-Side Request Forgery | |||
| CVE-2020-24303 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |||
| CVE-2020-11110 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |||
| CVE-2020-10749 | medium | — | 5.5 | 4y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |||
| CVE-2020-13430 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |||
| CVE-2020-12458 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |||
| CVE-2020-12459 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |||
| CVE-2020-12245 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |||
| CVE-2020-1726 | medium | — | 5.5 | 4y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |||
| CVE-2020-35492 | medium | — | 5.5 | 4y ago | Moderate: cairo and pixman security and bug fix update | |||
| CVE-2020-35452 | medium | — | 5.5 | 4y ago | Moderate: httpd:2.4 security and bug fix update | |||
| CVE-2020-19131 | medium | — | 5.5 | 4y ago | Moderate: libtiff security update | |||
| CVE-2020-18898 | medium | — | 5.5 | 4y ago | Moderate: compat-exiv2-026 security update | |||
| CVE-2020-27826 | medium | — | 5.5 | 4y ago | Authentication Bypass in keycloak | |||
| CVE-2020-29509 | medium | — | 5.5 | 4y ago | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that … | |||
| CVE-2020-15366 | medium | — | 5.5 | 4y ago | Moderate: nodejs:10 security update | |||
| CVE-2020-11996 | medium | — | 5.5 | 4y ago | Uncontrolled Resource Consumption in Apache Tomcat | |||
| CVE-2020-17527 | medium | — | 5.5 | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | |||
| CVE-2020-14366 | medium | — | 5.5 | 4y ago | Path Traversal | |||
| CVE-2020-11988 | medium | — | 5.5 | 4y ago | Server-side request forgery (SSRF) in Apache XmlGraphics Commons | |||
| CVE-2020-24553 | medium | — | 5.5 | 4y ago | Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. | |||
| CVE-2020-11987 | medium | — | 5.5 | 4y ago | Server-side request forgery (SSRF) in Apache Batik | |||
| CVE-2020-25719 | medium | — | 5.5 | 5y ago | Moderate: idm:DL1 security update | |||
| CVE-2020-13435 | medium | — | 5.5 | 5y ago | Moderate: sqlite security update | |||
| CVE-2020-10001 | medium | — | 5.5 | 5y ago | Moderate: cups security and bug fix update | |||
| CVE-2020-13558 | medium | — | 5.5 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-29623 | medium | — | 5.5 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-24870 | medium | — | 5.5 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-36241 | medium | — | 5.5 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-27918 | medium | — | 5.5 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2020-14145 | medium | — | 5.5 | 5y ago | The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connect… | |||
| CVE-2020-35448 | medium | — | 5.5 | 5y ago | Moderate: binutils security update | |||
| CVE-2020-29368 | medium | — | 5.5 | 5y ago | An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a T… |