CVEs from 2020
Total
3,973
critical
critical 184
high
high 576
medium
medium 738
low
low 59
% Critical
4.6%
% with KEV
3.7%
% with exploit
5.1%
Top vendors
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-10148 | unknown | — | 1.5 | 5y ago | SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands. | |||
| CVE-2020-8243 | unknown | — | 1.5 | 5y ago | Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution. | |||
| CVE-2020-4006 | unknown | — | 1.5 | 5y ago | VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative config… | |||
| CVE-2020-3580 | unknown | — | 1.5 | 5y ago | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an insufficient input validation vulnerability for user-supplied input by the web services interface. Successful ex… | |||
| CVE-2020-3992 | unknown | — | 1.5 | 5y ago | VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution. | |||
| CVE-2020-0069 | unknown | — | 1.5 | 5y ago | Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write… | |||
| CVE-2020-1464 | unknown | — | 1.5 | 5y ago | Microsoft Windows contains a spoofing vulnerability when Windows incorrectly validates file signatures, allowing an attacker to bypass security features and load improperly signed files. | |||
| CVE-2020-12271 | unknown | — | 1.5 | 5y ago | Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. S… | |||
| CVE-2020-10181 | unknown | — | 1.5 | 5y ago | Sumavision Enhanced Multimedia Router (EMR) contains a cross-site request forgery (CSRF) vulnerability allowing the creation of users with elevated privileges as administrator on a device. | |||
| CVE-2020-1020 | unknown | — | 1.5 | 5y ago | Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code exec… | |||
| CVE-2020-0986 | unknown | — | 1.5 | 5y ago | Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in kernel mode. | |||
| CVE-2020-17144 | unknown | — | 1.5 | 5y ago | Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution. | |||
| CVE-2020-0938 | unknown | — | 1.5 | 5y ago | Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code exec… | |||
| CVE-2020-8195 | unknown | — | 1.5 | 5y ago | Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability. | |||
| CVE-2020-8193 | unknown | — | 1.5 | 5y ago | Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacke… | |||
| CVE-2020-9859 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges. | |||
| CVE-2020-27930 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front. | |||
| CVE-2020-27950 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory. | |||
| CVE-2020-9818 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message. | |||
| CVE-2020-29583 | unknown | — | 1.5 | 5y ago | Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account ("zyfwp") with an unchangeable password. | |||
| CVE-2020-4430 | unknown | — | 1.5 | 5y ago | IBM Data Risk Manager contains a directory traversal vulnerability that could allow a remote authenticated attacker to traverse directories and send a specially crafted URL request to download arbitr… | |||
| CVE-2020-25506 | unknown | — | 1.5 | 5y ago | D-Link DNS-320 device contains a command injection vulnerability in the sytem_mgr.cgi component that may allow for remote code execution. | |||
| CVE-2020-29557 | unknown | — | 1.5 | 5y ago | D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution. | |||
| CVE-2020-9819 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message. | |||
| CVE-2020-27932 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges. | |||
| CVE-2020-8196 | unknown | — | 1.5 | 5y ago | Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability. | |||
| CVE-2020-13671 | unknown | — | 1.5 | 6y ago | Improper sanitization in the extension file names is present in Drupal core. | |||
| CVE-2020-1956 | unknown | — | 1.5 | 6y ago | Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution. | |||
| CVE-2020-0009 | unknown | — | 1.0 | — | In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared betwee… | |||
| CVE-2020-2229 | unknown | — | 1.0 | 4y ago | Jenkins Cross-Site Scripting vulnerability in help icons | |||
| CVE-2020-2231 | unknown | — | 1.0 | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2020-2230 | unknown | — | 1.0 | 4y ago | Jenkins Cross-site Scripting vulnerability in project naming strategy | |||
| CVE-2020-7934 | unknown | — | 1.0 | 4y ago | Liferay Portal Vulnerable to Persistent Cross-Site Scripting (XSS) in MyAccountPortlet | |||
| CVE-2020-2096 | unknown | — | 1.0 | 4y ago | Reflected XSS vulnerability in Jenkins gitlab-hook Plugin | |||
| CVE-2020-13951 | unknown | — | 1.0 | 4y ago | Denial of service in Apache OpenMeetings | |||
| CVE-2020-35476 | unknown | — | 1.0 | 5y ago | OS Command Injection in OpenTSDB | |||
| CVE-2020-9283 | unknown | — | 1.0 | 5y ago | golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accept… | |||
| CVE-2020-27347 | unknown | — | — | — | In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output. | |||
| CVE-2020-27758 | unknown | — | — | — | A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of ty… | |||
| CVE-2020-27765 | unknown | — | — | — | A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero.… | |||
| CVE-2020-27756 | unknown | — | — | — | In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a craft… | |||
| CVE-2020-27750 | unknown | — | — | — | A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior i… | |||
| CVE-2020-25675 | unknown | — | — | — | In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer over… | |||
| CVE-2020-25674 | unknown | — | — | — | WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible f… | |||
| CVE-2020-27760 | unknown | — | — | — | In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead … | |||
| CVE-2020-27754 | unknown | — | — | — | In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate … | |||
| CVE-2020-25667 | unknown | — | — | — | TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a cra… | |||
| CVE-2020-27753 | unknown | — | — | — | There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to … | |||
| CVE-2020-25666 | unknown | — | — | — | There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. … | |||
| CVE-2020-29569 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when st… | |||
| CVE-2020-25665 | unknown | — | — | — | The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on i… | |||
| CVE-2020-25623 | unknown | — | — | — | Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used. | |||
| CVE-2020-12872 | unknown | — | — | — | yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than… | |||
| CVE-2020-24697 | unknown | — | — | — | An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted querie… | |||
| CVE-2020-24696 | unknown | — | — | — | An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or pos… | |||
| CVE-2020-15693 | unknown | — | — | — | In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call (such as h… | |||
| CVE-2020-15692 | unknown | — | — | — | In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker… | |||
| CVE-2020-27350 | unknown | — | — | — | APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfi… | |||
| CVE-2020-15690 | unknown | — | — | — | In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character. | |||
| CVE-2020-21583 | unknown | — | — | — | An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date. | |||
| CVE-2020-0429 | unknown | — | — | — | In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privil… | |||
| CVE-2020-0430 | unknown | — | — | — | In skb_headlen of /include/linux/skbuff.h, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges ne… | |||
| CVE-2020-0432 | unknown | — | — | — | In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. U… | |||
| CVE-2020-0433 | unknown | — | — | — | In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges nee… | |||
| CVE-2020-10742 | unknown | — | — | — | A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmallo… | |||
| CVE-2020-0465 | unknown | — | — | — | In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges… | |||
| CVE-2020-10769 | unknown | — | — | — | A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than… | |||
| CVE-2020-25671 | unknown | — | — | — | A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. | |||
| CVE-2020-25670 | unknown | — | — | — | A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. | |||
| CVE-2020-25672 | unknown | — | — | — | A memory leak vulnerability was found in Linux kernel in llcp_sock_connect | |||
| CVE-2020-25673 | unknown | — | — | — | A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. | |||
| CVE-2020-26088 | unknown | — | — | — | A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID… | |||
| CVE-2020-36776 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/cpufreq_cooling: Fix slab OOB issue Slab OOB issue is scanned by KASAN in cpu_power_to_freq(). If power is limite… | |||
| CVE-2020-27066 | unknown | — | — | — | In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges need… | |||
| CVE-2020-27067 | unknown | — | — | — | In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ne… | |||
| CVE-2020-27068 | unknown | — | — | — | Product: AndroidVersions: Android kernelAndroid ID: A-127973231References: Upstream kernel | |||
| CVE-2020-36387 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35. | |||
| CVE-2020-26148 | unknown | — | — | — | md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document. | |||
| CVE-2020-27755 | unknown | — | — | — | in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event th… | |||
| CVE-2020-36691 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference. | |||
| CVE-2020-36766 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning lo… | |||
| CVE-2020-27829 | unknown | — | — | — | A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45. | |||
| CVE-2020-36775 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential deadlock Using f2fs_trylock_op() in f2fs_write_compressed_pages() to avoid potential deadlock like w… | |||
| CVE-2020-36778 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: i2c: xiic: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return i… | |||
| CVE-2020-36780 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return i… | |||
| CVE-2020-36779 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: i2c: stm32f7: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on retur… | |||
| CVE-2020-36786 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: [next] staging: media: atomisp: fix memory leak of object flash In the case where the call to lm3554_platform_data_func re… | |||
| CVE-2020-36781 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: i2c: imx: fix reference leak when pm_runtime_get_sync fails In i2c_imx_xfer() and i2c_imx_remove(), the pm reference count is not… | |||
| CVE-2020-36782 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on ret… | |||
| CVE-2020-36784 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on retur… | |||
| CVE-2020-36783 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: i2c: img-scb: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on retur… | |||
| CVE-2020-36785 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs() The "s3a_buf" is freed along with all the other items on the … | |||
| CVE-2020-36787 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: aspeed: fix clock handling logic Video engine uses eclk and vclk for its clock sources and its reset control is coupled wi… | |||
| CVE-2020-3702 | unknown | — | — | — | u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the… | |||
| CVE-2020-36788 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: avoid a use-after-free when BO init fails nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code b… | |||
| CVE-2020-36789 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context If a driver calls can_get_echo_skb() during a hardw… | |||
| CVE-2020-36790 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a memory leak We forgot to free new_model_number | |||
| CVE-2020-36791 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net_sched: keep alloc_hash updated after hash allocation In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex") I… | |||
| CVE-2020-11934 | unknown | — | — | — | It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DI… | |||
| CVE-2020-12062 | unknown | — | — | — | The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbit… |