CVEs from 2020
Total
4,160
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-35730 | high | — | 9.5 | 3y ago | An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference el… | |
| CVE-2020-6418 | high | — | 9.5 | 5y ago | multiple issues in chromium | |
| CVE-2020-16017 | high | — | 9.5 | 6y ago | Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. | |
| CVE-2020-16013 | high | — | 9.5 | 6y ago | Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could… | |
| CVE-2020-15999 | high | — | 9.5 | 6y ago | Important: freetype security update | |
| CVE-2020-37227 | high | 8.8 | 8.8 | 12d ago | HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can… | |
| CVE-2020-11113 | high | 8.8 | 8.8 | 6y ago | jackson-databind mishandles the interaction between serialization gadgets and typing | |
| CVE-2020-11112 | high | 8.8 | 8.8 | 6y ago | jackson-databind mishandles the interaction between serialization gadgets and typing | |
| CVE-2020-37221 | high | 8.4 | 8.4 | 15d ago | Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Cloc… | |
| CVE-2020-37244 | high | 8.2 | 8.2 | 12d ago | Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' p… | |
| CVE-2020-37243 | high | 8.2 | 8.2 | 12d ago | Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl acti… | |
| CVE-2020-37242 | high | 8.2 | 8.2 | 12d ago | Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parame… | |
| CVE-2020-37218 | high | 8.2 | 8.2 | 15d ago | Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the … | |
| CVE-2020-37004 | high | 8.2 | 8.2 | 4mo ago | The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attac… | |
| CVE-2020-36183 | high | 8.1 | 8.1 | 6y ago | Unsafe Deserialization in jackson-databind | |
| CVE-2020-35728 | high | 8.1 | 8.1 | 6y ago | Serialization gadget exploit in jackson-databind | |
| CVE-2020-14060 | high | 8.1 | 8.1 | 6y ago | Deserialization of untrusted data in Jackson Databind | |
| CVE-2020-14062 | high | 8.1 | 8.1 | 6y ago | Deserialization of untrusted data in Jackson Databind | |
| CVE-2020-11619 | high | 8.1 | 8.1 | 6y ago | jackson-databind mishandles the interaction between serialization gadgets and typing | |
| CVE-2020-25684 | high | — | 8.0 | — | A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pendin… | |
| CVE-2020-14302 | high | — | 8.0 | — | multiple issues in keycloak | |
| CVE-2020-26164 | high | — | 8.0 | — | In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a De… | |
| CVE-2020-6441 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6443 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15888 | high | — | 8.0 | — | Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free. | |
| CVE-2020-10730 | high | — | 8.0 | — | A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped wit… | |
| CVE-2020-35111 | high | — | 8.0 | — | When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a us… | |
| CVE-2020-6495 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-26971 | high | — | 8.0 | — | Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefo… | |
| CVE-2020-6420 | high | — | 8.0 | — | access restriction bypass in chromium | |
| CVE-2020-16023 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16039 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-25829 | high | — | 8.0 | — | An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSS… | |
| CVE-2020-16119 | high | — | 8.0 | — | Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ub… | |
| CVE-2020-6431 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28016 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase. | |
| CVE-2020-6579 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6456 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6433 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28011 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root. | |
| CVE-2020-8625 | high | — | 8.0 | — | BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not … | |
| CVE-2020-15238 | high | — | 8.0 | — | Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depe… | |
| CVE-2020-6458 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6455 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28018 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL. | |
| CVE-2020-28013 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the i… | |
| CVE-2020-6450 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-24490 | high | — | 8.0 | — | Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ. | |
| CVE-2020-15675 | high | — | 8.0 | — | When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81. | |
| CVE-2020-6428 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6430 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6505 | high | — | 8.0 | — | Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |
| CVE-2020-28026 | high | — | 8.0 | — | Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline … | |
| CVE-2020-35733 | high | — | 8.0 | — | certificate verification bypass in erlang | |
| CVE-2020-13871 | high | — | 8.0 | — | SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. | |
| CVE-2020-12398 | high | — | 8.0 | — | If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent … | |
| CVE-2020-28014 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten. | |
| CVE-2020-16032 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15889 | high | — | 8.0 | — | Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. | |
| CVE-2020-6442 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6436 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6438 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-12406 | high | — | 8.0 | — | Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary cod… | |
| CVE-2020-6439 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28009 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation … | |
| CVE-2020-16030 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16019 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16014 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16037 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6425 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16025 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16024 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16031 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6422 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6452 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-15965 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-24511 | high | — | 8.0 | — | Important: microcode_ctl security, bug fix and enhancement update | |
| CVE-2020-15656 | high | — | 8.0 | — | JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only … | |
| CVE-2020-15678 | high | — | 8.0 | — | When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClipped… | |
| CVE-2020-1971 | high | — | 8.0 | — | The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares d… | |
| CVE-2020-6407 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6429 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6435 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16042 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16038 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16027 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16035 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16026 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6427 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16036 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16028 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16043 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-8696 | high | — | 8.0 | — | Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2020-6434 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6432 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-24512 | high | — | 8.0 | — | Important: microcode_ctl security, bug fix and enhancement update | |
| CVE-2020-6474 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16034 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28017 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of res… | |
| CVE-2020-6449 | high | — | 8.0 | — | multiple issues in chromium |