CVEs from 2020
Total
3,801
critical
critical 206
high
high 563
medium
medium 744
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-11099 | medium | — | 5.5 | 5y ago | RHSA-2021:1849: freerdp security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-4030 | medium | — | 5.5 | 5y ago | RHSA-2021:1849: freerdp security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-15103 | medium | — | 5.5 | 5y ago | RHSA-2021:1849: freerdp security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-25713 | medium | — | 5.5 | 5y ago | A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common. | |||
| CVE-2020-14397 | medium | — | 5.5 | 5y ago | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. | |||
| CVE-2020-25708 | medium | — | 5.5 | 5y ago | A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a fl… | |||
| CVE-2020-14405 | medium | — | 5.5 | 5y ago | An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. | |||
| CVE-2020-11993 | medium | — | 5.5 | 5y ago | Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing con… | |||
| CVE-2020-11984 | medium | — | 5.5 | 5y ago | Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE | |||
| CVE-2020-14363 | medium | — | 5.5 | 5y ago | RHSA-2021:1804: userspace graphics, xorg-x11, and mesa security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14344 | medium | — | 5.5 | 5y ago | RHSA-2021:1804: userspace graphics, xorg-x11, and mesa security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14361 | medium | — | 5.5 | 5y ago | A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vul… | |||
| CVE-2020-14347 | medium | — | 5.5 | 5y ago | A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could r… | |||
| CVE-2020-25712 | medium | — | 5.5 | 5y ago | A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data … | |||
| CVE-2020-14360 | medium | — | 5.5 | 5y ago | A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerabi… | |||
| CVE-2020-14346 | medium | — | 5.5 | 5y ago | A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat … | |||
| CVE-2020-14345 | medium | — | 5.5 | 5y ago | A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerab… | |||
| CVE-2020-14362 | medium | — | 5.5 | 5y ago | A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vul… | |||
| CVE-2020-25653 | medium | — | 5.5 | 5y ago | A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice… | |||
| CVE-2020-25652 | medium | — | 5.5 | 5y ago | A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any … | |||
| CVE-2020-25650 | medium | — | 5.5 | 5y ago | A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path … | |||
| CVE-2020-25651 | medium | — | 5.5 | 5y ago | A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active fil… | |||
| CVE-2020-12695 | medium | — | 5.5 | 5y ago | RHSA-2021:1789: gssdp and gupnp security update (Moderate) | |||
| CVE-2020-25707 | medium | — | 5.5 | 5y ago | RHSA-2021:1762: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-25637 | medium | — | 5.5 | 5y ago | RHSA-2021:1762: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-29129 | medium | — | 5.5 | 5y ago | ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | |||
| CVE-2020-28916 | medium | — | 5.5 | 5y ago | hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. | |||
| CVE-2020-27821 | medium | — | 5.5 | 5y ago | A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MM… | |||
| CVE-2020-11947 | medium | — | 5.5 | 5y ago | iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. | |||
| CVE-2020-25723 | medium | — | 5.5 | 5y ago | A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged us… | |||
| CVE-2020-29130 | medium | — | 5.5 | 5y ago | slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | |||
| CVE-2020-29443 | medium | — | 5.5 | 5y ago | ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. | |||
| CVE-2020-16092 | medium | — | 5.5 | 5y ago | In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw t… | |||
| CVE-2020-17507 | medium | — | 5.5 | 5y ago | RHSA-2021:1756: qt5-qtbase security and bug fix update (Moderate) | |||
| CVE-2020-12867 | medium | — | 5.5 | 5y ago | RHSA-2021:1744: sane-backends security update (Moderate) | |||
| CVE-2020-25647 | medium | — | 5.5 | 5y ago | RHSA-2021:2566: fwupd security update (Moderate) | |||
| CVE-2020-27749 | medium | — | 5.5 | 5y ago | RHSA-2021:2566: fwupd security update (Moderate) | |||
| CVE-2020-14372 | medium | — | 5.5 | 5y ago | RHSA-2021:2566: fwupd security update (Moderate) | |||
| CVE-2020-27779 | medium | — | 5.5 | 5y ago | RHSA-2021:2566: fwupd security update (Moderate) | |||
| CVE-2020-25632 | medium | — | 5.5 | 5y ago | RHSA-2021:2566: fwupd security update (Moderate) | |||
| CVE-2020-14318 | medium | — | 5.5 | 5y ago | RHSA-2021:1647: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14323 | medium | — | 5.5 | 5y ago | RHSA-2021:1647: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-24330 | medium | — | 5.5 | 5y ago | RHSA-2021:1627: trousers security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-24331 | medium | — | 5.5 | 5y ago | RHSA-2021:1627: trousers security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-24332 | medium | — | 5.5 | 5y ago | RHSA-2021:1627: trousers security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-29362 | medium | — | 5.5 | 5y ago | RHSA-2021:1609: p11-kit security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-29363 | medium | — | 5.5 | 5y ago | RHSA-2021:1609: p11-kit security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-29361 | medium | — | 5.5 | 5y ago | RHSA-2021:1609: p11-kit security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-26571 | medium | — | 5.5 | 5y ago | RHSA-2021:1600: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-26570 | medium | — | 5.5 | 5y ago | RHSA-2021:1600: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-26572 | medium | — | 5.5 | 5y ago | RHSA-2021:1600: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-27153 | medium | — | 5.5 | 5y ago | RHSA-2021:1598: bluez security update (Moderate) | |||
| CVE-2020-16125 | medium | — | 5.5 | 5y ago | RHSA-2021:1586: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-9983 | medium | — | 5.5 | 5y ago | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution. | |||
| CVE-2020-9951 | medium | — | 5.5 | 5y ago | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | |||
| CVE-2020-13543 | medium | — | 5.5 | 5y ago | A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code … | |||
| CVE-2020-13584 | medium | — | 5.5 | 5y ago | An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code executio… | |||
| CVE-2020-9948 | medium | — | 5.5 | 5y ago | A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | |||
| CVE-2020-27618 | medium | — | 5.5 | 5y ago | RHSA-2021:1585: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-15011 | medium | — | 5.5 | 5y ago | RHSA-2021:1751: mailman:2.1 security update (Moderate) | |||
| CVE-2020-15358 | medium | — | 5.5 | 5y ago | RHSA-2021:1581: sqlite security update (Moderate) | |||
| CVE-2020-24977 | medium | — | 5.5 | 5y ago | GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. | |||
| CVE-2020-28935 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-28196 | medium | — | 5.5 | 5y ago | RHSA-2021:1593: krb5 security update (Moderate) | |||
| CVE-2020-10878 | medium | — | 5.5 | 5y ago | RHSA-2021:1678: perl security and bug fix update (Moderate) | |||
| CVE-2020-8231 | medium | — | 5.5 | 5y ago | Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. | |||
| CVE-2020-8285 | medium | — | 5.5 | 5y ago | curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. | |||
| CVE-2020-8284 | medium | — | 5.5 | 5y ago | A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about ser… | |||
| CVE-2020-13776 | medium | — | 5.5 | 5y ago | systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user acc… | |||
| CVE-2020-8286 | medium | — | 5.5 | 5y ago | curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. | |||
| CVE-2020-10543 | medium | — | 5.5 | 5y ago | RHSA-2021:1678: perl security and bug fix update (Moderate) | |||
| CVE-2020-12108 | medium | — | 5.5 | 5y ago | RHSA-2021:1751: mailman:2.1 security update (Moderate) | |||
| CVE-2020-26117 | medium | — | 5.5 | 5y ago | RHSA-2021:1783: tigervnc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-7754 | medium | — | 5.5 | 5y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-1747 | medium | — | 5.5 | 5y ago | RHSA-2021:2583: python38:3.8 and python38-devel:3.8 security update (Moderate) | |||
| CVE-2020-35678 | medium | — | 5.5 | 5y ago | Autobahn|Python before 20.12.3 allows redirect header injection. | |||
| CVE-2020-28473 | medium | — | 5.5 | 5y ago | The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), … | |||
| CVE-2020-28374 | medium | — | 5.5 | 5y ago | In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via direct… | |||
| CVE-2020-35518 | medium | — | 5.5 | 5y ago | RHSA-2021:1086: 389-ds:1.4 security and bug fix update (Moderate) | |||
| CVE-2020-28463 | medium | — | 5.5 | 5y ago | All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Step… | |||
| CVE-2020-7774 | medium | — | 5.5 | 5y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-14343 | medium | — | 5.5 | 5y ago | RHSA-2021:2583: python38:3.8 and python38-devel:3.8 security update (Moderate) | |||
| CVE-2020-28493 | medium | — | 5.5 | 5y ago | RHSA-2021:4162: python38:3.8 and python38-devel:3.8 security update (Moderate) | |||
| CVE-2020-24583 | medium | — | 5.5 | 5y ago | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level d… | |||
| CVE-2020-24584 | medium | — | 5.5 | 5y ago | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's st… | |||
| CVE-2020-35653 | medium | — | 5.5 | 5y ago | RHSA-2021:4149: python-pillow security update (Moderate) | |||
| CVE-2020-35655 | medium | — | 5.5 | 5y ago | RHSA-2021:4149: python-pillow security update (Moderate) | |||
| CVE-2020-35654 | medium | — | 5.5 | 5y ago | In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. | |||
| CVE-2020-13949 | medium | — | 5.5 | 5y ago | Uncontrolled Resource Consumption in Apache Thrift | |||
| CVE-2020-8265 | medium | — | 5.5 | 5y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-8287 | medium | — | 5.5 | 5y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-12400 | medium | — | 5.5 | 5y ago | When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects F… | |||
| CVE-2020-12723 | medium | — | 5.5 | 5y ago | RHSA-2021:0557: perl security update (Moderate) | |||
| CVE-2020-12401 | medium | — | 5.5 | 5y ago | During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This… | |||
| CVE-2020-6829 | medium | — | 5.5 | 5y ago | When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-m… | |||
| CVE-2020-12403 | medium | — | 5.5 | 5y ago | A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly di… | |||
| CVE-2020-36242 | medium | — | 5.5 | 5y ago | RHSA-2021:1608: python-cryptography security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11979 | medium | — | 5.5 | 5y ago | Code injection in Apache Ant | |||
| CVE-2020-26272 | medium | — | 5.5 | 5y ago | IPC messages delivered to the wrong frame in Electron | |||
| CVE-2020-27783 | medium | — | 5.5 | 6y ago | RHSA-2021:1898: python-lxml security update (Moderate) |