CVEs from 2020
Total
3,803
critical
critical 206
high
high 563
medium
medium 744
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-11099 | medium | — | 5.5 | 5y ago | RHSA-2021:1849: freerdp security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-4030 | medium | — | 5.5 | 5y ago | RHSA-2021:1849: freerdp security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-15103 | medium | — | 5.5 | 5y ago | RHSA-2021:1849: freerdp security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-25713 | medium | — | 5.5 | 5y ago | A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common. | |||
| CVE-2020-25708 | medium | — | 5.5 | 5y ago | A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a fl… | |||
| CVE-2020-14397 | medium | — | 5.5 | 5y ago | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. | |||
| CVE-2020-14405 | medium | — | 5.5 | 5y ago | An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. | |||
| CVE-2020-11984 | medium | — | 5.5 | 5y ago | Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE | |||
| CVE-2020-11993 | medium | — | 5.5 | 5y ago | Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing con… | |||
| CVE-2020-25712 | medium | — | 5.5 | 5y ago | A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data … | |||
| CVE-2020-14360 | medium | — | 5.5 | 5y ago | A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerabi… | |||
| CVE-2020-14346 | medium | — | 5.5 | 5y ago | A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat … | |||
| CVE-2020-14345 | medium | — | 5.5 | 5y ago | A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerab… | |||
| CVE-2020-14362 | medium | — | 5.5 | 5y ago | A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vul… | |||
| CVE-2020-14344 | medium | — | 5.5 | 5y ago | RHSA-2021:1804: userspace graphics, xorg-x11, and mesa security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14361 | medium | — | 5.5 | 5y ago | A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vul… | |||
| CVE-2020-14347 | medium | — | 5.5 | 5y ago | A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could r… | |||
| CVE-2020-14363 | medium | — | 5.5 | 5y ago | RHSA-2021:1804: userspace graphics, xorg-x11, and mesa security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-25651 | medium | — | 5.5 | 5y ago | A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active fil… | |||
| CVE-2020-25653 | medium | — | 5.5 | 5y ago | A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice… | |||
| CVE-2020-25652 | medium | — | 5.5 | 5y ago | A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any … | |||
| CVE-2020-25650 | medium | — | 5.5 | 5y ago | A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path … | |||
| CVE-2020-12695 | medium | — | 5.5 | 5y ago | RHSA-2021:1789: gssdp and gupnp security update (Moderate) | |||
| CVE-2020-27821 | medium | — | 5.5 | 5y ago | A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MM… | |||
| CVE-2020-16092 | medium | — | 5.5 | 5y ago | In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw t… | |||
| CVE-2020-25707 | medium | — | 5.5 | 5y ago | RHSA-2021:1762: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-28916 | medium | — | 5.5 | 5y ago | hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. | |||
| CVE-2020-25723 | medium | — | 5.5 | 5y ago | A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged us… | |||
| CVE-2020-25637 | medium | — | 5.5 | 5y ago | RHSA-2021:1762: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-29443 | medium | — | 5.5 | 5y ago | ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. | |||
| CVE-2020-11947 | medium | — | 5.5 | 5y ago | iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. | |||
| CVE-2020-29129 | medium | — | 5.5 | 5y ago | ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | |||
| CVE-2020-29130 | medium | — | 5.5 | 5y ago | slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | |||
| CVE-2020-17507 | medium | — | 5.5 | 5y ago | RHSA-2021:1756: qt5-qtbase security and bug fix update (Moderate) | |||
| CVE-2020-12867 | medium | — | 5.5 | 5y ago | RHSA-2021:1744: sane-backends security update (Moderate) | |||
| CVE-2020-27749 | medium | — | 5.5 | 5y ago | RHSA-2021:2566: fwupd security update (Moderate) | |||
| CVE-2020-25647 | medium | — | 5.5 | 5y ago | RHSA-2021:2566: fwupd security update (Moderate) | |||
| CVE-2020-25632 | medium | — | 5.5 | 5y ago | RHSA-2021:2566: fwupd security update (Moderate) | |||
| CVE-2020-27779 | medium | — | 5.5 | 5y ago | RHSA-2021:2566: fwupd security update (Moderate) | |||
| CVE-2020-14372 | medium | — | 5.5 | 5y ago | RHSA-2021:2566: fwupd security update (Moderate) | |||
| CVE-2020-14323 | medium | — | 5.5 | 5y ago | RHSA-2021:1647: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14318 | medium | — | 5.5 | 5y ago | RHSA-2021:1647: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-24330 | medium | — | 5.5 | 5y ago | RHSA-2021:1627: trousers security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-24332 | medium | — | 5.5 | 5y ago | RHSA-2021:1627: trousers security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-24331 | medium | — | 5.5 | 5y ago | RHSA-2021:1627: trousers security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-29361 | medium | — | 5.5 | 5y ago | RHSA-2021:1609: p11-kit security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-29362 | medium | — | 5.5 | 5y ago | RHSA-2021:1609: p11-kit security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-29363 | medium | — | 5.5 | 5y ago | RHSA-2021:1609: p11-kit security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-26571 | medium | — | 5.5 | 5y ago | RHSA-2021:1600: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-26572 | medium | — | 5.5 | 5y ago | RHSA-2021:1600: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-26570 | medium | — | 5.5 | 5y ago | RHSA-2021:1600: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-27153 | medium | — | 5.5 | 5y ago | RHSA-2021:1598: bluez security update (Moderate) | |||
| CVE-2020-9983 | medium | — | 5.5 | 5y ago | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution. | |||
| CVE-2020-9948 | medium | — | 5.5 | 5y ago | A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | |||
| CVE-2020-9951 | medium | — | 5.5 | 5y ago | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | |||
| CVE-2020-16125 | medium | — | 5.5 | 5y ago | RHSA-2021:1586: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13543 | medium | — | 5.5 | 5y ago | A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code … | |||
| CVE-2020-13584 | medium | — | 5.5 | 5y ago | An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code executio… | |||
| CVE-2020-27618 | medium | — | 5.5 | 5y ago | RHSA-2021:1585: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-28935 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-15358 | medium | — | 5.5 | 5y ago | RHSA-2021:1581: sqlite security update (Moderate) | |||
| CVE-2020-10878 | medium | — | 5.5 | 5y ago | RHSA-2021:1678: perl security and bug fix update (Moderate) | |||
| CVE-2020-10543 | medium | — | 5.5 | 5y ago | RHSA-2021:1678: perl security and bug fix update (Moderate) | |||
| CVE-2020-26117 | medium | — | 5.5 | 5y ago | RHSA-2021:1783: tigervnc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8231 | medium | — | 5.5 | 5y ago | Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. | |||
| CVE-2020-28196 | medium | — | 5.5 | 5y ago | RHSA-2021:1593: krb5 security update (Moderate) | |||
| CVE-2020-15011 | medium | — | 5.5 | 5y ago | RHSA-2021:1751: mailman:2.1 security update (Moderate) | |||
| CVE-2020-12108 | medium | — | 5.5 | 5y ago | RHSA-2021:1751: mailman:2.1 security update (Moderate) | |||
| CVE-2020-24977 | medium | — | 5.5 | 5y ago | RHSA-2021:1597: libxml2 security update (Moderate) | |||
| CVE-2020-8286 | medium | — | 5.5 | 5y ago | curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. | |||
| CVE-2020-13776 | medium | — | 5.5 | 5y ago | systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user acc… | |||
| CVE-2020-8284 | medium | — | 5.5 | 5y ago | A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about ser… | |||
| CVE-2020-8285 | medium | — | 5.5 | 5y ago | curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. | |||
| CVE-2020-7754 | medium | — | 5.5 | 5y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-1747 | medium | — | 5.5 | 5y ago | RHSA-2021:2583: python38:3.8 and python38-devel:3.8 security update (Moderate) | |||
| CVE-2020-35678 | medium | — | 5.5 | 5y ago | Autobahn|Python before 20.12.3 allows redirect header injection. | |||
| CVE-2020-28473 | medium | — | 5.5 | 5y ago | The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), … | |||
| CVE-2020-28374 | medium | — | 5.5 | 5y ago | In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via direct… | |||
| CVE-2020-35518 | medium | — | 5.5 | 5y ago | RHSA-2021:1086: 389-ds:1.4 security and bug fix update (Moderate) | |||
| CVE-2020-28463 | medium | — | 5.5 | 5y ago | All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Step… | |||
| CVE-2020-7774 | medium | — | 5.5 | 5y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-14343 | medium | — | 5.5 | 5y ago | RHSA-2021:2583: python38:3.8 and python38-devel:3.8 security update (Moderate) | |||
| CVE-2020-28493 | medium | — | 5.5 | 5y ago | RHSA-2021:4162: python38:3.8 and python38-devel:3.8 security update (Moderate) | |||
| CVE-2020-24583 | medium | — | 5.5 | 5y ago | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level d… | |||
| CVE-2020-24584 | medium | — | 5.5 | 5y ago | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's st… | |||
| CVE-2020-35653 | medium | — | 5.5 | 5y ago | RHSA-2021:4149: python-pillow security update (Moderate) | |||
| CVE-2020-35655 | medium | — | 5.5 | 5y ago | RHSA-2021:4149: python-pillow security update (Moderate) | |||
| CVE-2020-35654 | medium | — | 5.5 | 5y ago | In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. | |||
| CVE-2020-13949 | medium | — | 5.5 | 5y ago | Uncontrolled Resource Consumption in Apache Thrift | |||
| CVE-2020-8265 | medium | — | 5.5 | 5y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-8287 | medium | — | 5.5 | 5y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-12723 | medium | — | 5.5 | 5y ago | RHSA-2021:0557: perl security update (Moderate) | |||
| CVE-2020-12400 | medium | — | 5.5 | 5y ago | When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects F… | |||
| CVE-2020-6829 | medium | — | 5.5 | 5y ago | When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-m… | |||
| CVE-2020-12401 | medium | — | 5.5 | 5y ago | During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This… | |||
| CVE-2020-12403 | medium | — | 5.5 | 5y ago | A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly di… | |||
| CVE-2020-36242 | medium | — | 5.5 | 5y ago | RHSA-2021:1608: python-cryptography security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11979 | medium | — | 5.5 | 5y ago | Code injection in Apache Ant | |||
| CVE-2020-26272 | medium | — | 5.5 | 5y ago | IPC messages delivered to the wrong frame in Electron | |||
| CVE-2020-27783 | medium | — | 5.5 | 6y ago | RHSA-2021:1898: python-lxml security update (Moderate) |