CVEs from 2020
Total
3,809
critical
critical 206
high
high 563
medium
medium 743
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-36777 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: Fix memory leak in dvb_media_device_free() dvb_media_device_free() is leaking memory. Free `dvbdev->adapter->conn`… | |||
| CVE-2020-36024 | medium | — | 5.5 | 2y ago | An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. | |||
| CVE-2020-25656 | medium | — | 5.5 | 2y ago | A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access … | |||
| CVE-2020-15778 | medium | — | 5.5 | 2y ago | scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that t… | |||
| CVE-2020-18651 | medium | — | 5.5 | 2y ago | RHSA-2024:3066: exempi security update (Moderate) | |||
| CVE-2020-18652 | medium | — | 5.5 | 2y ago | RHSA-2024:3066: exempi security update (Moderate) | |||
| CVE-2020-18770 | medium | — | 5.5 | 2y ago | Moderate: zziplib security update | |||
| CVE-2020-14370 | medium | — | 5.5 | 2y ago | RHSA-2021:0531: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-28991 | medium | — | 5.5 | 2y ago | Improper Access Control in Gitea | |||
| CVE-2020-28241 | medium | — | 5.5 | 2y ago | RHSA-2024:0768: libmaxminddb security update (Moderate) | |||
| CVE-2020-35177 | medium | — | 5.5 | 2y ago | Enumeration of users in HashiCorp Vault in github.com/hashicorp/vault | |||
| CVE-2020-28053 | medium | — | 5.5 | 2y ago | Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul | |||
| CVE-2020-25201 | medium | — | 5.5 | 2y ago | Denial of service in HashiCorp Consul in github.com/hashicorp/consul | |||
| CVE-2020-22217 | medium | — | 5.5 | 3y ago | RHSA-2023:7207: c-ares security update (Moderate) | |||
| CVE-2020-12762 | medium | — | 5.5 | 3y ago | RHSA-2023:6976: libfastjson security update (Moderate) | |||
| CVE-2020-24736 | medium | — | 5.5 | 3y ago | RHSA-2023:3840: sqlite security update (Moderate) | |||
| CVE-2020-36518 | medium | — | 5.5 | 3y ago | RHSA-2024:3061: pki-core:10.6 and pki-deps:10.6 security update (Moderate) | |||
| CVE-2020-17049 | medium | — | 5.5 | 3y ago | RHSA-2024:0143: idm:DL1 security update (Moderate) | |||
| CVE-2020-28852 | medium | — | 5.5 | 4y ago | RHSA-2022:7129: git-lfs security and bug fix update (Moderate) | |||
| CVE-2020-28851 | medium | — | 5.5 | 4y ago | RHSA-2022:7129: git-lfs security and bug fix update (Moderate) | |||
| CVE-2020-36516 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2020-0256 | medium | — | 5.5 | 4y ago | RHSA-2022:7700: gdisk security update (Moderate) | |||
| CVE-2020-36558 | medium | — | 5.5 | 4y ago | A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. | |||
| CVE-2020-10735 | medium | — | 5.5 | 4y ago | A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for… | |||
| CVE-2020-35527 | medium | — | 5.5 | 4y ago | RHSA-2022:7108: sqlite security update (Moderate) | |||
| CVE-2020-35525 | medium | — | 5.5 | 4y ago | RHSA-2022:7108: sqlite security update (Moderate) | |||
| CVE-2020-7788 | medium | — | 5.5 | 4y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-28469 | medium | — | 5.5 | 4y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-35509 | medium | — | 5.5 | 4y ago | Keycloak vulnerable to Improper Certificate Validation | |||
| CVE-2020-28367 | medium | — | 5.5 | 4y ago | RHSA-2020:5493: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2020-28366 | medium | — | 5.5 | 4y ago | RHSA-2020:5493: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2020-29652 | medium | — | 5.5 | 4y ago | A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. | |||
| CVE-2020-1695 | medium | — | 5.5 | 4y ago | RHSA-2021:1775: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-25864 | medium | — | 5.5 | 4y ago | HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul | |||
| CVE-2020-24303 | medium | — | 5.5 | 4y ago | RHSA-2021:1859: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11110 | medium | — | 5.5 | 4y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14019 | medium | — | 5.5 | 4y ago | RHEA-2020:4505: python-rtslib bug fix and enhancement update (Moderate) | |||
| CVE-2020-10749 | medium | — | 5.5 | 4y ago | RHSA-2020:4694: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13430 | medium | — | 5.5 | 4y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-12458 | medium | — | 5.5 | 4y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-12459 | medium | — | 5.5 | 4y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-12245 | medium | — | 5.5 | 4y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1726 | medium | — | 5.5 | 4y ago | RHSA-2020:1650: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-35492 | medium | — | 5.5 | 4y ago | RHSA-2022:1961: cairo and pixman security and bug fix update (Moderate) | |||
| CVE-2020-35452 | medium | — | 5.5 | 4y ago | Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP … | |||
| CVE-2020-19131 | medium | — | 5.5 | 4y ago | RHSA-2022:1810: libtiff security update (Moderate) | |||
| CVE-2020-18898 | medium | — | 5.5 | 4y ago | RHSA-2022:1842: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-27826 | medium | — | 5.5 | 4y ago | Authentication Bypass in keycloak | |||
| CVE-2020-15586 | medium | — | 5.5 | 4y ago | RHSA-2020:3665: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2020-29509 | medium | — | 5.5 | 4y ago | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that … | |||
| CVE-2020-15366 | medium | — | 5.5 | 4y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-11996 | medium | — | 5.5 | 4y ago | A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient … | |||
| CVE-2020-17527 | medium | — | 5.5 | 4y ago | While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream re… | |||
| CVE-2020-14366 | medium | — | 5.5 | 4y ago | Path Traversal | |||
| CVE-2020-11988 | medium | — | 5.5 | 4y ago | Server-side request forgery (SSRF) in Apache XmlGraphics Commons | |||
| CVE-2020-24553 | medium | — | 5.5 | 4y ago | RHSA-2020:5493: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2020-11987 | medium | — | 5.5 | 5y ago | Server-side request forgery (SSRF) in Apache Batik | |||
| CVE-2020-16845 | medium | — | 5.5 | 5y ago | RHSA-2020:3665: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2020-25719 | medium | — | 5.5 | 5y ago | RHSA-2021:5142: idm:DL1 security update (Moderate) | |||
| CVE-2020-13435 | medium | — | 5.5 | 5y ago | RHSA-2021:4396: sqlite security update (Moderate) | |||
| CVE-2020-10001 | medium | — | 5.5 | 5y ago | RHSA-2021:4393: cups security and bug fix update (Moderate) | |||
| CVE-2020-36241 | medium | — | 5.5 | 5y ago | RHSA-2021:4381: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-24870 | medium | — | 5.5 | 5y ago | RHSA-2021:4381: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13558 | medium | — | 5.5 | 5y ago | A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. | |||
| CVE-2020-27918 | medium | — | 5.5 | 5y ago | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS … | |||
| CVE-2020-29623 | medium | — | 5.5 | 5y ago | "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security… | |||
| CVE-2020-14145 | medium | — | 5.5 | 5y ago | The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connect… | |||
| CVE-2020-35448 | medium | — | 5.5 | 5y ago | RHSA-2021:4364: binutils security update (Moderate) | |||
| CVE-2020-13529 | medium | — | 5.5 | 5y ago | An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing att… | |||
| CVE-2020-36386 | medium | — | 5.5 | 5y ago | An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. | |||
| CVE-2020-24503 | medium | — | 5.5 | 5y ago | RHSA-2021:4356: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-24504 | medium | — | 5.5 | 5y ago | Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local acces… | |||
| CVE-2020-26141 | medium | — | 5.5 | 5y ago | An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adver… | |||
| CVE-2020-26147 | medium | — | 5.5 | 5y ago | An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused … | |||
| CVE-2020-24588 | medium | — | 5.5 | 5y ago | The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authentica… | |||
| CVE-2020-26145 | medium | — | 5.5 | 5y ago | An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and proces… | |||
| CVE-2020-26139 | medium | — | 5.5 | 5y ago | An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be… | |||
| CVE-2020-26140 | medium | — | 5.5 | 5y ago | RHSA-2021:4356: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-26144 | medium | — | 5.5 | 5y ago | RHSA-2021:4356: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-26143 | medium | — | 5.5 | 5y ago | RHSA-2021:4356: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-24587 | medium | — | 5.5 | 5y ago | The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An a… | |||
| CVE-2020-29368 | medium | — | 5.5 | 5y ago | An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a T… | |||
| CVE-2020-29660 | medium | — | 5.5 | 5y ago | A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIO… | |||
| CVE-2020-36158 | medium | — | 5.5 | 5y ago | mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID… | |||
| CVE-2020-36312 | medium | — | 5.5 | 5y ago | An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. | |||
| CVE-2020-27777 | medium | — | 5.5 | 5y ago | A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors … | |||
| CVE-2020-24502 | medium | — | 5.5 | 5y ago | RHSA-2021:4356: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0427 | medium | — | 5.5 | 5y ago | In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User inter… | |||
| CVE-2020-24586 | medium | — | 5.5 | 5y ago | The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting … | |||
| CVE-2020-1946 | medium | — | 5.5 | 5y ago | RHSA-2021:4315: spamassassin security update (Moderate) | |||
| CVE-2020-17541 | medium | — | 5.5 | 5y ago | RHSA-2021:4288: libjpeg-turbo security and bug fix update (Moderate) | |||
| CVE-2020-18032 | medium | — | 5.5 | 5y ago | RHSA-2021:4256: graphviz security update (Moderate) | |||
| CVE-2020-27842 | medium | — | 5.5 | 5y ago | RHSA-2021:4251: openjpeg2 security update (Moderate) | |||
| CVE-2020-27823 | medium | — | 5.5 | 5y ago | RHSA-2021:4251: openjpeg2 security update (Moderate) | |||
| CVE-2020-15389 | medium | — | 5.5 | 5y ago | RHSA-2021:4251: openjpeg2 security update (Moderate) | |||
| CVE-2020-27824 | medium | — | 5.5 | 5y ago | RHSA-2021:4251: openjpeg2 security update (Moderate) | |||
| CVE-2020-27845 | medium | — | 5.5 | 5y ago | RHSA-2021:4251: openjpeg2 security update (Moderate) | |||
| CVE-2020-27814 | medium | — | 5.5 | 5y ago | RHSA-2021:4251: openjpeg2 security update (Moderate) | |||
| CVE-2020-27843 | medium | — | 5.5 | 5y ago | RHSA-2021:4251: openjpeg2 security update (Moderate) | |||
| CVE-2020-35521 | medium | — | 5.5 | 5y ago | RHSA-2021:4241: libtiff security and bug fix update (Moderate) |