CVEs from 2020
Total
3,802
critical
critical 206
high
high 563
medium
medium 743
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-26297 | medium | — | 5.5 | 6y ago | XSS in mdBook's search page | |||
| CVE-2020-26275 | medium | — | 5.5 | 6y ago | The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version … | |||
| CVE-2020-13249 | medium | — | 5.5 | 6y ago | RHSA-2020:5503: mariadb-connector-c security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14776 | medium | — | 5.5 | 6y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14789 | medium | — | 5.5 | 6y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14812 | medium | — | 5.5 | 6y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8277 | medium | — | 5.5 | 6y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-25654 | medium | — | 5.5 | 6y ago | RHSA-2020:5487: pacemaker security update (Moderate) | |||
| CVE-2020-24659 | medium | — | 5.5 | 6y ago | RHSA-2020:5483: gnutls security and bug fix update (Moderate) | |||
| CVE-2020-16166 | medium | — | 5.5 | 6y ago | The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is relat… | |||
| CVE-2020-28214 | medium | 5.5 | 5.5 | 6y ago | A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictiona… | |||
| CVE-2020-26257 | medium | — | 5.5 | 6y ago | Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed e… | |||
| CVE-2020-28948 | medium | — | 5.5 | 6y ago | RHSA-2022:6542: php:7.4 security update (Moderate) | |||
| CVE-2020-28941 | medium | 5.5 | 5.5 | 6y ago | An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack… | |||
| CVE-2020-15266 | medium | — | 5.5 | 6y ago | In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Atte… | |||
| CVE-2020-15265 | medium | — | 5.5 | 6y ago | In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tens… | |||
| CVE-2020-8177 | medium | — | 5.5 | 6y ago | curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | |||
| CVE-2020-10737 | medium | — | 5.5 | 6y ago | RHSA-2020:4687: oddjob security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-12137 | medium | — | 5.5 | 6y ago | RHSA-2020:4667: mailman:2.1 security and bug fix update (Moderate) | |||
| CVE-2020-8631 | medium | — | 5.5 | 6y ago | RHSA-2020:4650: cloud-init security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8632 | medium | — | 5.5 | 6y ago | RHSA-2020:4650: cloud-init security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1730 | medium | — | 5.5 | 6y ago | RHSA-2020:4545: libssh security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8624 | medium | — | 5.5 | 6y ago | RHSA-2020:4500: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0556 | medium | — | 5.5 | 6y ago | RHSA-2020:4481: bluez security update (Moderate) | |||
| CVE-2020-1751 | medium | — | 5.5 | 6y ago | RHSA-2020:4444: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1752 | medium | — | 5.5 | 6y ago | RHSA-2020:4444: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-10029 | medium | — | 5.5 | 6y ago | RHSA-2020:4444: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-9327 | medium | — | 5.5 | 6y ago | RHSA-2020:4442: sqlite security update (Moderate) | |||
| CVE-2020-11653 | medium | — | 5.5 | 6y ago | An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There … | |||
| CVE-2020-6405 | medium | — | 5.5 | 6y ago | Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2020-13867 | medium | — | 5.5 | 6y ago | RHSA-2020:4697: targetcli security and enhancement update (Moderate) | |||
| CVE-2020-8622 | medium | — | 5.5 | 6y ago | RHSA-2020:4500: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8619 | medium | — | 5.5 | 6y ago | RHSA-2020:4500: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1931 | medium | — | 5.5 | 6y ago | RHSA-2020:4625: spamassassin security update (Moderate) | |||
| CVE-2020-14382 | medium | — | 5.5 | 6y ago | RHSA-2020:4542: cryptsetup security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1930 | medium | — | 5.5 | 6y ago | RHSA-2020:4625: spamassassin security update (Moderate) | |||
| CVE-2020-8623 | medium | — | 5.5 | 6y ago | RHSA-2020:4500: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0182 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-10730 | medium | — | 5.5 | 6y ago | RHSA-2020:4568: libldb security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-25715 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13114 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13113 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0093 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-15720 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1721 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-12767 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0198 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0181 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-25690 | medium | — | 5.5 | 6y ago | RHSA-2020:4844: fontforge security update (Moderate) | |||
| CVE-2020-10967 | medium | — | 5.5 | 6y ago | In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart. | |||
| CVE-2020-10958 | medium | — | 5.5 | 6y ago | In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving … | |||
| CVE-2020-1927 | medium | — | 5.5 | 6y ago | In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL… | |||
| CVE-2020-1934 | medium | — | 5.5 | 6y ago | In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. | |||
| CVE-2020-24606 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14058 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-15049 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8450 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8449 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0570 | medium | — | 5.5 | 6y ago | RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate) | |||
| CVE-2020-0569 | medium | — | 5.5 | 6y ago | RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate) | |||
| CVE-2020-13962 | medium | — | 5.5 | 6y ago | RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate) | |||
| CVE-2020-12052 | medium | — | 5.5 | 6y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14339 | medium | — | 5.5 | 6y ago | RHSA-2020:4676: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-10703 | medium | — | 5.5 | 6y ago | RHSA-2020:4676: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14301 | medium | — | 5.5 | 6y ago | RHSA-2020:4676: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1722 | medium | — | 5.5 | 6y ago | RHSA-2020:4670: idm:DL1 and idm:client security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11045 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11041 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11089 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11042 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11019 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11043 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11044 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11046 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11047 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11048 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11085 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11049 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11058 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11522 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11086 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11087 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13396 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11088 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11039 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11018 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11525 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11526 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13397 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11040 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11038 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8492 | medium | — | 5.5 | 6y ago | RHSA-2020:4641: python38:3.8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14422 | medium | — | 5.5 | 6y ago | RHSA-2020:4641: python38:3.8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-12831 | medium | — | 5.5 | 6y ago | An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissi… | |||
| CVE-2020-10018 | medium | — | 5.5 | 6y ago | WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This… | |||
| CVE-2020-9915 | medium | — | 5.5 | 6y ago | An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.… | |||
| CVE-2020-9803 | medium | — | 5.5 | 6y ago | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Wi… | |||
| CVE-2020-9802 | medium | — | 5.5 | 6y ago | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2… | |||
| CVE-2020-3902 | medium | — | 5.5 | 6y ago | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3,… | |||
| CVE-2020-3901 | medium | — | 5.5 | 6y ago | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Window… |