CVEs from 2020
Total
3,801
critical
critical 206
high
high 563
medium
medium 744
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-26297 | medium | — | 5.5 | 6y ago | XSS in mdBook's search page | |||
| CVE-2020-26275 | medium | — | 5.5 | 6y ago | The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version … | |||
| CVE-2020-13249 | medium | — | 5.5 | 6y ago | RHSA-2020:5503: mariadb-connector-c security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14776 | medium | — | 5.5 | 6y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14789 | medium | — | 5.5 | 6y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14812 | medium | — | 5.5 | 6y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8277 | medium | — | 5.5 | 6y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-25654 | medium | — | 5.5 | 6y ago | RHSA-2020:5487: pacemaker security update (Moderate) | |||
| CVE-2020-24659 | medium | — | 5.5 | 6y ago | RHSA-2020:5483: gnutls security and bug fix update (Moderate) | |||
| CVE-2020-16166 | medium | — | 5.5 | 6y ago | The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is relat… | |||
| CVE-2020-28214 | medium | 5.5 | 5.5 | 6y ago | A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictiona… | |||
| CVE-2020-26257 | medium | — | 5.5 | 6y ago | Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed e… | |||
| CVE-2020-28948 | medium | — | 5.5 | 6y ago | RHSA-2022:6542: php:7.4 security update (Moderate) | |||
| CVE-2020-28941 | medium | 5.5 | 5.5 | 6y ago | An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack… | |||
| CVE-2020-15266 | medium | — | 5.5 | 6y ago | In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Atte… | |||
| CVE-2020-15265 | medium | — | 5.5 | 6y ago | In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tens… | |||
| CVE-2020-1931 | medium | — | 5.5 | 6y ago | RHSA-2020:4625: spamassassin security update (Moderate) | |||
| CVE-2020-1752 | medium | — | 5.5 | 6y ago | RHSA-2020:4444: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-12767 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13113 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13114 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0198 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-10029 | medium | — | 5.5 | 6y ago | RHSA-2020:4444: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-9327 | medium | — | 5.5 | 6y ago | RHSA-2020:4442: sqlite security update (Moderate) | |||
| CVE-2020-1751 | medium | — | 5.5 | 6y ago | RHSA-2020:4444: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-10730 | medium | — | 5.5 | 6y ago | RHSA-2020:4568: libldb security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8619 | medium | — | 5.5 | 6y ago | RHSA-2020:4500: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8622 | medium | — | 5.5 | 6y ago | RHSA-2020:4500: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8623 | medium | — | 5.5 | 6y ago | RHSA-2020:4500: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1930 | medium | — | 5.5 | 6y ago | RHSA-2020:4625: spamassassin security update (Moderate) | |||
| CVE-2020-13867 | medium | — | 5.5 | 6y ago | RHSA-2020:4697: targetcli security and enhancement update (Moderate) | |||
| CVE-2020-6405 | medium | — | 5.5 | 6y ago | Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2020-11653 | medium | — | 5.5 | 6y ago | An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There … | |||
| CVE-2020-0556 | medium | — | 5.5 | 6y ago | RHSA-2020:4481: bluez security update (Moderate) | |||
| CVE-2020-12137 | medium | — | 5.5 | 6y ago | RHSA-2020:4667: mailman:2.1 security and bug fix update (Moderate) | |||
| CVE-2020-14382 | medium | — | 5.5 | 6y ago | RHSA-2020:4542: cryptsetup security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8631 | medium | — | 5.5 | 6y ago | RHSA-2020:4650: cloud-init security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-25715 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1730 | medium | — | 5.5 | 6y ago | RHSA-2020:4545: libssh security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8177 | medium | — | 5.5 | 6y ago | curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | |||
| CVE-2020-1721 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0093 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0182 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8624 | medium | — | 5.5 | 6y ago | RHSA-2020:4500: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-15720 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0181 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-10737 | medium | — | 5.5 | 6y ago | RHSA-2020:4687: oddjob security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8632 | medium | — | 5.5 | 6y ago | RHSA-2020:4650: cloud-init security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-25690 | medium | — | 5.5 | 6y ago | RHSA-2020:4844: fontforge security update (Moderate) | |||
| CVE-2020-10967 | medium | — | 5.5 | 6y ago | In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart. | |||
| CVE-2020-10958 | medium | — | 5.5 | 6y ago | In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving … | |||
| CVE-2020-1927 | medium | — | 5.5 | 6y ago | In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL… | |||
| CVE-2020-1934 | medium | — | 5.5 | 6y ago | In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. | |||
| CVE-2020-8449 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8450 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-15049 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-24606 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14058 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13962 | medium | — | 5.5 | 6y ago | RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate) | |||
| CVE-2020-0569 | medium | — | 5.5 | 6y ago | RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate) | |||
| CVE-2020-0570 | medium | — | 5.5 | 6y ago | RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate) | |||
| CVE-2020-12052 | medium | — | 5.5 | 6y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14301 | medium | — | 5.5 | 6y ago | RHSA-2020:4676: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-10703 | medium | — | 5.5 | 6y ago | RHSA-2020:4676: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14339 | medium | — | 5.5 | 6y ago | RHSA-2020:4676: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1722 | medium | — | 5.5 | 6y ago | RHSA-2020:4670: idm:DL1 and idm:client security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11039 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11038 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11018 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11045 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11044 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11043 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11042 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11089 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11041 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11019 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11040 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11522 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11058 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11049 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11085 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11087 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11047 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11086 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11088 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11046 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11048 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13396 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11526 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11525 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13397 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8492 | medium | — | 5.5 | 6y ago | RHSA-2020:4641: python38:3.8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14422 | medium | — | 5.5 | 6y ago | RHSA-2020:4641: python38:3.8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-12831 | medium | — | 5.5 | 6y ago | An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissi… | |||
| CVE-2020-10018 | medium | — | 5.5 | 6y ago | WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This… | |||
| CVE-2020-11793 | medium | — | 5.5 | 6y ago | A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memo… | |||
| CVE-2020-9952 | medium | — | 5.5 | 6y ago | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windo… | |||
| CVE-2020-3900 | medium | — | 5.5 | 6y ago | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Win… | |||
| CVE-2020-9894 | medium | — | 5.5 | 6y ago | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for … | |||
| CVE-2020-9893 | medium | — | 5.5 | 6y ago | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud fo… |