CVEs from 2020
Total
3,802
critical
critical 206
high
high 563
medium
medium 745
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-3865 | medium | — | 5.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for… | |||
| CVE-2020-3868 | medium | — | 5.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for… | |||
| CVE-2020-3895 | medium | — | 5.5 | 6y ago | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Win… | |||
| CVE-2020-3894 | medium | — | 5.5 | 6y ago | A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for W… | |||
| CVE-2020-3897 | medium | — | 5.5 | 6y ago | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Window… | |||
| CVE-2020-9806 | medium | — | 5.5 | 6y ago | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud … | |||
| CVE-2020-3899 | medium | — | 5.5 | 6y ago | A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Wi… | |||
| CVE-2020-3901 | medium | — | 5.5 | 6y ago | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Window… | |||
| CVE-2020-3902 | medium | — | 5.5 | 6y ago | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3,… | |||
| CVE-2020-9803 | medium | — | 5.5 | 6y ago | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Wi… | |||
| CVE-2020-15503 | medium | — | 5.5 | 6y ago | RHSA-2020:4451: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14391 | medium | — | 5.5 | 6y ago | RHSA-2020:4451: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-9952 | medium | — | 5.5 | 6y ago | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windo… | |||
| CVE-2020-9915 | medium | — | 5.5 | 6y ago | An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.… | |||
| CVE-2020-3885 | medium | — | 5.5 | 6y ago | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Wind… | |||
| CVE-2020-10018 | medium | — | 5.5 | 6y ago | WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This… | |||
| CVE-2020-11793 | medium | — | 5.5 | 6y ago | A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memo… | |||
| CVE-2020-9895 | medium | — | 5.5 | 6y ago | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud fo… | |||
| CVE-2020-9893 | medium | — | 5.5 | 6y ago | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud fo… | |||
| CVE-2020-9894 | medium | — | 5.5 | 6y ago | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for … | |||
| CVE-2020-9862 | medium | — | 5.5 | 6y ago | A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes… | |||
| CVE-2020-3862 | medium | — | 5.5 | 6y ago | A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows … | |||
| CVE-2020-3864 | medium | — | 5.5 | 6y ago | A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and… | |||
| CVE-2020-3900 | medium | — | 5.5 | 6y ago | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Win… | |||
| CVE-2020-10774 | medium | — | 5.5 | 6y ago | A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysctl subsystem when reading the /proc/sys/kernel/rh_features file. This flaw allows a local user to re… | |||
| CVE-2020-12770 | medium | — | 5.5 | 6y ago | An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. | |||
| CVE-2020-10751 | medium | — | 5.5 | 6y ago | A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrec… | |||
| CVE-2020-10732 | medium | — | 5.5 | 6y ago | A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. | |||
| CVE-2020-0305 | medium | — | 5.5 | 6y ago | In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no… | |||
| CVE-2020-8649 | medium | — | 5.5 | 6y ago | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. | |||
| CVE-2020-10773 | medium | — | 5.5 | 6y ago | A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local us… | |||
| CVE-2020-12465 | medium | — | 5.5 | 6y ago | An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragmen… | |||
| CVE-2020-12659 | medium | — | 5.5 | 6y ago | An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom val… | |||
| CVE-2020-8647 | medium | — | 5.5 | 6y ago | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. | |||
| CVE-2020-10942 | medium | — | 5.5 | 6y ago | In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. | |||
| CVE-2020-12655 | medium | — | 5.5 | 6y ago | An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata… | |||
| CVE-2020-12826 | medium | — | 5.5 | 6y ago | A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a… | |||
| CVE-2020-11668 | medium | — | 5.5 | 6y ago | In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. | |||
| CVE-2020-0444 | medium | — | 5.5 | 6y ago | In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution priv… | |||
| CVE-2020-11565 | medium | — | 5.5 | 6y ago | An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, … | |||
| CVE-2020-14381 | medium | — | 5.5 | 6y ago | A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is abou… | |||
| CVE-2020-25641 | medium | — | 5.5 | 6y ago | A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loo… | |||
| CVE-2020-8648 | medium | — | 5.5 | 6y ago | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. | |||
| CVE-2020-25659 | medium | — | 5.5 | 6y ago | RHSA-2021:1608: python-cryptography security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14779 | medium | — | 5.5 | 6y ago | RHSA-2021:0530: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2020-14797 | medium | — | 5.5 | 6y ago | RHSA-2021:0530: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2020-14796 | medium | — | 5.5 | 6y ago | RHSA-2021:0530: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2020-14792 | medium | — | 5.5 | 6y ago | RHSA-2020:4347: java-1.8.0-openjdk security update (Moderate) | |||
| CVE-2020-8201 | medium | — | 5.5 | 6y ago | RHSA-2020:4272: nodejs:12 security and bug fix update (Moderate) | |||
| CVE-2020-8252 | medium | — | 5.5 | 6y ago | The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is lon… | |||
| CVE-2020-10756 | medium | — | 5.5 | 6y ago | An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo reques… | |||
| CVE-2020-25613 | medium | — | 5.5 | 6y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1945 | medium | — | 5.5 | 6y ago | Sensitive Data Exposure in Apache Ant | |||
| CVE-2020-2922 | medium | — | 5.5 | 6y ago | RHSA-2020:5503: mariadb-connector-c security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-2574 | medium | — | 5.5 | 6y ago | RHSA-2020:5503: mariadb-connector-c security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-2752 | medium | — | 5.5 | 6y ago | RHSA-2020:5503: mariadb-connector-c security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-7064 | medium | — | 5.5 | 6y ago | RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-7065 | medium | — | 5.5 | 6y ago | RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-7063 | medium | — | 5.5 | 6y ago | RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-7066 | medium | — | 5.5 | 6y ago | RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-7062 | medium | — | 5.5 | 6y ago | RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-7060 | medium | — | 5.5 | 6y ago | RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-7059 | medium | — | 5.5 | 6y ago | RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-12825 | medium | — | 5.5 | 6y ago | RHSA-2020:3654: libcroco security update (Moderate) | |||
| CVE-2020-7608 | medium | — | 5.5 | 6y ago | RHSA-2021:0548: nodejs:10 security update (Moderate) | |||
| CVE-2020-1574 | medium | 5.5 | 5.5 | 6y ago | A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitra… | |||
| CVE-2020-12402 | medium | — | 5.5 | 6y ago | During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perfo… | |||
| CVE-2020-8116 | medium | — | 5.5 | 6y ago | RHSA-2021:0548: nodejs:10 security update (Moderate) | |||
| CVE-2020-10713 | medium | — | 5.5 | 6y ago | RHSA-2020:3219: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2020-15707 | medium | — | 5.5 | 6y ago | RHSA-2020:3216: grub2 security update (Moderate) | |||
| CVE-2020-14308 | medium | — | 5.5 | 6y ago | RHSA-2020:3216: grub2 security update (Moderate) | |||
| CVE-2020-14309 | medium | — | 5.5 | 6y ago | RHSA-2020:3216: grub2 security update (Moderate) | |||
| CVE-2020-14310 | medium | — | 5.5 | 6y ago | RHSA-2020:3216: grub2 security update (Moderate) | |||
| CVE-2020-14311 | medium | — | 5.5 | 6y ago | RHSA-2020:3216: grub2 security update (Moderate) | |||
| CVE-2020-15705 | medium | — | 5.5 | 6y ago | RHSA-2020:3216: grub2 security update (Moderate) | |||
| CVE-2020-15706 | medium | — | 5.5 | 6y ago | RHSA-2020:3216: grub2 security update (Moderate) | |||
| CVE-2020-15780 | medium | — | 5.5 | 6y ago | An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot… | |||
| CVE-2020-1983 | medium | — | 5.5 | 6y ago | A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. | |||
| CVE-2020-10754 | medium | — | 5.5 | 6y ago | RHSA-2020:3011: NetworkManager security and bug fix update (Moderate) | |||
| CVE-2020-15095 | medium | — | 5.5 | 6y ago | Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:… | |||
| CVE-2020-15368 | medium | 5.5 | 5.5 | 6y ago | AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3. | |||
| CVE-2020-13112 | medium | — | 5.5 | 6y ago | RHSA-2020:2550: libexif security update (Moderate) | |||
| CVE-2020-13596 | medium | — | 5.5 | 6y ago | An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility … | |||
| CVE-2020-13254 | medium | — | 5.5 | 6y ago | An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collis… | |||
| CVE-2020-9547 | medium | — | 5.5 | 6y ago | RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-10673 | medium | — | 5.5 | 6y ago | RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-9548 | medium | — | 5.5 | 6y ago | RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11501 | medium | — | 5.5 | 6y ago | RHSA-2020:1998: gnutls security update (Moderate) | |||
| CVE-2020-1702 | medium | — | 5.5 | 6y ago | RHSA-2020:1650: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-5395 | medium | — | 5.5 | 6y ago | RHSA-2020:4844: fontforge security update (Moderate) | |||
| CVE-2020-10672 | medium | — | 5.5 | 6y ago | RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-10663 | medium | — | 5.5 | 6y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8840 | medium | — | 5.5 | 6y ago | RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1935 | medium | — | 5.5 | 6y ago | In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as va… | |||
| CVE-2020-7595 | medium | — | 5.5 | 6y ago | xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. | |||
| CVE-2020-7471 | medium | — | 5.5 | 6y ago | Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data … | |||
| CVE-2020-25900 | medium | 5.3 | 5.3 | 5h ago | HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client … | |||
| CVE-2020-37241 | medium | 5.3 | 5.3 | 20d ago | bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can… | |||
| CVE-2020-8927 | medium | 5.3 | 5.3 | 5y ago | RHSA-2022:0830: .NET 5.0 security and bugfix update (Important) | |||
| CVE-2020-26146 | medium | 5.3 | 5.3 | 5y ago | An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfi… |