CVEs from 2020
Total
3,809
critical
critical 206
high
high 563
medium
medium 743
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-12401 | medium | — | 5.5 | 5y ago | During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This… | |||
| CVE-2020-12400 | medium | — | 5.5 | 5y ago | When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects F… | |||
| CVE-2020-36242 | medium | — | 5.5 | 5y ago | RHSA-2021:1608: python-cryptography security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11979 | medium | — | 5.5 | 5y ago | Code injection in Apache Ant | |||
| CVE-2020-26272 | medium | — | 5.5 | 5y ago | IPC messages delivered to the wrong frame in Electron | |||
| CVE-2020-27783 | medium | — | 5.5 | 6y ago | RHSA-2021:1898: python-lxml security update (Moderate) | |||
| CVE-2020-26297 | medium | — | 5.5 | 6y ago | XSS in mdBook's search page | |||
| CVE-2020-26275 | medium | — | 5.5 | 6y ago | The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version … | |||
| CVE-2020-13249 | medium | — | 5.5 | 6y ago | RHSA-2020:5503: mariadb-connector-c security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14812 | medium | — | 5.5 | 6y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14789 | medium | — | 5.5 | 6y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14776 | medium | — | 5.5 | 6y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8277 | medium | — | 5.5 | 6y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-25654 | medium | — | 5.5 | 6y ago | RHSA-2020:5487: pacemaker security update (Moderate) | |||
| CVE-2020-24659 | medium | — | 5.5 | 6y ago | RHSA-2020:5483: gnutls security and bug fix update (Moderate) | |||
| CVE-2020-16166 | medium | — | 5.5 | 6y ago | The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is relat… | |||
| CVE-2020-28214 | medium | 5.5 | 5.5 | 6y ago | A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictiona… | |||
| CVE-2020-26257 | medium | — | 5.5 | 6y ago | Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed e… | |||
| CVE-2020-28948 | medium | — | 5.5 | 6y ago | RHSA-2022:6542: php:7.4 security update (Moderate) | |||
| CVE-2020-28941 | medium | 5.5 | 5.5 | 6y ago | An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack… | |||
| CVE-2020-15266 | medium | — | 5.5 | 6y ago | In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Atte… | |||
| CVE-2020-15265 | medium | — | 5.5 | 6y ago | In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tens… | |||
| CVE-2020-12767 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0093 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8632 | medium | — | 5.5 | 6y ago | RHSA-2020:4650: cloud-init security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-6405 | medium | — | 5.5 | 6y ago | Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2020-8631 | medium | — | 5.5 | 6y ago | RHSA-2020:4650: cloud-init security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-25715 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-12137 | medium | — | 5.5 | 6y ago | RHSA-2020:4667: mailman:2.1 security and bug fix update (Moderate) | |||
| CVE-2020-1721 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0181 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0198 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-15720 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8177 | medium | — | 5.5 | 6y ago | curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | |||
| CVE-2020-13114 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-10737 | medium | — | 5.5 | 6y ago | RHSA-2020:4687: oddjob security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13113 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0182 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13867 | medium | — | 5.5 | 6y ago | RHSA-2020:4697: targetcli security and enhancement update (Moderate) | |||
| CVE-2020-10029 | medium | — | 5.5 | 6y ago | RHSA-2020:4444: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1730 | medium | — | 5.5 | 6y ago | RHSA-2020:4545: libssh security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8624 | medium | — | 5.5 | 6y ago | RHSA-2020:4500: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8619 | medium | — | 5.5 | 6y ago | RHSA-2020:4500: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0556 | medium | — | 5.5 | 6y ago | RHSA-2020:4481: bluez security update (Moderate) | |||
| CVE-2020-9327 | medium | — | 5.5 | 6y ago | RHSA-2020:4442: sqlite security update (Moderate) | |||
| CVE-2020-1752 | medium | — | 5.5 | 6y ago | RHSA-2020:4444: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1751 | medium | — | 5.5 | 6y ago | RHSA-2020:4444: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8623 | medium | — | 5.5 | 6y ago | RHSA-2020:4500: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8622 | medium | — | 5.5 | 6y ago | RHSA-2020:4500: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11653 | medium | — | 5.5 | 6y ago | An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There … | |||
| CVE-2020-10730 | medium | — | 5.5 | 6y ago | RHSA-2020:4568: libldb security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14382 | medium | — | 5.5 | 6y ago | RHSA-2020:4542: cryptsetup security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1930 | medium | — | 5.5 | 6y ago | RHSA-2020:4625: spamassassin security update (Moderate) | |||
| CVE-2020-1931 | medium | — | 5.5 | 6y ago | RHSA-2020:4625: spamassassin security update (Moderate) | |||
| CVE-2020-25690 | medium | — | 5.5 | 6y ago | RHSA-2020:4844: fontforge security update (Moderate) | |||
| CVE-2020-10967 | medium | — | 5.5 | 6y ago | In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart. | |||
| CVE-2020-10958 | medium | — | 5.5 | 6y ago | In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving … | |||
| CVE-2020-1934 | medium | — | 5.5 | 6y ago | In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. | |||
| CVE-2020-1927 | medium | — | 5.5 | 6y ago | In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL… | |||
| CVE-2020-8449 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-15049 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14058 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-24606 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8450 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0569 | medium | — | 5.5 | 6y ago | RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate) | |||
| CVE-2020-0570 | medium | — | 5.5 | 6y ago | RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate) | |||
| CVE-2020-13962 | medium | — | 5.5 | 6y ago | RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate) | |||
| CVE-2020-12052 | medium | — | 5.5 | 6y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14301 | medium | — | 5.5 | 6y ago | RHSA-2020:4676: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-10703 | medium | — | 5.5 | 6y ago | RHSA-2020:4676: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14339 | medium | — | 5.5 | 6y ago | RHSA-2020:4676: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1722 | medium | — | 5.5 | 6y ago | RHSA-2020:4670: idm:DL1 and idm:client security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11043 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11041 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11040 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11087 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11045 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11046 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11089 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11042 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11039 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11088 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11047 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11525 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11526 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11086 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13397 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11058 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11049 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11085 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11048 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11044 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13396 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11038 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11522 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11019 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11018 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8492 | medium | — | 5.5 | 6y ago | RHSA-2020:4641: python38:3.8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14422 | medium | — | 5.5 | 6y ago | RHSA-2020:4641: python38:3.8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-12831 | medium | — | 5.5 | 6y ago | An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissi… |