CVEs from 2020
Total
3,794
critical
critical 206
high
high 563
medium
medium 744
low
low 60
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-6500 | unknown | — | — | — | Inappropriate implementation in interstitials in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2020-11494 | unknown | — | — | — | An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive infor… | |||
| CVE-2020-12768 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time le… | |||
| CVE-2020-12769 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. | |||
| CVE-2020-13143 | unknown | — | — | — | gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attack… | |||
| CVE-2020-15393 | unknown | — | — | — | In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. | |||
| CVE-2020-16001 | unknown | — | — | — | Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6549 | unknown | — | — | — | Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6544 | unknown | — | — | — | Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-36765 | unknown | — | — | — | Insufficient policy enforcement in Navigation in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2020-17487 | unknown | — | — | — | radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_… | |||
| CVE-2020-14392 | unknown | — | — | — | An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's avai… | |||
| CVE-2020-14396 | unknown | — | — | — | An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. | |||
| CVE-2020-18839 | unknown | — | — | — | Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service. | |||
| CVE-2020-36773 | unknown | — | — | — | Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one … | |||
| CVE-2020-15900 | unknown | — | — | — | A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'po… | |||
| CVE-2020-14298 | unknown | — | — | — | The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed… | |||
| CVE-2020-29260 | unknown | — | — | — | libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup(). | |||
| CVE-2020-25671 | unknown | — | — | — | A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. | |||
| CVE-2020-12412 | unknown | — | — | — | By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock ico… | |||
| CVE-2020-27066 | unknown | — | — | — | In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges need… | |||
| CVE-2020-15650 | unknown | — | — | — | Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only a… | |||
| CVE-2020-6417 | unknown | — | — | — | Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry. | |||
| CVE-2020-15671 | unknown | — | — | — | When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed password being saved to the … | |||
| CVE-2020-15661 | unknown | — | — | — | A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. This vulnerability affects Firefox for iO… | |||
| CVE-2020-15993 | unknown | — | — | — | Use after free in printing in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-25678 | unknown | — | — | — | A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visibl… | |||
| CVE-2020-6498 | unknown | — | — | — | Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||
| CVE-2020-6499 | unknown | — | — | — | Inappropriate implementation in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass AppCache security restrictions via a crafted HTML page. | |||
| CVE-2020-6377 | unknown | — | — | — | Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-36387 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35. | |||
| CVE-2020-15994 | unknown | — | — | — | Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-36691 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference. | |||
| CVE-2020-36775 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential deadlock Using f2fs_trylock_op() in f2fs_write_compressed_pages() to avoid potential deadlock like w… | |||
| CVE-2020-36786 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: [next] staging: media: atomisp: fix memory leak of object flash In the case where the call to lm3554_platform_data_func re… | |||
| CVE-2020-36789 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context If a driver calls can_get_echo_skb() during a hardw… | |||
| CVE-2020-36791 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net_sched: keep alloc_hash updated after hash allocation In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex") I… | |||
| CVE-2020-3702 | unknown | — | — | — | u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the… | |||
| CVE-2020-8832 | unknown | — | — | — | The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discover… | |||
| CVE-2020-8834 | unknown | — | — | — | KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of t… | |||
| CVE-2020-13614 | unknown | — | — | — | An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification. | |||
| CVE-2020-15121 | unknown | — | — | — | In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger … | |||
| CVE-2020-16269 | unknown | — | — | — | radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section. | |||
| CVE-2020-27793 | unknown | — | — | — | An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could allow an attacker to cause a crash, and perform a denail of service attack. | |||
| CVE-2020-27794 | unknown | — | — | — | A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash. | |||
| CVE-2020-16000 | unknown | — | — | — | Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-12783 | unknown | — | — | — | Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. | |||
| CVE-2020-15997 | unknown | — | — | — | Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2020-16003 | unknown | — | — | — | Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-8428 | unknown | — | — | — | fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel … | |||
| CVE-2020-6383 | unknown | — | — | — | Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6386 | unknown | — | — | — | Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-27795 | unknown | — | — | — | A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command "adf" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_… | |||
| CVE-2020-27784 | unknown | — | — | — | A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises beca… | |||
| CVE-2020-27776 | unknown | — | — | — | A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the r… | |||
| CVE-2020-27768 | unknown | — | — | — | In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0. | |||
| CVE-2020-27765 | unknown | — | — | — | A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero.… | |||
| CVE-2020-27763 | unknown | — | — | — | A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. … | |||
| CVE-2020-27761 | unknown | — | — | — | WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a cra… | |||
| CVE-2020-27757 | unknown | — | — | — | A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The fla… | |||
| CVE-2020-27352 | unknown | — | — | — | When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and … | |||
| CVE-2020-27068 | unknown | — | — | — | Product: AndroidVersions: Android kernelAndroid ID: A-127973231References: Upstream kernel | |||
| CVE-2020-25741 | unknown | — | — | — | fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive. | |||
| CVE-2020-6540 | unknown | — | — | — | Buffer overflow in Skia in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-25676 | unknown | — | — | — | In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstra… | |||
| CVE-2020-6541 | unknown | — | — | — | Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-25670 | unknown | — | — | — | A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. | |||
| CVE-2020-25623 | unknown | — | — | — | Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used. | |||
| CVE-2020-14938 | unknown | — | — | — | An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size ve… | |||
| CVE-2020-14939 | unknown | — | — | — | An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, l… | |||
| CVE-2020-0030 | unknown | — | — | — | In binder_thread_release of binder.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User… | |||
| CVE-2020-0110 | unknown | — | — | — | In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User int… | |||
| CVE-2020-0423 | unknown | — | — | — | In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges … | |||
| CVE-2020-0429 | unknown | — | — | — | In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privil… | |||
| CVE-2020-11609 | unknown | — | — | — | An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid des… | |||
| CVE-2020-11669 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, … | |||
| CVE-2020-12656 | unknown | — | — | — | gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: Thi… | |||
| CVE-2020-12652 | unknown | — | — | — | The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, … | |||
| CVE-2020-12771 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. | |||
| CVE-2020-14390 | unknown | — | — | — | A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nat… | |||
| CVE-2020-14416 | unknown | — | — | — | In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/sli… | |||
| CVE-2020-25672 | unknown | — | — | — | A memory leak vulnerability was found in Linux kernel in llcp_sock_connect | |||
| CVE-2020-27067 | unknown | — | — | — | In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ne… | |||
| CVE-2020-29373 | unknown | — | — | — | An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintend… | |||
| CVE-2020-29374 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly … | |||
| CVE-2020-29534 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimi… | |||
| CVE-2020-35513 | unknown | — | — | — | A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if b… | |||
| CVE-2020-35519 | unknown | — | — | — | An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the sy… | |||
| CVE-2020-36311 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires … | |||
| CVE-2020-9391 | unknown | — | — | — | An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory … | |||
| CVE-2020-8992 | unknown | — | — | — | ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. | |||
| CVE-2020-24698 | unknown | — | — | — | An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a cras… | |||
| CVE-2020-27751 | unknown | — | — | — | A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside … | |||
| CVE-2020-25664 | unknown | — | — | — | In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-pr… | |||
| CVE-2020-25666 | unknown | — | — | — | There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. … | |||
| CVE-2020-27754 | unknown | — | — | — | In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate … | |||
| CVE-2020-25674 | unknown | — | — | — | WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible f… | |||
| CVE-2020-27750 | unknown | — | — | — | A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior i… | |||
| CVE-2020-27753 | unknown | — | — | — | There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to … | |||
| CVE-2020-27755 | unknown | — | — | — | in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event th… |