CVEs from 2020
Total
3,809
critical
critical 206
high
high 563
medium
medium 743
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-36404 | medium | — | 5.5 | — | arbitrary code execution in keystone | |||
| CVE-2020-26417 | medium | — | 5.5 | — | multiple issues in gitlab | |||
| CVE-2020-28626 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-36224 | medium | — | 5.5 | — | A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. | |||
| CVE-2020-35850 | medium | — | 5.5 | — | multiple issues in cockpit | |||
| CVE-2020-28621 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-35630 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28623 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28618 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-36229 | medium | — | 5.5 | — | A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. | |||
| CVE-2020-26682 | medium | — | 5.5 | — | In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow. | |||
| CVE-2020-36226 | medium | — | 5.5 | — | A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. | |||
| CVE-2020-26975 | medium | — | 5.5 | — | When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authori… | |||
| CVE-2020-29511 | medium | — | 5.5 | — | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that be… | |||
| CVE-2020-35629 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-35453 | medium | — | 5.5 | — | privilege escalation in vault | |||
| CVE-2020-26273 | medium | — | 5.5 | — | arbitrary filesystem access in osquery | |||
| CVE-2020-28600 | medium | — | 5.5 | — | An out-of-bounds write vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can … | |||
| CVE-2020-28624 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-26411 | medium | — | 5.5 | — | multiple issues in gitlab | |||
| CVE-2020-13938 | medium | — | 5.5 | — | Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows | |||
| CVE-2020-37174 | medium | 5.5 | 5.5 | 22d ago | WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design … | |||
| CVE-2020-37169 | medium | 5.5 | 5.5 | 22d ago | WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-u… | |||
| CVE-2020-36855 | medium | 5.5 | 5.5 | 8mo ago | A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stac… | |||
| CVE-2020-16156 | medium | — | 5.5 | 1y ago | RHSA-2025:8432: perl-CPAN security update (Moderate) | |||
| CVE-2020-13790 | medium | — | 5.5 | 1y ago | RHSA-2025:7540: libjpeg-turbo security update (Moderate) | |||
| CVE-2020-27792 | medium | — | 5.5 | 1y ago | RHSA-2025:4362: ghostscript security update (Moderate) | |||
| CVE-2020-10135 | medium | — | 5.5 | 2y ago | RHSA-2024:9315: kernel security update (Moderate) | |||
| CVE-2020-27827 | medium | — | 5.5 | 2y ago | Moderate: lldpd security update | |||
| CVE-2020-26154 | medium | — | 5.5 | 2y ago | RHEA-2024:8852: libproxy bug fix and enhancement update (Moderate) | |||
| CVE-2020-25219 | medium | — | 5.5 | 2y ago | RHEA-2024:8852: libproxy bug fix and enhancement update (Moderate) | |||
| CVE-2020-36777 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: Fix memory leak in dvb_media_device_free() dvb_media_device_free() is leaking memory. Free `dvbdev->adapter->conn`… | |||
| CVE-2020-25656 | medium | — | 5.5 | 2y ago | A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access … | |||
| CVE-2020-36024 | medium | — | 5.5 | 2y ago | An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. | |||
| CVE-2020-18652 | medium | — | 5.5 | 2y ago | RHSA-2024:3066: exempi security update (Moderate) | |||
| CVE-2020-18651 | medium | — | 5.5 | 2y ago | RHSA-2024:3066: exempi security update (Moderate) | |||
| CVE-2020-15778 | medium | — | 5.5 | 2y ago | scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that t… | |||
| CVE-2020-18770 | medium | — | 5.5 | 2y ago | Moderate: zziplib security update | |||
| CVE-2020-14370 | medium | — | 5.5 | 2y ago | RHSA-2021:0531: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-28991 | medium | — | 5.5 | 2y ago | Improper Access Control in Gitea | |||
| CVE-2020-28241 | medium | — | 5.5 | 2y ago | RHSA-2024:0768: libmaxminddb security update (Moderate) | |||
| CVE-2020-35177 | medium | — | 5.5 | 2y ago | Enumeration of users in HashiCorp Vault in github.com/hashicorp/vault | |||
| CVE-2020-28053 | medium | — | 5.5 | 2y ago | Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul | |||
| CVE-2020-25201 | medium | — | 5.5 | 2y ago | Denial of service in HashiCorp Consul in github.com/hashicorp/consul | |||
| CVE-2020-22217 | medium | — | 5.5 | 3y ago | RHSA-2023:7207: c-ares security update (Moderate) | |||
| CVE-2020-12762 | medium | — | 5.5 | 3y ago | RHSA-2023:6976: libfastjson security update (Moderate) | |||
| CVE-2020-24736 | medium | — | 5.5 | 3y ago | RHSA-2023:3840: sqlite security update (Moderate) | |||
| CVE-2020-17049 | medium | — | 5.5 | 3y ago | RHSA-2024:0143: idm:DL1 security update (Moderate) | |||
| CVE-2020-36518 | medium | — | 5.5 | 3y ago | RHSA-2024:3061: pki-core:10.6 and pki-deps:10.6 security update (Moderate) | |||
| CVE-2020-28852 | medium | — | 5.5 | 4y ago | RHSA-2022:7129: git-lfs security and bug fix update (Moderate) | |||
| CVE-2020-28851 | medium | — | 5.5 | 4y ago | RHSA-2022:7129: git-lfs security and bug fix update (Moderate) | |||
| CVE-2020-36516 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2020-0256 | medium | — | 5.5 | 4y ago | RHSA-2022:7700: gdisk security update (Moderate) | |||
| CVE-2020-36558 | medium | — | 5.5 | 4y ago | A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. | |||
| CVE-2020-10735 | medium | — | 5.5 | 4y ago | A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for… | |||
| CVE-2020-35527 | medium | — | 5.5 | 4y ago | RHSA-2022:7108: sqlite security update (Moderate) | |||
| CVE-2020-35525 | medium | — | 5.5 | 4y ago | RHSA-2022:7108: sqlite security update (Moderate) | |||
| CVE-2020-7788 | medium | — | 5.5 | 4y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-28469 | medium | — | 5.5 | 4y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-35509 | medium | — | 5.5 | 4y ago | Keycloak vulnerable to Improper Certificate Validation | |||
| CVE-2020-28367 | medium | — | 5.5 | 4y ago | RHSA-2020:5493: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2020-28366 | medium | — | 5.5 | 4y ago | RHSA-2020:5493: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2020-29652 | medium | — | 5.5 | 4y ago | A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. | |||
| CVE-2020-1695 | medium | — | 5.5 | 4y ago | RHSA-2021:1775: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-25864 | medium | — | 5.5 | 4y ago | HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul | |||
| CVE-2020-24303 | medium | — | 5.5 | 4y ago | RHSA-2021:1859: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11110 | medium | — | 5.5 | 4y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14019 | medium | — | 5.5 | 4y ago | RHEA-2020:4505: python-rtslib bug fix and enhancement update (Moderate) | |||
| CVE-2020-10749 | medium | — | 5.5 | 4y ago | RHSA-2020:4694: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13430 | medium | — | 5.5 | 4y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-12458 | medium | — | 5.5 | 4y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-12459 | medium | — | 5.5 | 4y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-12245 | medium | — | 5.5 | 4y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1726 | medium | — | 5.5 | 4y ago | RHSA-2020:1650: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-35492 | medium | — | 5.5 | 4y ago | RHSA-2022:1961: cairo and pixman security and bug fix update (Moderate) | |||
| CVE-2020-35452 | medium | — | 5.5 | 4y ago | Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP … | |||
| CVE-2020-19131 | medium | — | 5.5 | 4y ago | RHSA-2022:1810: libtiff security update (Moderate) | |||
| CVE-2020-18898 | medium | — | 5.5 | 4y ago | RHSA-2022:1842: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-27826 | medium | — | 5.5 | 4y ago | Authentication Bypass in keycloak | |||
| CVE-2020-15586 | medium | — | 5.5 | 4y ago | RHSA-2020:3665: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2020-29509 | medium | — | 5.5 | 4y ago | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that … | |||
| CVE-2020-15366 | medium | — | 5.5 | 4y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-11996 | medium | — | 5.5 | 4y ago | A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient … | |||
| CVE-2020-17527 | medium | — | 5.5 | 4y ago | While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream re… | |||
| CVE-2020-14366 | medium | — | 5.5 | 4y ago | Path Traversal | |||
| CVE-2020-11988 | medium | — | 5.5 | 4y ago | Server-side request forgery (SSRF) in Apache XmlGraphics Commons | |||
| CVE-2020-24553 | medium | — | 5.5 | 4y ago | RHSA-2020:5493: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2020-11987 | medium | — | 5.5 | 5y ago | Server-side request forgery (SSRF) in Apache Batik | |||
| CVE-2020-16845 | medium | — | 5.5 | 5y ago | RHSA-2020:3665: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2020-25719 | medium | — | 5.5 | 5y ago | RHSA-2021:5142: idm:DL1 security update (Moderate) | |||
| CVE-2020-13435 | medium | — | 5.5 | 5y ago | RHSA-2021:4396: sqlite security update (Moderate) | |||
| CVE-2020-10001 | medium | — | 5.5 | 5y ago | RHSA-2021:4393: cups security and bug fix update (Moderate) | |||
| CVE-2020-13558 | medium | — | 5.5 | 5y ago | A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. | |||
| CVE-2020-24870 | medium | — | 5.5 | 5y ago | RHSA-2021:4381: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-27918 | medium | — | 5.5 | 5y ago | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS … | |||
| CVE-2020-29623 | medium | — | 5.5 | 5y ago | "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security… | |||
| CVE-2020-36241 | medium | — | 5.5 | 5y ago | RHSA-2021:4381: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14145 | medium | — | 5.5 | 5y ago | The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connect… | |||
| CVE-2020-35448 | medium | — | 5.5 | 5y ago | RHSA-2021:4364: binutils security update (Moderate) | |||
| CVE-2020-13529 | medium | — | 5.5 | 5y ago | An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing att… |