CVEs from 2020
Total
3,810
critical
critical 206
high
high 563
medium
medium 743
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-12740 | medium | — | 5.5 | — | tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c. | |||
| CVE-2020-22037 | medium | — | 5.5 | — | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c. | |||
| CVE-2020-28629 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-26557 | medium | — | 5.5 | — | multiple issues in linux | |||
| CVE-2020-28086 | medium | — | 5.5 | — | pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the… | |||
| CVE-2020-26273 | medium | — | 5.5 | — | arbitrary filesystem access in osquery | |||
| CVE-2020-28628 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-27844 | medium | — | 5.5 | — | A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bou… | |||
| CVE-2020-25669 | medium | — | 5.5 | — | A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkb… | |||
| CVE-2020-28928 | medium | — | 5.5 | — | In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). | |||
| CVE-2020-35629 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-16120 | medium | — | 5.5 | — | Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were al… | |||
| CVE-2020-26421 | medium | — | 5.5 | — | Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | |||
| CVE-2020-27830 | medium | — | 5.5 | — | A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr d… | |||
| CVE-2020-28631 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28200 | medium | — | 5.5 | — | The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension. | |||
| CVE-2020-12912 | medium | — | 5.5 | — | A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks.… | |||
| CVE-2020-35630 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-35632 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-7046 | medium | — | 5.5 | — | lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login in… | |||
| CVE-2020-35850 | medium | — | 5.5 | — | multiple issues in cockpit | |||
| CVE-2020-37174 | medium | 5.5 | 5.5 | 22d ago | WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design … | |||
| CVE-2020-37169 | medium | 5.5 | 5.5 | 22d ago | WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-u… | |||
| CVE-2020-36855 | medium | 5.5 | 5.5 | 8mo ago | A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stac… | |||
| CVE-2020-16156 | medium | — | 5.5 | 1y ago | RHSA-2025:8432: perl-CPAN security update (Moderate) | |||
| CVE-2020-13790 | medium | — | 5.5 | 1y ago | RHSA-2025:7540: libjpeg-turbo security update (Moderate) | |||
| CVE-2020-27792 | medium | — | 5.5 | 1y ago | RHSA-2025:4362: ghostscript security update (Moderate) | |||
| CVE-2020-27827 | medium | — | 5.5 | 2y ago | Moderate: lldpd security update | |||
| CVE-2020-10135 | medium | — | 5.5 | 2y ago | RHSA-2024:9315: kernel security update (Moderate) | |||
| CVE-2020-26154 | medium | — | 5.5 | 2y ago | RHEA-2024:8852: libproxy bug fix and enhancement update (Moderate) | |||
| CVE-2020-25219 | medium | — | 5.5 | 2y ago | RHEA-2024:8852: libproxy bug fix and enhancement update (Moderate) | |||
| CVE-2020-36777 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: Fix memory leak in dvb_media_device_free() dvb_media_device_free() is leaking memory. Free `dvbdev->adapter->conn`… | |||
| CVE-2020-25656 | medium | — | 5.5 | 2y ago | A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access … | |||
| CVE-2020-36024 | medium | — | 5.5 | 2y ago | An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. | |||
| CVE-2020-18652 | medium | — | 5.5 | 2y ago | RHSA-2024:3066: exempi security update (Moderate) | |||
| CVE-2020-18651 | medium | — | 5.5 | 2y ago | RHSA-2024:3066: exempi security update (Moderate) | |||
| CVE-2020-15778 | medium | — | 5.5 | 2y ago | scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that t… | |||
| CVE-2020-18770 | medium | — | 5.5 | 2y ago | RHSA-2024:3127: zziplib security update (Moderate) | |||
| CVE-2020-14370 | medium | — | 5.5 | 2y ago | RHSA-2021:0531: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-28991 | medium | — | 5.5 | 2y ago | Improper Access Control in Gitea | |||
| CVE-2020-28241 | medium | — | 5.5 | 2y ago | RHSA-2024:0768: libmaxminddb security update (Moderate) | |||
| CVE-2020-35177 | medium | — | 5.5 | 2y ago | Enumeration of users in HashiCorp Vault in github.com/hashicorp/vault | |||
| CVE-2020-28053 | medium | — | 5.5 | 2y ago | Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul | |||
| CVE-2020-25201 | medium | — | 5.5 | 2y ago | Denial of service in HashiCorp Consul in github.com/hashicorp/consul | |||
| CVE-2020-22217 | medium | — | 5.5 | 3y ago | RHSA-2023:7207: c-ares security update (Moderate) | |||
| CVE-2020-12762 | medium | — | 5.5 | 3y ago | RHSA-2023:6976: libfastjson security update (Moderate) | |||
| CVE-2020-24736 | medium | — | 5.5 | 3y ago | RHSA-2023:3840: sqlite security update (Moderate) | |||
| CVE-2020-17049 | medium | — | 5.5 | 3y ago | RHSA-2024:0143: idm:DL1 security update (Moderate) | |||
| CVE-2020-36518 | medium | — | 5.5 | 3y ago | RHSA-2024:3061: pki-core:10.6 and pki-deps:10.6 security update (Moderate) | |||
| CVE-2020-28851 | medium | — | 5.5 | 4y ago | RHSA-2022:7129: git-lfs security and bug fix update (Moderate) | |||
| CVE-2020-36516 | medium | — | 5.5 | 4y ago | An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP… | |||
| CVE-2020-28852 | medium | — | 5.5 | 4y ago | RHSA-2022:7129: git-lfs security and bug fix update (Moderate) | |||
| CVE-2020-36558 | medium | — | 5.5 | 4y ago | A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. | |||
| CVE-2020-0256 | medium | — | 5.5 | 4y ago | RHSA-2022:7700: gdisk security update (Moderate) | |||
| CVE-2020-10735 | medium | — | 5.5 | 4y ago | A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for… | |||
| CVE-2020-35527 | medium | — | 5.5 | 4y ago | RHSA-2022:7108: sqlite security update (Moderate) | |||
| CVE-2020-35525 | medium | — | 5.5 | 4y ago | RHSA-2022:7108: sqlite security update (Moderate) | |||
| CVE-2020-7788 | medium | — | 5.5 | 4y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-28469 | medium | — | 5.5 | 4y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-35509 | medium | — | 5.5 | 4y ago | Keycloak vulnerable to Improper Certificate Validation | |||
| CVE-2020-28367 | medium | — | 5.5 | 4y ago | RHSA-2020:5493: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2020-28366 | medium | — | 5.5 | 4y ago | RHSA-2020:5493: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2020-29652 | medium | — | 5.5 | 4y ago | A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. | |||
| CVE-2020-1695 | medium | — | 5.5 | 4y ago | RHSA-2021:1775: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-25864 | medium | — | 5.5 | 4y ago | HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul | |||
| CVE-2020-24303 | medium | — | 5.5 | 4y ago | RHSA-2021:1859: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11110 | medium | — | 5.5 | 4y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14019 | medium | — | 5.5 | 4y ago | RHEA-2020:4505: python-rtslib bug fix and enhancement update (Moderate) | |||
| CVE-2020-10749 | medium | — | 5.5 | 4y ago | RHSA-2020:4694: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13430 | medium | — | 5.5 | 4y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-12458 | medium | — | 5.5 | 4y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-12459 | medium | — | 5.5 | 4y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-12245 | medium | — | 5.5 | 4y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1726 | medium | — | 5.5 | 4y ago | RHSA-2020:1650: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-35492 | medium | — | 5.5 | 4y ago | RHSA-2022:1961: cairo and pixman security and bug fix update (Moderate) | |||
| CVE-2020-35452 | medium | — | 5.5 | 4y ago | Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP … | |||
| CVE-2020-19131 | medium | — | 5.5 | 4y ago | RHSA-2022:1810: libtiff security update (Moderate) | |||
| CVE-2020-18898 | medium | — | 5.5 | 4y ago | RHSA-2022:1842: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-27826 | medium | — | 5.5 | 4y ago | Authentication Bypass in keycloak | |||
| CVE-2020-15586 | medium | — | 5.5 | 4y ago | RHSA-2020:3665: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2020-29509 | medium | — | 5.5 | 4y ago | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that … | |||
| CVE-2020-15366 | medium | — | 5.5 | 4y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-11996 | medium | — | 5.5 | 4y ago | A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient … | |||
| CVE-2020-17527 | medium | — | 5.5 | 4y ago | While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream re… | |||
| CVE-2020-14366 | medium | — | 5.5 | 4y ago | Path Traversal | |||
| CVE-2020-11988 | medium | — | 5.5 | 4y ago | Server-side request forgery (SSRF) in Apache XmlGraphics Commons | |||
| CVE-2020-24553 | medium | — | 5.5 | 4y ago | RHSA-2020:5493: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2020-11987 | medium | — | 5.5 | 5y ago | Server-side request forgery (SSRF) in Apache Batik | |||
| CVE-2020-16845 | medium | — | 5.5 | 5y ago | RHSA-2020:3665: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2020-25719 | medium | — | 5.5 | 5y ago | RHSA-2021:5142: idm:DL1 security update (Moderate) | |||
| CVE-2020-13435 | medium | — | 5.5 | 5y ago | RHSA-2021:4396: sqlite security update (Moderate) | |||
| CVE-2020-10001 | medium | — | 5.5 | 5y ago | RHSA-2021:4393: cups security and bug fix update (Moderate) | |||
| CVE-2020-36241 | medium | — | 5.5 | 5y ago | RHSA-2021:4381: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-27918 | medium | — | 5.5 | 5y ago | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS … | |||
| CVE-2020-29623 | medium | — | 5.5 | 5y ago | "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security… | |||
| CVE-2020-13558 | medium | — | 5.5 | 5y ago | A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. | |||
| CVE-2020-24870 | medium | — | 5.5 | 5y ago | RHSA-2021:4381: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14145 | medium | — | 5.5 | 5y ago | The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connect… | |||
| CVE-2020-35448 | medium | — | 5.5 | 5y ago | RHSA-2021:4364: binutils security update (Moderate) | |||
| CVE-2020-13529 | medium | — | 5.5 | 5y ago | RHSA-2021:4361: NetworkManager security, bug fix, and enhancement update (Moderate) |