CVEs from 2020
Total
3,811
critical
critical 206
high
high 563
medium
medium 743
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-16032 | high | — | 8.0 | — | Insufficient data validation in sharing in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2020-28016 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase. | |||
| CVE-2020-6452 | high | — | 8.0 | — | Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6505 | high | — | 8.0 | — | Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2020-6495 | high | — | 8.0 | — | Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox es… | |||
| CVE-2020-16119 | high | — | 8.0 | — | Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ub… | |||
| CVE-2020-28011 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root. | |||
| CVE-2020-25829 | high | — | 8.0 | — | An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSS… | |||
| CVE-2020-6407 | high | — | 8.0 | — | Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-26262 | high | — | 8.0 | — | Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.… | |||
| CVE-2020-26555 | high | — | 8.0 | 2y ago | RHSA-2024:4352: kernel-rt security and bug fix update (Important) | |||
| CVE-2020-22219 | high | — | 8.0 | 3y ago | RHSA-2023:5046: flac security update (Important) | |||
| CVE-2020-28915 | high | — | 8.0 | 4y ago | A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. | |||
| CVE-2020-27838 | high | — | 8.0 | 4y ago | Keycloak discloses information without authentication | |||
| CVE-2020-1045 | high | — | 8.0 | 4y ago | RHSA-2020:3699: .NET Core 3.1 security and bugfix update (Important) | |||
| CVE-2020-1597 | high | — | 8.0 | 4y ago | RHSA-2020:3422: .NET Core 3.1 security and bugfix update (Important) | |||
| CVE-2020-1161 | high | — | 8.0 | 4y ago | RHSA-2020:2250: dotnet3.1 security update (Important) | |||
| CVE-2020-1108 | high | — | 8.0 | 4y ago | RHSA-2020:2471: .NET Core on Red Hat Enterprise Linux 8 security update (Important) | |||
| CVE-2020-7613 | high | — | 8.0 | 4y ago | Clamscan vulnerable to command injection | |||
| CVE-2020-5311 | high | — | 8.0 | 4y ago | RHSA-2020:0580: python-pillow security update (Important) | |||
| CVE-2020-4788 | high | — | 8.0 | 4y ago | IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. | |||
| CVE-2020-27820 | high | — | 8.0 | 4y ago | A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-o… | |||
| CVE-2020-13974 | high | — | 8.0 | 4y ago | An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in th… | |||
| CVE-2020-0404 | high | — | 8.0 | 4y ago | In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional e… | |||
| CVE-2020-10734 | high | — | 8.0 | 4y ago | OIDC Logout redirect in keycloak | |||
| CVE-2020-13692 | high | — | 8.0 | 4y ago | RHSA-2020:3176: postgresql-jdbc security update (Important) | |||
| CVE-2020-1717 | high | — | 8.0 | 4y ago | Generation of Error Message Containing Sensitive Information in Keycloak | |||
| CVE-2020-1725 | high | — | 8.0 | 4y ago | Incorrect Authorization in keycloak | |||
| CVE-2020-1714 | high | — | 8.0 | 4y ago | Improper Input Validation in Keycloak | |||
| CVE-2020-14359 | high | — | 8.0 | 4y ago | Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers | |||
| CVE-2020-13935 | high | — | 8.0 | 4y ago | The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could t… | |||
| CVE-2020-13934 | high | — | 8.0 | 4y ago | An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of … | |||
| CVE-2020-5312 | high | — | 8.0 | 5y ago | RHSA-2020:0580: python-pillow security update (Important) | |||
| CVE-2020-36385 | high | — | 8.0 | 5y ago | An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_… | |||
| CVE-2020-13675 | high | — | 8.0 | 5y ago | Unrestricted Upload of File with Dangerous Type in Drupal core | |||
| CVE-2020-13673 | high | — | 8.0 | 5y ago | The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it i… | |||
| CVE-2020-13677 | high | — | 8.0 | 5y ago | Drupal core access bypass vulnerability | |||
| CVE-2020-13676 | high | — | 8.0 | 5y ago | Incorrect Authorization in Drupal core | |||
| CVE-2020-13674 | high | — | 8.0 | 5y ago | Cross-Site Request Forgery in Drupal core | |||
| CVE-2020-26265 | high | — | 8.0 | 5y ago | Consensus flaw in github.com/ethereum/go-ethereum | |||
| CVE-2020-26541 | high | — | 8.0 | 5y ago | The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. | |||
| CVE-2020-24512 | high | — | 8.0 | 5y ago | RHSA-2021:3027: microcode_ctl security, bug fix and enhancement update (Important) | |||
| CVE-2020-24489 | high | — | 8.0 | 5y ago | RHSA-2021:3027: microcode_ctl security, bug fix and enhancement update (Important) | |||
| CVE-2020-24513 | high | — | 8.0 | 5y ago | RHSA-2021:2308: microcode_ctl security, bug fix and enhancement update (Important) | |||
| CVE-2020-36328 | high | — | 8.0 | 5y ago | RHSA-2021:2354: libwebp security update (Important) | |||
| CVE-2020-24511 | high | — | 8.0 | 5y ago | RHSA-2021:3027: microcode_ctl security, bug fix and enhancement update (Important) | |||
| CVE-2020-36329 | high | — | 8.0 | 5y ago | RHSA-2021:2354: libwebp security update (Important) | |||
| CVE-2020-15257 | high | — | 8.0 | 5y ago | containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed t… | |||
| CVE-2020-10696 | high | — | 8.0 | 5y ago | RHSA-2020:1932: container-tools:rhel8 security update (Important) | |||
| CVE-2020-25097 | high | — | 8.0 | 5y ago | RHSA-2021:1979: squid:4 security update (Important) | |||
| CVE-2020-36322 | high | — | 8.0 | 5y ago | An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a … | |||
| CVE-2020-28974 | high | — | 8.0 | 5y ago | A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs … | |||
| CVE-2020-35508 | high | — | 8.0 | 5y ago | A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local… | |||
| CVE-2020-27835 | high | — | 8.0 | 5y ago | A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash… | |||
| CVE-2020-27786 | high | — | 8.0 | 5y ago | A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue.… | |||
| CVE-2020-25285 | high | — | 8.0 | 5y ago | A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly hav… | |||
| CVE-2020-25284 | high | — | 8.0 | 5y ago | The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map … | |||
| CVE-2020-25643 | high | — | 8.0 | 5y ago | A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function wh… | |||
| CVE-2020-15437 | high | — | 8.0 | 5y ago | The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service… | |||
| CVE-2020-14356 | high | — | 8.0 | 5y ago | A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or e… | |||
| CVE-2020-25212 | high | — | 8.0 | 5y ago | A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nf… | |||
| CVE-2020-25704 | high | — | 8.0 | 5y ago | A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denia… | |||
| CVE-2020-12464 | high | — | 8.0 | 5y ago | usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. | |||
| CVE-2020-12364 | high | — | 8.0 | 5y ago | Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a den… | |||
| CVE-2020-12362 | high | — | 8.0 | 5y ago | Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a… | |||
| CVE-2020-12363 | high | — | 8.0 | 5y ago | Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial o… | |||
| CVE-2020-11608 | high | — | 8.0 | 5y ago | An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoin… | |||
| CVE-2020-12114 | high | — | 8.0 | 5y ago | A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to … | |||
| CVE-2020-0431 | high | — | 8.0 | 5y ago | In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. U… | |||
| CVE-2020-14314 | high | — | 8.0 | 5y ago | A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to… | |||
| CVE-2020-24394 | high | — | 8.0 | 5y ago | In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs be… | |||
| CVE-2020-25645 | high | — | 8.0 | 5y ago | A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by … | |||
| CVE-2020-36694 | high | — | 8.0 | 5y ago | An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurren… | |||
| CVE-2020-36557 | high | — | 8.0 | 5y ago | A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. | |||
| CVE-2020-28052 | high | — | 8.0 | 5y ago | Logic error in Legion of the Bouncy Castle BC Java | |||
| CVE-2020-28468 | high | — | 8.0 | 5y ago | This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code ex… | |||
| CVE-2020-28362 | high | — | 8.0 | 5y ago | RHSA-2021:0706: container-tools:2.0 security update (Important) | |||
| CVE-2020-27152 | high | — | 8.0 | 5y ago | An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge trigg… | |||
| CVE-2020-0466 | high | — | 8.0 | 5y ago | In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privilege… | |||
| CVE-2020-35517 | high | — | 8.0 | 5y ago | A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared di… | |||
| CVE-2020-8625 | high | — | 8.0 | 5y ago | RHSA-2021:0670: bind security update (Important) | |||
| CVE-2020-8696 | high | — | 8.0 | 5y ago | RHSA-2021:3027: microcode_ctl security, bug fix and enhancement update (Important) | |||
| CVE-2020-25705 | high | — | 8.0 | 5y ago | A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Soft… | |||
| CVE-2020-29661 | high | — | 8.0 | 5y ago | A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. | |||
| CVE-2020-14351 | high | — | 8.0 | 5y ago | A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly esca… | |||
| CVE-2020-17525 | high | — | 8.0 | 5y ago | RHSA-2021:0507: subversion:1.10 security update (Important) | |||
| CVE-2020-15685 | high | — | 8.0 | 5y ago | multiple issues in thunderbird | |||
| CVE-2020-26976 | high | — | 8.0 | 5y ago | When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe … | |||
| CVE-2020-25685 | high | — | 8.0 | 5y ago | RHSA-2021:0150: dnsmasq security update (Important) | |||
| CVE-2020-25686 | high | — | 8.0 | 5y ago | RHSA-2021:0150: dnsmasq security update (Important) | |||
| CVE-2020-25684 | high | — | 8.0 | 5y ago | RHSA-2021:0150: dnsmasq security update (Important) | |||
| CVE-2020-25683 | high | — | 8.0 | 5y ago | RHSA-2021:0150: dnsmasq security update (Important) | |||
| CVE-2020-25681 | high | — | 8.0 | 5y ago | RHSA-2021:0150: dnsmasq security update (Important) | |||
| CVE-2020-25682 | high | — | 8.0 | 5y ago | RHSA-2021:0150: dnsmasq security update (Important) | |||
| CVE-2020-25687 | high | — | 8.0 | 5y ago | RHSA-2021:0150: dnsmasq security update (Important) | |||
| CVE-2020-25211 | high | — | 8.0 | 6y ago | In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctn… | |||
| CVE-2020-25696 | high | — | 8.0 | 6y ago | RHSA-2020:5620: postgresql:12 security update (Important) | |||
| CVE-2020-25695 | high | — | 8.0 | 6y ago | RHSA-2020:5620: postgresql:12 security update (Important) | |||
| CVE-2020-1720 | high | — | 8.0 | 6y ago | RHSA-2020:5620: postgresql:12 security update (Important) | |||
| CVE-2020-25694 | high | — | 8.0 | 6y ago | RHSA-2020:5620: postgresql:12 security update (Important) |