CVEs from 2020
Total
3,802
critical
critical 206
high
high 563
medium
medium 743
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-10745 | high | — | 8.0 | — | A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server… | |||
| CVE-2020-35114 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |||
| CVE-2020-6491 | high | — | 8.0 | — | Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name. | |||
| CVE-2020-6487 | high | — | 8.0 | — | Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||
| CVE-2020-27187 | high | — | 8.0 | — | An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker … | |||
| CVE-2020-6494 | high | — | 8.0 | — | Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2020-6493 | high | — | 8.0 | — | Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM… | |||
| CVE-2020-6483 | high | — | 8.0 | — | Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||
| CVE-2020-6482 | high | — | 8.0 | — | Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions v… | |||
| CVE-2020-6474 | high | — | 8.0 | — | Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-26555 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2020-22219 | high | — | 8.0 | 3y ago | RHSA-2023:5046: flac security update (Important) | |||
| CVE-2020-28915 | high | — | 8.0 | 4y ago | A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. | |||
| CVE-2020-27838 | high | — | 8.0 | 4y ago | Keycloak discloses information without authentication | |||
| CVE-2020-1045 | high | — | 8.0 | 4y ago | RHSA-2020:3699: .NET Core 3.1 security and bugfix update (Important) | |||
| CVE-2020-1597 | high | — | 8.0 | 4y ago | RHSA-2020:3422: .NET Core 3.1 security and bugfix update (Important) | |||
| CVE-2020-1161 | high | — | 8.0 | 4y ago | RHSA-2020:2250: dotnet3.1 security update (Important) | |||
| CVE-2020-1108 | high | — | 8.0 | 4y ago | RHSA-2020:2471: .NET Core on Red Hat Enterprise Linux 8 security update (Important) | |||
| CVE-2020-7613 | high | — | 8.0 | 4y ago | Clamscan vulnerable to command injection | |||
| CVE-2020-5311 | high | — | 8.0 | 4y ago | RHSA-2020:0580: python-pillow security update (Important) | |||
| CVE-2020-4788 | high | — | 8.0 | 4y ago | IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. | |||
| CVE-2020-27820 | high | — | 8.0 | 4y ago | A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-o… | |||
| CVE-2020-0404 | high | — | 8.0 | 4y ago | In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional e… | |||
| CVE-2020-13974 | high | — | 8.0 | 4y ago | An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in th… | |||
| CVE-2020-10734 | high | — | 8.0 | 4y ago | OIDC Logout redirect in keycloak | |||
| CVE-2020-13692 | high | — | 8.0 | 4y ago | RHSA-2020:3176: postgresql-jdbc security update (Important) | |||
| CVE-2020-1717 | high | — | 8.0 | 4y ago | Generation of Error Message Containing Sensitive Information in Keycloak | |||
| CVE-2020-1725 | high | — | 8.0 | 4y ago | Incorrect Authorization in keycloak | |||
| CVE-2020-1714 | high | — | 8.0 | 4y ago | Improper Input Validation in Keycloak | |||
| CVE-2020-14359 | high | — | 8.0 | 4y ago | Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers | |||
| CVE-2020-13935 | high | — | 8.0 | 4y ago | The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could t… | |||
| CVE-2020-13934 | high | — | 8.0 | 4y ago | An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of … | |||
| CVE-2020-5312 | high | — | 8.0 | 5y ago | RHSA-2020:0580: python-pillow security update (Important) | |||
| CVE-2020-36385 | high | — | 8.0 | 5y ago | An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_… | |||
| CVE-2020-13675 | high | — | 8.0 | 5y ago | Unrestricted Upload of File with Dangerous Type in Drupal core | |||
| CVE-2020-13673 | high | — | 8.0 | 5y ago | The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it i… | |||
| CVE-2020-13677 | high | — | 8.0 | 5y ago | Drupal core access bypass vulnerability | |||
| CVE-2020-13676 | high | — | 8.0 | 5y ago | Incorrect Authorization in Drupal core | |||
| CVE-2020-13674 | high | — | 8.0 | 5y ago | Cross-Site Request Forgery in Drupal core | |||
| CVE-2020-26265 | high | — | 8.0 | 5y ago | Consensus flaw in github.com/ethereum/go-ethereum | |||
| CVE-2020-26541 | high | — | 8.0 | 5y ago | The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. | |||
| CVE-2020-24513 | high | — | 8.0 | 5y ago | RHSA-2021:2308: microcode_ctl security, bug fix and enhancement update (Important) | |||
| CVE-2020-36329 | high | — | 8.0 | 5y ago | RHSA-2021:2354: libwebp security update (Important) | |||
| CVE-2020-36328 | high | — | 8.0 | 5y ago | RHSA-2021:2354: libwebp security update (Important) | |||
| CVE-2020-24511 | high | — | 8.0 | 5y ago | RHSA-2021:3027: microcode_ctl security, bug fix and enhancement update (Important) | |||
| CVE-2020-24489 | high | — | 8.0 | 5y ago | RHSA-2021:3027: microcode_ctl security, bug fix and enhancement update (Important) | |||
| CVE-2020-24512 | high | — | 8.0 | 5y ago | RHSA-2021:3027: microcode_ctl security, bug fix and enhancement update (Important) | |||
| CVE-2020-15257 | high | — | 8.0 | 5y ago | containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed t… | |||
| CVE-2020-10696 | high | — | 8.0 | 5y ago | RHSA-2020:1932: container-tools:rhel8 security update (Important) | |||
| CVE-2020-25097 | high | — | 8.0 | 5y ago | RHSA-2021:1979: squid:4 security update (Important) | |||
| CVE-2020-25704 | high | — | 8.0 | 5y ago | A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denia… | |||
| CVE-2020-25643 | high | — | 8.0 | 5y ago | A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function wh… | |||
| CVE-2020-12464 | high | — | 8.0 | 5y ago | usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. | |||
| CVE-2020-14314 | high | — | 8.0 | 5y ago | A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to… | |||
| CVE-2020-12114 | high | — | 8.0 | 5y ago | A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to … | |||
| CVE-2020-27786 | high | — | 8.0 | 5y ago | A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue.… | |||
| CVE-2020-12364 | high | — | 8.0 | 5y ago | Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a den… | |||
| CVE-2020-25284 | high | — | 8.0 | 5y ago | The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map … | |||
| CVE-2020-11608 | high | — | 8.0 | 5y ago | An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoin… | |||
| CVE-2020-12363 | high | — | 8.0 | 5y ago | Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial o… | |||
| CVE-2020-12362 | high | — | 8.0 | 5y ago | Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a… | |||
| CVE-2020-25285 | high | — | 8.0 | 5y ago | A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly hav… | |||
| CVE-2020-28974 | high | — | 8.0 | 5y ago | A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs … | |||
| CVE-2020-24394 | high | — | 8.0 | 5y ago | In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs be… | |||
| CVE-2020-27835 | high | — | 8.0 | 5y ago | A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash… | |||
| CVE-2020-14356 | high | — | 8.0 | 5y ago | A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or e… | |||
| CVE-2020-25212 | high | — | 8.0 | 5y ago | A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nf… | |||
| CVE-2020-15437 | high | — | 8.0 | 5y ago | The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service… | |||
| CVE-2020-35508 | high | — | 8.0 | 5y ago | A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local… | |||
| CVE-2020-36322 | high | — | 8.0 | 5y ago | An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a … | |||
| CVE-2020-0431 | high | — | 8.0 | 5y ago | In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. U… | |||
| CVE-2020-36694 | high | — | 8.0 | 5y ago | An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurren… | |||
| CVE-2020-36557 | high | — | 8.0 | 5y ago | A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. | |||
| CVE-2020-25645 | high | — | 8.0 | 5y ago | A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by … | |||
| CVE-2020-28052 | high | — | 8.0 | 5y ago | Logic error in Legion of the Bouncy Castle BC Java | |||
| CVE-2020-28468 | high | — | 8.0 | 5y ago | This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code ex… | |||
| CVE-2020-28362 | high | — | 8.0 | 5y ago | RHSA-2021:0706: container-tools:2.0 security update (Important) | |||
| CVE-2020-0466 | high | — | 8.0 | 5y ago | In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privilege… | |||
| CVE-2020-27152 | high | — | 8.0 | 5y ago | An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge trigg… | |||
| CVE-2020-35517 | high | — | 8.0 | 5y ago | A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared di… | |||
| CVE-2020-8625 | high | — | 8.0 | 5y ago | RHSA-2021:0670: bind security update (Important) | |||
| CVE-2020-8696 | high | — | 8.0 | 5y ago | RHSA-2021:3027: microcode_ctl security, bug fix and enhancement update (Important) | |||
| CVE-2020-29661 | high | — | 8.0 | 5y ago | A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. | |||
| CVE-2020-14351 | high | — | 8.0 | 5y ago | A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly esca… | |||
| CVE-2020-25705 | high | — | 8.0 | 5y ago | A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Soft… | |||
| CVE-2020-17525 | high | — | 8.0 | 5y ago | RHSA-2021:0507: subversion:1.10 security update (Important) | |||
| CVE-2020-15685 | high | — | 8.0 | 5y ago | multiple issues in thunderbird | |||
| CVE-2020-26976 | high | — | 8.0 | 5y ago | When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe … | |||
| CVE-2020-25681 | high | — | 8.0 | 5y ago | multiple issues in dnsmasq | |||
| CVE-2020-25686 | high | — | 8.0 | 5y ago | multiple issues in dnsmasq | |||
| CVE-2020-25687 | high | — | 8.0 | 5y ago | multiple issues in dnsmasq | |||
| CVE-2020-25683 | high | — | 8.0 | 5y ago | multiple issues in dnsmasq | |||
| CVE-2020-25685 | high | — | 8.0 | 5y ago | multiple issues in dnsmasq | |||
| CVE-2020-25684 | high | — | 8.0 | 5y ago | multiple issues in dnsmasq | |||
| CVE-2020-25682 | high | — | 8.0 | 5y ago | multiple issues in dnsmasq | |||
| CVE-2020-25211 | high | — | 8.0 | 6y ago | In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctn… | |||
| CVE-2020-14350 | high | — | 8.0 | 6y ago | RHSA-2020:5620: postgresql:12 security update (Important) | |||
| CVE-2020-14349 | high | — | 8.0 | 6y ago | RHSA-2020:5620: postgresql:12 security update (Important) | |||
| CVE-2020-1720 | high | — | 8.0 | 6y ago | RHSA-2020:5620: postgresql:12 security update (Important) | |||
| CVE-2020-25695 | high | — | 8.0 | 6y ago | RHSA-2020:5620: postgresql:12 security update (Important) |