CVEs from 2020
Total
3,789
critical
critical 206
high
high 563
medium
medium 744
low
low 60
% Critical
5.4%
% with KEV
3.9%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-15900 | unknown | — | — | — | A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'po… | |||
| CVE-2020-36773 | unknown | — | — | — | Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one … | |||
| CVE-2020-18839 | unknown | — | — | — | Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service. | |||
| CVE-2020-12389 | unknown | — | — | — | The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerab… | |||
| CVE-2020-14393 | unknown | — | — | — | A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of… | |||
| CVE-2020-6797 | unknown | — | — | — | By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download … | |||
| CVE-2020-13659 | unknown | — | — | — | address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. | |||
| CVE-2020-14415 | unknown | — | — | — | oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. | |||
| CVE-2020-14392 | unknown | — | — | — | An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's avai… | |||
| CVE-2020-11724 | unknown | — | — | — | An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API. | |||
| CVE-2020-14004 | unknown | — | — | — | An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an u… | |||
| CVE-2020-29663 | unknown | — | — | — | Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.… | |||
| CVE-2020-12430 | unknown | — | — | — | An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is respons… | |||
| CVE-2020-15708 | unknown | — | — | — | Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code. | |||
| CVE-2020-14398 | unknown | — | — | — | An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. | |||
| CVE-2020-14400 | unknown | — | — | — | An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerabil… | |||
| CVE-2020-28984 | unknown | — | — | — | prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters. | |||
| CVE-2020-22402 | unknown | — | — | — | Cross Site Scripting (XSS) vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user reads an email containing malicious code. | |||
| CVE-2020-26148 | unknown | — | — | — | md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document. | |||
| CVE-2020-12872 | unknown | — | — | — | yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than… | |||
| CVE-2020-22284 | unknown | — | — | — | A buffer overflow vulnerability in the zepif_linkoutput() function of Free Software Foundation lwIP git head version and version 2.1.2 allows attackers to access sensitive information via a crafted 6… | |||
| CVE-2020-12393 | unknown | — | — | — | The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted … | |||
| CVE-2020-12404 | unknown | — | — | — | For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnera… | |||
| CVE-2020-12414 | unknown | — | — | — | IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted… | |||
| CVE-2020-12416 | unknown | — | — | — | A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulner… | |||
| CVE-2020-15647 | unknown | — | — | — | A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. This… | |||
| CVE-2020-15651 | unknown | — | — | — | A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS < … | |||
| CVE-2020-15657 | unknown | — | — | — | Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: Thi… | |||
| CVE-2020-15662 | unknown | — | — | — | A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. This vulnerability affects Firefox for iOS… | |||
| CVE-2020-15665 | unknown | — | — | — | Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunctio… | |||
| CVE-2020-15666 | unknown | — | — | — | When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inc… | |||
| CVE-2020-15667 | unknown | — | — | — | When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code executio… | |||
| CVE-2020-15670 | unknown | — | — | — | Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could ha… | |||
| CVE-2020-26954 | unknown | — | — | — | When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be u… | |||
| CVE-2020-26957 | unknown | — | — | — | OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. *Note: This issue only affect… | |||
| CVE-2020-26964 | unknown | — | — | — | If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privile… | |||
| CVE-2020-26966 | unknown | — | — | — | Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: Th… | |||
| CVE-2020-15997 | unknown | — | — | — | Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2020-15994 | unknown | — | — | — | Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-15996 | unknown | — | — | — | Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2020-16002 | unknown | — | — | — | Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||
| CVE-2020-15993 | unknown | — | — | — | Use after free in printing in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-16001 | unknown | — | — | — | Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-15998 | unknown | — | — | — | Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2020-16000 | unknown | — | — | — | Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-16003 | unknown | — | — | — | Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-16011 | unknown | — | — | — | Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted … | |||
| CVE-2020-6417 | unknown | — | — | — | Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry. | |||
| CVE-2020-6419 | unknown | — | — | — | Out of bounds write in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6492 | unknown | — | — | — | Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2020-6497 | unknown | — | — | — | Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted URI. | |||
| CVE-2020-6502 | unknown | — | — | — | Incorrect implementation in permissions in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||
| CVE-2020-6499 | unknown | — | — | — | Inappropriate implementation in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass AppCache security restrictions via a crafted HTML page. | |||
| CVE-2020-6503 | unknown | — | — | — | Inappropriate implementation in accessibility in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2020-6500 | unknown | — | — | — | Inappropriate implementation in interstitials in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2020-6501 | unknown | — | — | — | Insufficient policy enforcement in CSP in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||
| CVE-2020-6504 | unknown | — | — | — | Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass notification restrictions via a crafted HTML page. | |||
| CVE-2020-6545 | unknown | — | — | — | Use after free in audio in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6532 | unknown | — | — | — | Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-10380 | unknown | — | — | — | RMySQL through 0.10.19 allows SQL Injection. | |||
| CVE-2020-13124 | unknown | — | — | — | SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operat… | |||
| CVE-2020-3810 | unknown | — | — | — | Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. | |||
| CVE-2020-10781 | unknown | — | — | — | A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM devic… | |||
| CVE-2020-27194 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or in kernel/bpf/verifier.c mishandles bounds tracking during use of 64-bit values, aka CID-5b9fbeb75b6a. | |||
| CVE-2020-11494 | unknown | — | — | — | An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive infor… | |||
| CVE-2020-12768 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time le… | |||
| CVE-2020-12769 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. | |||
| CVE-2020-13143 | unknown | — | — | — | gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attack… | |||
| CVE-2020-15393 | unknown | — | — | — | In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. | |||
| CVE-2020-25671 | unknown | — | — | — | A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. | |||
| CVE-2020-25673 | unknown | — | — | — | A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. | |||
| CVE-2020-26088 | unknown | — | — | — | A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID… | |||
| CVE-2020-27066 | unknown | — | — | — | In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges need… | |||
| CVE-2020-29371 | unknown | — | — | — | An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd. | |||
| CVE-2020-36310 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52. | |||
| CVE-2020-13802 | unknown | — | — | — | Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification. | |||
| CVE-2020-12640 | unknown | — | — | — | Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. | |||
| CVE-2020-12625 | unknown | — | — | — | An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message. | |||
| CVE-2020-13964 | unknown | — | — | — | An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object. | |||
| CVE-2020-15562 | unknown | — | — | — | An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in th… | |||
| CVE-2020-18670 | unknown | — | — | — | Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php. | |||
| CVE-2020-16145 | unknown | — | — | — | Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15. | |||
| CVE-2020-18671 | unknown | — | — | — | Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php. | |||
| CVE-2020-22617 | unknown | — | — | — | Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext. | |||
| CVE-2020-15121 | unknown | — | — | — | In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger … | |||
| CVE-2020-16269 | unknown | — | — | — | radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section. | |||
| CVE-2020-27793 | unknown | — | — | — | An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could allow an attacker to cause a crash, and perform a denail of service attack. | |||
| CVE-2020-27794 | unknown | — | — | — | A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash. | |||
| CVE-2020-24379 | unknown | — | — | — | WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. | |||
| CVE-2020-24916 | unknown | — | — | — | CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. | |||
| CVE-2020-17367 | unknown | — | — | — | Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection. | |||
| CVE-2020-17368 | unknown | — | — | — | Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection. | |||
| CVE-2020-37127 | unknown | — | — | 12d ago | Dnsmasq vulnerability | |||
| CVE-2020-36843 | unknown | — | — | 1y ago | Ed25519 Signature Malleability in ed25519-java Due to Missing Scalar Range Check | |||
| CVE-2020-27534 | unknown | — | — | 2y ago | util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.T… | |||
| CVE-2020-15136 | unknown | — | — | 2y ago | In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on e… | |||
| CVE-2020-15114 | unknown | — | — | 2y ago | In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoin… | |||
| CVE-2020-15113 | unknown | — | — | 2y ago | In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS con… | |||
| CVE-2020-24922 | unknown | — | — | 3y ago | xuxueli xxl-job Cross-Site Request Forgery Vulnerability | |||
| CVE-2020-21485 | unknown | — | — | 3y ago | Alluxio Cross Site Scripting vulnerability |