CVEs from 2020
Total
3,798
critical
critical 206
high
high 563
medium
medium 745
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-12829 | unknown | — | — | — | In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engi… | |||
| CVE-2020-8013 | unknown | — | — | — | ||||
| CVE-2020-13361 | unknown | — | — | — | In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write… | |||
| CVE-2020-13362 | unknown | — | — | — | In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. | |||
| CVE-2020-12135 | unknown | — | — | — | bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow … | |||
| CVE-2020-13765 | unknown | — | — | — | rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. | |||
| CVE-2020-14394 | unknown | — | — | — | An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the … | |||
| CVE-2020-19824 | unknown | — | — | — | An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the ao_c parameter. | |||
| CVE-2020-15469 | unknown | — | — | — | In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. | |||
| CVE-2020-7061 | unknown | — | — | — | In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated … | |||
| CVE-2020-11739 | unknown | — | — | — | An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. The read… | |||
| CVE-2020-10380 | unknown | — | — | — | RMySQL through 0.10.19 allows SQL Injection. | |||
| CVE-2020-9497 | unknown | — | — | — | Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs … | |||
| CVE-2020-25670 | unknown | — | — | — | A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. | |||
| CVE-2020-6377 | unknown | — | — | — | Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-3810 | unknown | — | — | — | Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. | |||
| CVE-2020-15476 | unknown | — | — | — | In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c. | |||
| CVE-2020-14886 | unknown | — | — | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high p… | |||
| CVE-2020-14714 | unknown | — | — | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exp… | |||
| CVE-2020-10772 | unknown | — | — | — | An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query int… | |||
| CVE-2020-36133 | unknown | — | — | — | AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h. | |||
| CVE-2020-36130 | unknown | — | — | — | AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c. | |||
| CVE-2020-36129 | unknown | — | — | — | AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c. | |||
| CVE-2020-36388 | unknown | — | — | — | In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive. | |||
| CVE-2020-35533 | unknown | — | — | — | In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file. | |||
| CVE-2020-21583 | unknown | — | — | — | An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date. | |||
| CVE-2020-0034 | unknown | — | — | — | In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, wit… | |||
| CVE-2020-25623 | unknown | — | — | — | Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used. | |||
| CVE-2020-29487 | unknown | — | — | — | ||||
| CVE-2020-29411 | unknown | — | — | — | ||||
| CVE-2020-16124 | unknown | — | — | — | Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior. This issue af… | |||
| CVE-2020-8517 | unknown | — | — | — | An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On … | |||
| CVE-2020-29569 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when st… | |||
| CVE-2020-11025 | unknown | — | — | — | In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated use… | |||
| CVE-2020-25221 | unknown | — | — | — | get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page tha… | |||
| CVE-2020-36306 | unknown | — | — | — | Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. | |||
| CVE-2020-36829 | unknown | — | — | — | The Mojolicious module before 8.65 for Perl is vulnerable to secure_compare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected. | |||
| CVE-2020-27372 | unknown | — | — | — | A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function. | |||
| CVE-2020-36477 | unknown | — | — | — | An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certifica… | |||
| CVE-2020-36425 | unknown | — | — | — | An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can … | |||
| CVE-2020-36421 | unknown | — | — | — | An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed. | |||
| CVE-2020-36422 | unknown | — | — | — | An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbe… | |||
| CVE-2020-10941 | unknown | — | — | — | Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import. | |||
| CVE-2020-14404 | unknown | — | — | — | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. | |||
| CVE-2020-19715 | unknown | — | — | — | ||||
| CVE-2020-29486 | unknown | — | — | — | An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run an… | |||
| CVE-2020-22218 | unknown | — | — | — | An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory. | |||
| CVE-2020-21490 | unknown | — | — | — | An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled. | |||
| CVE-2020-37014 | unknown | — | — | — | Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by… | |||
| CVE-2020-16598 | unknown | — | — | — | ||||
| CVE-2020-11494 | unknown | — | — | — | An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive infor… | |||
| CVE-2020-21686 | unknown | — | — | — | A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file. | |||
| CVE-2020-8224 | unknown | — | — | — | A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. | |||
| CVE-2020-8516 | unknown | — | — | — | The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to di… | |||
| CVE-2020-10593 | unknown | — | — | — | Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_c… | |||
| CVE-2020-14376 | unknown | — | — | — | A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. … | |||
| CVE-2020-12313 | unknown | — | — | — | ||||
| CVE-2020-27781 | unknown | — | — | — | User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to … | |||
| CVE-2020-0255 | unknown | — | — | — | ||||
| CVE-2020-14093 | unknown | — | — | — | Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. | |||
| CVE-2020-8225 | unknown | — | — | — | A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials. | |||
| CVE-2020-17353 | unknown | — | — | — | scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous … | |||
| CVE-2020-14375 | unknown | — | — | — | A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and … | |||
| CVE-2020-14353 | unknown | — | — | — | ||||
| CVE-2020-18670 | unknown | — | — | — | Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php. | |||
| CVE-2020-6383 | unknown | — | — | — | Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-15562 | unknown | — | — | — | An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in th… | |||
| CVE-2020-13964 | unknown | — | — | — | An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object. | |||
| CVE-2020-12626 | unknown | — | — | — | An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered. | |||
| CVE-2020-6553 | unknown | — | — | — | Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6555 | unknown | — | — | — | Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2020-24372 | unknown | — | — | — | LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in lj_err.c. | |||
| CVE-2020-6547 | unknown | — | — | — | Incorrect security UI in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially obtain sensitive information via a crafted HTML page. | |||
| CVE-2020-6554 | unknown | — | — | — | Use after free in extensions in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension. | |||
| CVE-2020-6551 | unknown | — | — | — | Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-12625 | unknown | — | — | — | An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message. | |||
| CVE-2020-12640 | unknown | — | — | — | Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. | |||
| CVE-2020-20412 | unknown | — | — | — | ||||
| CVE-2020-9385 | unknown | — | — | — | A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because multiple + characters are mishandled in add_on in upcean.c, when called from eanx in upcean.c during EAN barcode generation. | |||
| CVE-2020-12393 | unknown | — | — | — | The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted … | |||
| CVE-2020-12761 | unknown | — | — | — | modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map. | |||
| CVE-2020-23904 | unknown | — | — | — | ||||
| CVE-2020-6061 | unknown | — | — | — | An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other mi… | |||
| CVE-2020-12404 | unknown | — | — | — | For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnera… | |||
| CVE-2020-10936 | unknown | — | — | — | Sympa before 6.2.56 allows privilege escalation. | |||
| CVE-2020-6860 | unknown | — | — | — | libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute. | |||
| CVE-2020-7043 | unknown | — | — | — | An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonst… | |||
| CVE-2020-15709 | unknown | — | — | — | Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1~esm1, printed a PPA (personal package archive) description to the terminal as-is, which allowed PPA o… | |||
| CVE-2020-14931 | unknown | — | — | — | A stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) 1.3a might allow remote WHOIS servers to execute arbitrary code via a long line in a response that is mishandled by nic_… | |||
| CVE-2020-23226 | unknown | — | — | — | Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_adm… | |||
| CVE-2020-12414 | unknown | — | — | — | IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted… | |||
| CVE-2020-12416 | unknown | — | — | — | A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulner… | |||
| CVE-2020-6108 | unknown | — | — | — | An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulti… | |||
| CVE-2020-35573 | unknown | — | — | — | srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address. | |||
| CVE-2020-6070 | unknown | — | — | — | An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operation… | |||
| CVE-2020-15650 | unknown | — | — | — | Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only a… | |||
| CVE-2020-8029 | unknown | — | — | — | ||||
| CVE-2020-10870 | unknown | — | — | — | Zim through 0.72.1 creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, re… | |||
| CVE-2020-26954 | unknown | — | — | — | When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be u… | |||
| CVE-2020-20450 | unknown | — | — | — | FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service. |