CVEs from 2020
Total
3,802
critical
critical 206
high
high 563
medium
medium 745
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-6466 | high | — | 8.0 | — | Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2020-6433 | high | — | 8.0 | — | Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||
| CVE-2020-28023 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client. | |||
| CVE-2020-28017 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of res… | |||
| CVE-2020-6461 | high | — | 8.0 | — | Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2020-15966 | high | — | 8.0 | — | Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive informa… | |||
| CVE-2020-16019 | high | — | 8.0 | — | Inappropriate implementation in filesystem in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a mal… | |||
| CVE-2020-6487 | high | — | 8.0 | — | Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||
| CVE-2020-16030 | high | — | 8.0 | — | Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | |||
| CVE-2020-16119 | high | — | 8.0 | — | Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ub… | |||
| CVE-2020-6474 | high | — | 8.0 | — | Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6434 | high | — | 8.0 | — | Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6443 | high | — | 8.0 | — | Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTM… | |||
| CVE-2020-35733 | high | — | 8.0 | — | An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority. | |||
| CVE-2020-16150 | high | — | 8.0 | — | A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode … | |||
| CVE-2020-8169 | high | — | 8.0 | — | curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). | |||
| CVE-2020-16043 | high | — | 8.0 | — | Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic. | |||
| CVE-2020-10760 | high | — | 8.0 | — | A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba. | |||
| CVE-2020-6430 | high | — | 8.0 | — | Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6493 | high | — | 8.0 | — | Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM… | |||
| CVE-2020-26979 | high | — | 8.0 | — | When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the d… | |||
| CVE-2020-6467 | high | — | 8.0 | — | Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6471 | high | — | 8.0 | — | Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox es… | |||
| CVE-2020-6472 | high | — | 8.0 | — | Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive inf… | |||
| CVE-2020-6477 | high | — | 8.0 | — | Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file. | |||
| CVE-2020-27780 | high | — | 8.0 | — | A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of … | |||
| CVE-2020-6479 | high | — | 8.0 | — | Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||
| CVE-2020-6480 | high | — | 8.0 | — | Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation restrictions via UI actions. | |||
| CVE-2020-6489 | high | — | 8.0 | — | Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potent… | |||
| CVE-2020-28019 | high | — | 8.0 | — | Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a clien… | |||
| CVE-2020-6496 | high | — | 8.0 | — | Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2020-15964 | high | — | 8.0 | — | Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-14303 | high | — | 8.0 | — | A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. | |||
| CVE-2020-13904 | high | — | 8.0 | — | FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_inp… | |||
| CVE-2020-6505 | high | — | 8.0 | — | Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2020-6495 | high | — | 8.0 | — | Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox es… | |||
| CVE-2020-6425 | high | — | 8.0 | — | Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted … | |||
| CVE-2020-6426 | high | — | 8.0 | — | Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6427 | high | — | 8.0 | — | Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-35176 | high | — | 8.0 | — | In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf fo… | |||
| CVE-2020-6446 | high | — | 8.0 | — | Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||
| CVE-2020-16015 | high | — | 8.0 | — | Insufficient data validation in WASM in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-25829 | high | — | 8.0 | — | An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSS… | |||
| CVE-2020-6456 | high | — | 8.0 | — | Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents. | |||
| CVE-2020-6455 | high | — | 8.0 | — | Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6444 | high | — | 8.0 | — | Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6441 | high | — | 8.0 | — | Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. | |||
| CVE-2020-6438 | high | — | 8.0 | — | Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive informat… | |||
| CVE-2020-6437 | high | — | 8.0 | — | Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application. | |||
| CVE-2020-6422 | high | — | 8.0 | — | Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6429 | high | — | 8.0 | — | Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6436 | high | — | 8.0 | — | Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6440 | high | — | 8.0 | — | Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information… | |||
| CVE-2020-6439 | high | — | 8.0 | — | Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. | |||
| CVE-2020-6445 | high | — | 8.0 | — | Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||
| CVE-2020-6449 | high | — | 8.0 | — | Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6451 | high | — | 8.0 | — | Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6452 | high | — | 8.0 | — | Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6458 | high | — | 8.0 | — | Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||
| CVE-2020-6509 | high | — | 8.0 | — | Use after free in extensions in Google Chrome prior to 83.0.4103.116 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Ch… | |||
| CVE-2020-26262 | high | — | 8.0 | — | Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.… | |||
| CVE-2020-6407 | high | — | 8.0 | — | Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6468 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-15962 | high | — | 8.0 | — | Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||
| CVE-2020-6484 | high | — | 8.0 | — | Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted request. | |||
| CVE-2020-6476 | high | — | 8.0 | — | Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a c… | |||
| CVE-2020-16039 | high | — | 8.0 | — | Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-16037 | high | — | 8.0 | — | Use after free in clipboard in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6488 | high | — | 8.0 | — | Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||
| CVE-2020-6576 | high | — | 8.0 | — | Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6573 | high | — | 8.0 | — | Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM… | |||
| CVE-2020-4031 | high | — | 8.0 | — | In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2. | |||
| CVE-2020-35701 | high | — | 8.0 | — | An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id paramete… | |||
| CVE-2020-12408 | high | — | 8.0 | — | When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77. | |||
| CVE-2020-16041 | high | — | 8.0 | — | Out of bounds read in networking in Google Chrome prior to 87.0.4280.88 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process mem… | |||
| CVE-2020-6454 | high | — | 8.0 | — | Use after free in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chro… | |||
| CVE-2020-28024 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can … | |||
| CVE-2020-6424 | high | — | 8.0 | — | Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-13871 | high | — | 8.0 | — | arbitrary code execution in sqlite | |||
| CVE-2020-3123 | high | — | 8.0 | — | A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service … | |||
| CVE-2020-15888 | high | — | 8.0 | — | Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free. | |||
| CVE-2020-16014 | high | — | 8.0 | — | Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2020-16027 | high | — | 8.0 | — | Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive inf… | |||
| CVE-2020-16028 | high | — | 8.0 | — | Heap buffer overflow in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-16029 | high | — | 8.0 | — | Inappropriate implementation in PDFium in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. | |||
| CVE-2020-6447 | high | — | 8.0 | — | Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via … | |||
| CVE-2020-6450 | high | — | 8.0 | — | Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6464 | high | — | 8.0 | — | Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-1716 | high | — | 8.0 | — | Important: Rocky Enterprise Software Foundation Ceph Storage 4.1 security, bug fix, and enhancement update | |||
| CVE-2020-15960 | high | — | 8.0 | — | Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||
| CVE-2020-15961 | high | — | 8.0 | — | Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape … | |||
| CVE-2020-12407 | high | — | 8.0 | — | Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the u… | |||
| CVE-2020-12409 | high | — | 8.0 | — | When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox < 77. | |||
| CVE-2020-12411 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |||
| CVE-2020-15963 | high | — | 8.0 | — | Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape… | |||
| CVE-2020-16023 | high | — | 8.0 | — | Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-16021 | high | — | 8.0 | — | Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to perform OS-level privilege escalation via a malicious file. | |||
| CVE-2020-15675 | high | — | 8.0 | — | When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81. | |||
| CVE-2020-15674 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |||
| CVE-2020-35114 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… |