CVEs from 2020
Total
3,802
critical
critical 206
high
high 563
medium
medium 745
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-6484 | high | — | 8.0 | — | Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted request. | |||
| CVE-2020-6472 | high | — | 8.0 | — | Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive inf… | |||
| CVE-2020-6471 | high | — | 8.0 | — | Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox es… | |||
| CVE-2020-6468 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6467 | high | — | 8.0 | — | Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-14387 | high | — | 8.0 | — | A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing… | |||
| CVE-2020-15166 | high | — | 8.0 | — | In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and con… | |||
| CVE-2020-35733 | high | — | 8.0 | — | An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority. | |||
| CVE-2020-6464 | high | — | 8.0 | — | Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6475 | high | — | 8.0 | — | Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||
| CVE-2020-6490 | high | — | 8.0 | — | Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page. | |||
| CVE-2020-27187 | high | — | 8.0 | — | An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker … | |||
| CVE-2020-1716 | high | — | 8.0 | — | Important: Rocky Enterprise Software Foundation Ceph Storage 4.1 security, bug fix, and enhancement update | |||
| CVE-2020-35114 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |||
| CVE-2020-15655 | high | — | 8.0 | — | A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affe… | |||
| CVE-2020-26972 | high | — | 8.0 | — | The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check w… | |||
| CVE-2020-26555 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2020-22219 | high | — | 8.0 | 3y ago | RHSA-2023:5046: flac security update (Important) | |||
| CVE-2020-28915 | high | — | 8.0 | 4y ago | A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. | |||
| CVE-2020-27838 | high | — | 8.0 | 4y ago | Keycloak discloses information without authentication | |||
| CVE-2020-1045 | high | — | 8.0 | 4y ago | RHSA-2020:3699: .NET Core 3.1 security and bugfix update (Important) | |||
| CVE-2020-1597 | high | — | 8.0 | 4y ago | RHSA-2020:3422: .NET Core 3.1 security and bugfix update (Important) | |||
| CVE-2020-1161 | high | — | 8.0 | 4y ago | RHSA-2020:2250: dotnet3.1 security update (Important) | |||
| CVE-2020-1108 | high | — | 8.0 | 4y ago | RHSA-2020:2471: .NET Core on Red Hat Enterprise Linux 8 security update (Important) | |||
| CVE-2020-7613 | high | — | 8.0 | 4y ago | Clamscan vulnerable to command injection | |||
| CVE-2020-5311 | high | — | 8.0 | 4y ago | RHSA-2020:0580: python-pillow security update (Important) | |||
| CVE-2020-13974 | high | — | 8.0 | 4y ago | An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in th… | |||
| CVE-2020-0404 | high | — | 8.0 | 4y ago | In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional e… | |||
| CVE-2020-27820 | high | — | 8.0 | 4y ago | A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-o… | |||
| CVE-2020-4788 | high | — | 8.0 | 4y ago | IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. | |||
| CVE-2020-10734 | high | — | 8.0 | 4y ago | OIDC Logout redirect in keycloak | |||
| CVE-2020-13692 | high | — | 8.0 | 4y ago | RHSA-2020:3176: postgresql-jdbc security update (Important) | |||
| CVE-2020-1717 | high | — | 8.0 | 4y ago | Generation of Error Message Containing Sensitive Information in Keycloak | |||
| CVE-2020-1725 | high | — | 8.0 | 4y ago | Incorrect Authorization in keycloak | |||
| CVE-2020-1714 | high | — | 8.0 | 4y ago | Improper Input Validation in Keycloak | |||
| CVE-2020-14359 | high | — | 8.0 | 4y ago | Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers | |||
| CVE-2020-13935 | high | — | 8.0 | 4y ago | The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could t… | |||
| CVE-2020-13934 | high | — | 8.0 | 4y ago | An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of … | |||
| CVE-2020-5312 | high | — | 8.0 | 5y ago | RHSA-2020:0580: python-pillow security update (Important) | |||
| CVE-2020-1472 | medium | — | 8.0 | 5y ago | Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An at… | |||
| CVE-2020-36385 | high | — | 8.0 | 5y ago | An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_… | |||
| CVE-2020-13675 | high | — | 8.0 | 5y ago | Unrestricted Upload of File with Dangerous Type in Drupal core | |||
| CVE-2020-13673 | high | — | 8.0 | 5y ago | The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it i… | |||
| CVE-2020-13677 | high | — | 8.0 | 5y ago | Drupal core access bypass vulnerability | |||
| CVE-2020-13676 | high | — | 8.0 | 5y ago | Incorrect Authorization in Drupal core | |||
| CVE-2020-13674 | high | — | 8.0 | 5y ago | Cross-Site Request Forgery in Drupal core | |||
| CVE-2020-26265 | high | — | 8.0 | 5y ago | Consensus flaw in github.com/ethereum/go-ethereum | |||
| CVE-2020-26541 | high | — | 8.0 | 5y ago | The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. | |||
| CVE-2020-24513 | high | — | 8.0 | 5y ago | RHSA-2021:2308: microcode_ctl security, bug fix and enhancement update (Important) | |||
| CVE-2020-24512 | high | — | 8.0 | 5y ago | RHSA-2021:3027: microcode_ctl security, bug fix and enhancement update (Important) | |||
| CVE-2020-24489 | high | — | 8.0 | 5y ago | RHSA-2021:3027: microcode_ctl security, bug fix and enhancement update (Important) | |||
| CVE-2020-24511 | high | — | 8.0 | 5y ago | RHSA-2021:3027: microcode_ctl security, bug fix and enhancement update (Important) | |||
| CVE-2020-36329 | high | — | 8.0 | 5y ago | RHSA-2021:2354: libwebp security update (Important) | |||
| CVE-2020-36328 | high | — | 8.0 | 5y ago | RHSA-2021:2354: libwebp security update (Important) | |||
| CVE-2020-15257 | high | — | 8.0 | 5y ago | containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed t… | |||
| CVE-2020-10696 | high | — | 8.0 | 5y ago | RHSA-2020:1932: container-tools:rhel8 security update (Important) | |||
| CVE-2020-25097 | high | — | 8.0 | 5y ago | RHSA-2021:1979: squid:4 security update (Important) | |||
| CVE-2020-24394 | high | — | 8.0 | 5y ago | In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs be… | |||
| CVE-2020-14314 | high | — | 8.0 | 5y ago | A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to… | |||
| CVE-2020-15437 | high | — | 8.0 | 5y ago | The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service… | |||
| CVE-2020-28974 | high | — | 8.0 | 5y ago | A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs … | |||
| CVE-2020-12464 | high | — | 8.0 | 5y ago | usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. | |||
| CVE-2020-25284 | high | — | 8.0 | 5y ago | The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map … | |||
| CVE-2020-27835 | high | — | 8.0 | 5y ago | A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash… | |||
| CVE-2020-12114 | high | — | 8.0 | 5y ago | A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to … | |||
| CVE-2020-27786 | high | — | 8.0 | 5y ago | A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue.… | |||
| CVE-2020-12362 | high | — | 8.0 | 5y ago | Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a… | |||
| CVE-2020-12363 | high | — | 8.0 | 5y ago | Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial o… | |||
| CVE-2020-11608 | high | — | 8.0 | 5y ago | An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoin… | |||
| CVE-2020-25285 | high | — | 8.0 | 5y ago | A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly hav… | |||
| CVE-2020-12364 | high | — | 8.0 | 5y ago | Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a den… | |||
| CVE-2020-25212 | high | — | 8.0 | 5y ago | A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nf… | |||
| CVE-2020-25643 | high | — | 8.0 | 5y ago | A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function wh… | |||
| CVE-2020-25704 | high | — | 8.0 | 5y ago | A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denia… | |||
| CVE-2020-35508 | high | — | 8.0 | 5y ago | A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local… | |||
| CVE-2020-36322 | high | — | 8.0 | 5y ago | An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a … | |||
| CVE-2020-0431 | high | — | 8.0 | 5y ago | In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. U… | |||
| CVE-2020-14356 | high | — | 8.0 | 5y ago | A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or e… | |||
| CVE-2020-36557 | high | — | 8.0 | 5y ago | A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. | |||
| CVE-2020-25645 | high | — | 8.0 | 5y ago | A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by … | |||
| CVE-2020-36694 | high | — | 8.0 | 5y ago | An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurren… | |||
| CVE-2020-28052 | high | — | 8.0 | 5y ago | Logic error in Legion of the Bouncy Castle BC Java | |||
| CVE-2020-28468 | high | — | 8.0 | 5y ago | This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code ex… | |||
| CVE-2020-28362 | high | — | 8.0 | 5y ago | RHSA-2021:0706: container-tools:2.0 security update (Important) | |||
| CVE-2020-27152 | high | — | 8.0 | 5y ago | An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge trigg… | |||
| CVE-2020-0466 | high | — | 8.0 | 5y ago | In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privilege… | |||
| CVE-2020-35517 | high | — | 8.0 | 5y ago | A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared di… | |||
| CVE-2020-8625 | high | — | 8.0 | 5y ago | RHSA-2021:0670: bind security update (Important) | |||
| CVE-2020-8696 | high | — | 8.0 | 5y ago | RHSA-2021:3027: microcode_ctl security, bug fix and enhancement update (Important) | |||
| CVE-2020-29661 | high | — | 8.0 | 5y ago | A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. | |||
| CVE-2020-14351 | high | — | 8.0 | 5y ago | A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly esca… | |||
| CVE-2020-25705 | high | — | 8.0 | 5y ago | A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Soft… | |||
| CVE-2020-17525 | high | — | 8.0 | 5y ago | RHSA-2021:0507: subversion:1.10 security update (Important) | |||
| CVE-2020-15685 | high | — | 8.0 | 5y ago | multiple issues in thunderbird | |||
| CVE-2020-26976 | high | — | 8.0 | 5y ago | When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe … | |||
| CVE-2020-25681 | high | — | 8.0 | 5y ago | multiple issues in dnsmasq | |||
| CVE-2020-25686 | high | — | 8.0 | 5y ago | multiple issues in dnsmasq | |||
| CVE-2020-25683 | high | — | 8.0 | 5y ago | multiple issues in dnsmasq | |||
| CVE-2020-25687 | high | — | 8.0 | 5y ago | multiple issues in dnsmasq | |||
| CVE-2020-25685 | high | — | 8.0 | 5y ago | multiple issues in dnsmasq |