CVEs from 2020
Total
3,802
critical
critical 206
high
high 563
medium
medium 745
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-13871 | high | — | 8.0 | — | arbitrary code execution in sqlite | |||
| CVE-2020-15953 | high | — | 8.0 | — | LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the clien… | |||
| CVE-2020-35733 | high | — | 8.0 | — | An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority. | |||
| CVE-2020-15166 | high | — | 8.0 | — | In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and con… | |||
| CVE-2020-14387 | high | — | 8.0 | — | A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing… | |||
| CVE-2020-6468 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6471 | high | — | 8.0 | — | Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox es… | |||
| CVE-2020-6472 | high | — | 8.0 | — | Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive inf… | |||
| CVE-2020-15964 | high | — | 8.0 | — | Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6407 | high | — | 8.0 | — | Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-26262 | high | — | 8.0 | — | Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.… | |||
| CVE-2020-8835 | high | — | 8.0 | — | In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel … | |||
| CVE-2020-6434 | high | — | 8.0 | — | Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6455 | high | — | 8.0 | — | Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-13904 | high | — | 8.0 | — | FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_inp… | |||
| CVE-2020-15960 | high | — | 8.0 | — | Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||
| CVE-2020-26555 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2020-22219 | high | — | 8.0 | 3y ago | RHSA-2023:5046: flac security update (Important) | |||
| CVE-2020-28915 | high | — | 8.0 | 4y ago | A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. | |||
| CVE-2020-27838 | high | — | 8.0 | 4y ago | Keycloak discloses information without authentication | |||
| CVE-2020-1045 | high | — | 8.0 | 4y ago | RHSA-2020:3699: .NET Core 3.1 security and bugfix update (Important) | |||
| CVE-2020-1597 | high | — | 8.0 | 4y ago | RHSA-2020:3422: .NET Core 3.1 security and bugfix update (Important) | |||
| CVE-2020-1161 | high | — | 8.0 | 4y ago | RHSA-2020:2250: dotnet3.1 security update (Important) | |||
| CVE-2020-1108 | high | — | 8.0 | 4y ago | RHSA-2020:2471: .NET Core on Red Hat Enterprise Linux 8 security update (Important) | |||
| CVE-2020-7613 | high | — | 8.0 | 4y ago | Clamscan vulnerable to command injection | |||
| CVE-2020-5311 | high | — | 8.0 | 4y ago | RHSA-2020:0580: python-pillow security update (Important) | |||
| CVE-2020-13974 | high | — | 8.0 | 4y ago | An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in th… | |||
| CVE-2020-27820 | high | — | 8.0 | 4y ago | A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-o… | |||
| CVE-2020-0404 | high | — | 8.0 | 4y ago | In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional e… | |||
| CVE-2020-4788 | high | — | 8.0 | 4y ago | IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. | |||
| CVE-2020-10734 | high | — | 8.0 | 4y ago | OIDC Logout redirect in keycloak | |||
| CVE-2020-13692 | high | — | 8.0 | 4y ago | RHSA-2020:3176: postgresql-jdbc security update (Important) | |||
| CVE-2020-1717 | high | — | 8.0 | 4y ago | Generation of Error Message Containing Sensitive Information in Keycloak | |||
| CVE-2020-1725 | high | — | 8.0 | 4y ago | Incorrect Authorization in keycloak | |||
| CVE-2020-1714 | high | — | 8.0 | 4y ago | Improper Input Validation in Keycloak | |||
| CVE-2020-14359 | high | — | 8.0 | 4y ago | Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers | |||
| CVE-2020-13935 | high | — | 8.0 | 4y ago | The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could t… | |||
| CVE-2020-13934 | high | — | 8.0 | 4y ago | An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of … | |||
| CVE-2020-5312 | high | — | 8.0 | 5y ago | RHSA-2020:0580: python-pillow security update (Important) | |||
| CVE-2020-1472 | medium | — | 8.0 | 5y ago | Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An at… | |||
| CVE-2020-36385 | high | — | 8.0 | 5y ago | An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_… | |||
| CVE-2020-13675 | high | — | 8.0 | 5y ago | Unrestricted Upload of File with Dangerous Type in Drupal core | |||
| CVE-2020-13673 | high | — | 8.0 | 5y ago | The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it i… | |||
| CVE-2020-13677 | high | — | 8.0 | 5y ago | Drupal core access bypass vulnerability | |||
| CVE-2020-13676 | high | — | 8.0 | 5y ago | Incorrect Authorization in Drupal core | |||
| CVE-2020-13674 | high | — | 8.0 | 5y ago | Cross-Site Request Forgery in Drupal core | |||
| CVE-2020-26265 | high | — | 8.0 | 5y ago | Consensus flaw in github.com/ethereum/go-ethereum | |||
| CVE-2020-26541 | high | — | 8.0 | 5y ago | The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. | |||
| CVE-2020-24512 | high | — | 8.0 | 5y ago | RHSA-2021:3027: microcode_ctl security, bug fix and enhancement update (Important) | |||
| CVE-2020-24511 | high | — | 8.0 | 5y ago | RHSA-2021:3027: microcode_ctl security, bug fix and enhancement update (Important) | |||
| CVE-2020-24513 | high | — | 8.0 | 5y ago | RHSA-2021:2308: microcode_ctl security, bug fix and enhancement update (Important) | |||
| CVE-2020-36328 | high | — | 8.0 | 5y ago | RHSA-2021:2354: libwebp security update (Important) | |||
| CVE-2020-36329 | high | — | 8.0 | 5y ago | RHSA-2021:2354: libwebp security update (Important) | |||
| CVE-2020-24489 | high | — | 8.0 | 5y ago | RHSA-2021:3027: microcode_ctl security, bug fix and enhancement update (Important) | |||
| CVE-2020-15257 | high | — | 8.0 | 5y ago | containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed t… | |||
| CVE-2020-10696 | high | — | 8.0 | 5y ago | RHSA-2020:1932: container-tools:rhel8 security update (Important) | |||
| CVE-2020-25097 | high | — | 8.0 | 5y ago | RHSA-2021:1979: squid:4 security update (Important) | |||
| CVE-2020-25643 | high | — | 8.0 | 5y ago | A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function wh… | |||
| CVE-2020-12464 | high | — | 8.0 | 5y ago | usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. | |||
| CVE-2020-14314 | high | — | 8.0 | 5y ago | A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to… | |||
| CVE-2020-12363 | high | — | 8.0 | 5y ago | Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial o… | |||
| CVE-2020-15437 | high | — | 8.0 | 5y ago | The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service… | |||
| CVE-2020-24394 | high | — | 8.0 | 5y ago | In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs be… | |||
| CVE-2020-0431 | high | — | 8.0 | 5y ago | In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. U… | |||
| CVE-2020-25704 | high | — | 8.0 | 5y ago | A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denia… | |||
| CVE-2020-36322 | high | — | 8.0 | 5y ago | An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a … | |||
| CVE-2020-14356 | high | — | 8.0 | 5y ago | A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or e… | |||
| CVE-2020-12364 | high | — | 8.0 | 5y ago | Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a den… | |||
| CVE-2020-12362 | high | — | 8.0 | 5y ago | Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a… | |||
| CVE-2020-12114 | high | — | 8.0 | 5y ago | A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to … | |||
| CVE-2020-28974 | high | — | 8.0 | 5y ago | A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs … | |||
| CVE-2020-35508 | high | — | 8.0 | 5y ago | A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local… | |||
| CVE-2020-25285 | high | — | 8.0 | 5y ago | A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly hav… | |||
| CVE-2020-11608 | high | — | 8.0 | 5y ago | An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoin… | |||
| CVE-2020-27835 | high | — | 8.0 | 5y ago | A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash… | |||
| CVE-2020-25284 | high | — | 8.0 | 5y ago | The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map … | |||
| CVE-2020-25212 | high | — | 8.0 | 5y ago | A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nf… | |||
| CVE-2020-27786 | high | — | 8.0 | 5y ago | A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue.… | |||
| CVE-2020-25645 | high | — | 8.0 | 5y ago | A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by … | |||
| CVE-2020-36557 | high | — | 8.0 | 5y ago | A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. | |||
| CVE-2020-36694 | high | — | 8.0 | 5y ago | An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurren… | |||
| CVE-2020-28052 | high | — | 8.0 | 5y ago | Logic error in Legion of the Bouncy Castle BC Java | |||
| CVE-2020-28468 | high | — | 8.0 | 5y ago | This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code ex… | |||
| CVE-2020-28362 | high | — | 8.0 | 5y ago | RHSA-2021:0706: container-tools:2.0 security update (Important) | |||
| CVE-2020-27152 | high | — | 8.0 | 5y ago | An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge trigg… | |||
| CVE-2020-0466 | high | — | 8.0 | 5y ago | In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privilege… | |||
| CVE-2020-35517 | high | — | 8.0 | 5y ago | A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared di… | |||
| CVE-2020-8625 | high | — | 8.0 | 5y ago | RHSA-2021:0670: bind security update (Important) | |||
| CVE-2020-8696 | high | — | 8.0 | 5y ago | RHSA-2021:3027: microcode_ctl security, bug fix and enhancement update (Important) | |||
| CVE-2020-14351 | high | — | 8.0 | 5y ago | A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly esca… | |||
| CVE-2020-25705 | high | — | 8.0 | 5y ago | A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Soft… | |||
| CVE-2020-29661 | high | — | 8.0 | 5y ago | A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. | |||
| CVE-2020-17525 | high | — | 8.0 | 5y ago | RHSA-2021:0507: subversion:1.10 security update (Important) | |||
| CVE-2020-15685 | high | — | 8.0 | 5y ago | multiple issues in thunderbird | |||
| CVE-2020-26976 | high | — | 8.0 | 5y ago | When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe … | |||
| CVE-2020-25684 | high | — | 8.0 | 5y ago | multiple issues in dnsmasq | |||
| CVE-2020-25686 | high | — | 8.0 | 5y ago | multiple issues in dnsmasq | |||
| CVE-2020-25682 | high | — | 8.0 | 5y ago | multiple issues in dnsmasq | |||
| CVE-2020-25685 | high | — | 8.0 | 5y ago | multiple issues in dnsmasq | |||
| CVE-2020-25687 | high | — | 8.0 | 5y ago | multiple issues in dnsmasq |