CVEs from 2020
Total
3,809
critical
critical 206
high
high 563
medium
medium 743
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-13434 | medium | — | 5.5 | 5y ago | RHSA-2021:1968: mingw packages security and bug fix update (Moderate) | |||
| CVE-2020-13631 | medium | — | 5.5 | 5y ago | RHSA-2021:1968: mingw packages security and bug fix update (Moderate) | |||
| CVE-2020-25275 | medium | — | 5.5 | 5y ago | Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts. | |||
| CVE-2020-24386 | medium | — | 5.5 | 5y ago | An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email m… | |||
| CVE-2020-27778 | medium | — | 5.5 | 5y ago | A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' … | |||
| CVE-2020-26116 | medium | — | 5.5 | 5y ago | http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by ins… | |||
| CVE-2020-16308 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16305 | medium | — | 5.5 | 5y ago | RHSA-2023:7053: ghostscript security and bug fix update (Moderate) | |||
| CVE-2020-14373 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16287 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16288 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16289 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16290 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16291 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16298 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16300 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16292 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16293 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16294 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16296 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16295 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16297 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16299 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16301 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16303 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16302 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16304 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16306 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16307 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16309 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-16310 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-17538 | medium | — | 5.5 | 5y ago | RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11098 | medium | — | 5.5 | 5y ago | RHSA-2021:1849: freerdp security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11097 | medium | — | 5.5 | 5y ago | RHSA-2021:1849: freerdp security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11095 | medium | — | 5.5 | 5y ago | RHSA-2021:1849: freerdp security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-4033 | medium | — | 5.5 | 5y ago | RHSA-2021:1849: freerdp security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11096 | medium | — | 5.5 | 5y ago | RHSA-2021:1849: freerdp security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-15103 | medium | — | 5.5 | 5y ago | RHSA-2021:1849: freerdp security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-4030 | medium | — | 5.5 | 5y ago | RHSA-2021:1849: freerdp security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11099 | medium | — | 5.5 | 5y ago | RHSA-2021:1849: freerdp security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-25713 | medium | — | 5.5 | 5y ago | A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common. | |||
| CVE-2020-14397 | medium | — | 5.5 | 5y ago | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. | |||
| CVE-2020-25708 | medium | — | 5.5 | 5y ago | A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a fl… | |||
| CVE-2020-14405 | medium | — | 5.5 | 5y ago | An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. | |||
| CVE-2020-11993 | medium | — | 5.5 | 5y ago | Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing con… | |||
| CVE-2020-11984 | medium | — | 5.5 | 5y ago | Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE | |||
| CVE-2020-14344 | medium | — | 5.5 | 5y ago | RHSA-2021:1804: userspace graphics, xorg-x11, and mesa security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14345 | medium | — | 5.5 | 5y ago | A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerab… | |||
| CVE-2020-14346 | medium | — | 5.5 | 5y ago | A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat … | |||
| CVE-2020-14361 | medium | — | 5.5 | 5y ago | A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vul… | |||
| CVE-2020-14347 | medium | — | 5.5 | 5y ago | A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could r… | |||
| CVE-2020-14363 | medium | — | 5.5 | 5y ago | RHSA-2021:1804: userspace graphics, xorg-x11, and mesa security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14362 | medium | — | 5.5 | 5y ago | A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vul… | |||
| CVE-2020-14360 | medium | — | 5.5 | 5y ago | A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerabi… | |||
| CVE-2020-25712 | medium | — | 5.5 | 5y ago | A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data … | |||
| CVE-2020-25652 | medium | — | 5.5 | 5y ago | A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any … | |||
| CVE-2020-25651 | medium | — | 5.5 | 5y ago | A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active fil… | |||
| CVE-2020-25650 | medium | — | 5.5 | 5y ago | A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path … | |||
| CVE-2020-25653 | medium | — | 5.5 | 5y ago | A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice… | |||
| CVE-2020-12695 | medium | — | 5.5 | 5y ago | RHSA-2021:1789: gssdp and gupnp security update (Moderate) | |||
| CVE-2020-25637 | medium | — | 5.5 | 5y ago | RHSA-2021:1762: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-29129 | medium | — | 5.5 | 5y ago | ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | |||
| CVE-2020-29130 | medium | — | 5.5 | 5y ago | slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | |||
| CVE-2020-11947 | medium | — | 5.5 | 5y ago | iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. | |||
| CVE-2020-16092 | medium | — | 5.5 | 5y ago | In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw t… | |||
| CVE-2020-29443 | medium | — | 5.5 | 5y ago | ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. | |||
| CVE-2020-28916 | medium | — | 5.5 | 5y ago | hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. | |||
| CVE-2020-25723 | medium | — | 5.5 | 5y ago | A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged us… | |||
| CVE-2020-27821 | medium | — | 5.5 | 5y ago | A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MM… | |||
| CVE-2020-25707 | medium | — | 5.5 | 5y ago | RHSA-2021:1762: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-17507 | medium | — | 5.5 | 5y ago | RHSA-2021:1756: qt5-qtbase security and bug fix update (Moderate) | |||
| CVE-2020-12867 | medium | — | 5.5 | 5y ago | RHSA-2021:1744: sane-backends security update (Moderate) | |||
| CVE-2020-27749 | medium | — | 5.5 | 5y ago | RHSA-2021:2566: fwupd security update (Moderate) | |||
| CVE-2020-25632 | medium | — | 5.5 | 5y ago | RHSA-2021:2566: fwupd security update (Moderate) | |||
| CVE-2020-27779 | medium | — | 5.5 | 5y ago | RHSA-2021:2566: fwupd security update (Moderate) | |||
| CVE-2020-14372 | medium | — | 5.5 | 5y ago | RHSA-2021:2566: fwupd security update (Moderate) | |||
| CVE-2020-25647 | medium | — | 5.5 | 5y ago | RHSA-2021:2566: fwupd security update (Moderate) | |||
| CVE-2020-14323 | medium | — | 5.5 | 5y ago | RHSA-2021:1647: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14318 | medium | — | 5.5 | 5y ago | RHSA-2021:1647: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-24332 | medium | — | 5.5 | 5y ago | RHSA-2021:1627: trousers security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-24330 | medium | — | 5.5 | 5y ago | RHSA-2021:1627: trousers security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-24331 | medium | — | 5.5 | 5y ago | RHSA-2021:1627: trousers security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-29363 | medium | — | 5.5 | 5y ago | RHSA-2021:1609: p11-kit security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-29361 | medium | — | 5.5 | 5y ago | RHSA-2021:1609: p11-kit security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-29362 | medium | — | 5.5 | 5y ago | RHSA-2021:1609: p11-kit security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-26570 | medium | — | 5.5 | 5y ago | RHSA-2021:1600: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-26571 | medium | — | 5.5 | 5y ago | RHSA-2021:1600: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-26572 | medium | — | 5.5 | 5y ago | RHSA-2021:1600: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-27153 | medium | — | 5.5 | 5y ago | RHSA-2021:1598: bluez security update (Moderate) | |||
| CVE-2020-16125 | medium | — | 5.5 | 5y ago | RHSA-2021:1586: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-9983 | medium | — | 5.5 | 5y ago | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution. | |||
| CVE-2020-13584 | medium | — | 5.5 | 5y ago | An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code executio… | |||
| CVE-2020-9951 | medium | — | 5.5 | 5y ago | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | |||
| CVE-2020-9948 | medium | — | 5.5 | 5y ago | A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | |||
| CVE-2020-13543 | medium | — | 5.5 | 5y ago | A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code … | |||
| CVE-2020-27618 | medium | — | 5.5 | 5y ago | RHSA-2021:1585: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8286 | medium | — | 5.5 | 5y ago | curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. | |||
| CVE-2020-13776 | medium | — | 5.5 | 5y ago | systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user acc… | |||
| CVE-2020-8285 | medium | — | 5.5 | 5y ago | curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. | |||
| CVE-2020-15011 | medium | — | 5.5 | 5y ago | RHSA-2021:1751: mailman:2.1 security update (Moderate) |