CVEs from 2020
Total
3,794
critical
critical 206
high
high 563
medium
medium 744
low
low 60
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-36450 | unknown | — | — | 6y ago | Bunch<T> unconditionally implements Send/Sync | |||
| CVE-2020-25074 | unknown | — | — | 6y ago | The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve re… | |||
| CVE-2020-15275 | unknown | — | — | 6y ago | MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user'… | |||
| CVE-2020-28247 | unknown | — | — | 6y ago | Argument injection in sendmail transport | |||
| CVE-2020-36217 | unknown | — | — | 6y ago | may_queue's Queue lacks Send/Sync bound for its Send/Sync trait. | |||
| CVE-2020-36440 | unknown | — | — | 6y ago | `Decoder<R>` can carry `R: !Send` to other threads | |||
| CVE-2020-36209 | unknown | — | — | 6y ago | LateStatic has incorrect Sync bound | |||
| CVE-2020-36441 | unknown | — | — | 6y ago | AtomicBox<T> implements Send/Sync for any `T: Sized` | |||
| CVE-2020-36460 | unknown | — | — | 6y ago | `Shared` can cause a data race | |||
| CVE-2020-36458 | unknown | — | — | 6y ago | ReaderResult should be bounded by Sync | |||
| CVE-2020-36457 | unknown | — | — | 6y ago | AtomicBox<T> lacks bound on its Send and Sync traits allowing data races | |||
| CVE-2020-36215 | unknown | — | — | 6y ago | hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait. | |||
| CVE-2020-7764 | unknown | — | — | 6y ago | Web Cache Poisoning in find-my-way | |||
| CVE-2020-36204 | unknown | — | — | 6y ago | TreeFocus lacks bounds on its Send and Sync traits | |||
| CVE-2020-35913 | unknown | — | — | 6y ago | An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockReadGuard unsoundness. | |||
| CVE-2020-35909 | unknown | — | — | 6y ago | Unexpected panic in multihash `from_slice` parsing code | |||
| CVE-2020-35911 | unknown | — | — | 6y ago | An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockReadGuard unsoundness. | |||
| CVE-2020-35912 | unknown | — | — | 6y ago | An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockWriteGuard unsoundness. | |||
| CVE-2020-35914 | unknown | — | — | 6y ago | An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockWriteGuard unsoundness. | |||
| CVE-2020-35910 | unknown | — | — | 6y ago | An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness. | |||
| CVE-2020-35919 | unknown | — | — | 6y ago | An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | |||
| CVE-2020-35920 | unknown | — | — | 6y ago | An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | |||
| CVE-2020-7763 | unknown | — | — | 6y ago | Arbitrary File Read in phantom-html-to-pdf | |||
| CVE-2020-26214 | unknown | — | — | 6y ago | In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deplo… | |||
| CVE-2020-15273 | unknown | — | — | 6y ago | Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0 | |||
| CVE-2020-27216 | unknown | — | — | 6y ago | Local Temp Directory Hijacking Vulnerability | |||
| CVE-2020-15240 | unknown | — | — | 6y ago | omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can al… | |||
| CVE-2020-36464 | unknown | — | — | 6y ago | Use-after-free when cloning a partially consumed `Vec` iterator | |||
| CVE-2020-35922 | unknown | — | — | 6y ago | An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | |||
| CVE-2020-35915 | unknown | — | — | 6y ago | GenericMutexGuard allows data races of non-Sync types across threads | |||
| CVE-2020-36219 | unknown | — | — | 6y ago | AtomicOption should have Send + Sync bound on its type argument. | |||
| CVE-2020-15276 | unknown | — | — | 6y ago | Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0 | |||
| CVE-2020-15244 | unknown | — | — | 6y ago | RCE via PHP Object injection via SOAP Requests | |||
| CVE-2020-15277 | unknown | — | — | 6y ago | Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0 | |||
| CVE-2020-27666 | unknown | — | — | 6y ago | Cross-site Scripting in Strapi | |||
| CVE-2020-27665 | unknown | — | — | 6y ago | Improper Authorization in Strapi | |||
| CVE-2020-36442 | unknown | — | — | 6y ago | beef::Cow lacks a Sync bound on its Send trait allowing for data races | |||
| CVE-2020-26300 | unknown | — | — | 6y ago | systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fix… | |||
| CVE-2020-15278 | unknown | — | — | 6y ago | Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hiera… | |||
| CVE-2020-7752 | unknown | — | — | 6y ago | This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execu… | |||
| CVE-2020-15270 | unknown | — | — | 6y ago | receiving subscription objects with deleted session | |||
| CVE-2020-15271 | unknown | — | — | 6y ago | In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Users that use lookatme to render untrusted markdown … | |||
| CVE-2020-26943 | unknown | — | — | 6y ago | An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the us… | |||
| CVE-2020-35905 | unknown | — | — | 6y ago | MutexGuard::map can cause a data race in safe code | |||
| CVE-2020-15269 | unknown | — | — | 6y ago | Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls | |||
| CVE-2020-7670 | unknown | — | — | 6y ago | HTTP Request Smuggling in Agoo | |||
| CVE-2020-15256 | unknown | — | — | 6y ago | A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is u… | |||
| CVE-2020-15245 | unknown | — | — | 6y ago | Ability to switch customer email address on account detail page and stay verified | |||
| CVE-2020-15263 | unknown | — | — | 6y ago | Inline attribute values were not processed. | |||
| CVE-2020-15262 | unknown | — | — | 6y ago | Unprotected dynamically loaded chunks | |||
| CVE-2020-8929 | unknown | — | — | 6y ago | Ciphertext Malleability Issue in Tink Java | |||
| CVE-2020-15252 | unknown | — | — | 6y ago | RCE in XWiki | |||
| CVE-2020-15251 | unknown | — | — | 6y ago | In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled… | |||
| CVE-2020-15250 | unknown | — | — | 6y ago | In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared bet… | |||
| CVE-2020-26149 | unknown | — | — | 6y ago | Sensitive data exposure in NATS | |||
| CVE-2020-15241 | unknown | — | — | 6y ago | Cross-Site Scripting in ternary conditional operator | |||
| CVE-2020-15242 | unknown | — | — | 6y ago | Open Redirect in Next.js versions | |||
| CVE-2020-8264 | unknown | — | — | 6y ago | In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL whic… | |||
| CVE-2020-15239 | unknown | — | — | 6y ago | In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a `.data` suffix and which are accompanied by a JSON file with the `.meta` suffix. This … | |||
| CVE-2020-15215 | unknown | — | — | 6y ago | Context isolation bypass in Electron | |||
| CVE-2020-15174 | unknown | — | — | 6y ago | Unpreventable top-level navigation | |||
| CVE-2020-15237 | unknown | — | — | 6y ago | Possible timing attack in derivation_endpoint | |||
| CVE-2020-15170 | unknown | — | — | 6y ago | Potential access control security issue in apollo-adminservice | |||
| CVE-2020-15227 | unknown | — | — | 6y ago | Potential Remote Code Execution vulnerability | |||
| CVE-2020-24807 | unknown | — | — | 6y ago | File restriction bypass in socket.io-file | |||
| CVE-2020-15228 | unknown | — | — | 6y ago | Environment Variable Injection in GitHub Actions | |||
| CVE-2020-15225 | unknown | — | — | 6y ago | django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated `NumberFilter` instances, whose value was lat… | |||
| CVE-2020-35903 | unknown | — | — | 6y ago | VecCopy allows misaligned access to elements | |||
| CVE-2020-35900 | unknown | — | — | 6y ago | array_queue pop_back() may cause a use-after-free | |||
| CVE-2020-15212 | unknown | — | — | 6y ago | In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. U… | |||
| CVE-2020-15214 | unknown | — | — | 6y ago | In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids a… | |||
| CVE-2020-15213 | unknown | — | — | 6y ago | In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code us… | |||
| CVE-2020-15210 | unknown | — | — | 6y ago | In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can… | |||
| CVE-2020-15211 | unknown | — | — | 6y ago | In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set o… | |||
| CVE-2020-15209 | unknown | — | — | 6y ago | In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by chang… | |||
| CVE-2020-15208 | unknown | — | — | 6y ago | In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation… | |||
| CVE-2020-15207 | unknown | — | — | 6y ago | In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. Ho… | |||
| CVE-2020-15204 | unknown | — | — | 6y ago | In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results… | |||
| CVE-2020-15206 | unknown | — | — | 6y ago | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corrup… | |||
| CVE-2020-15205 | unknown | — | — | 6y ago | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap ov… | |||
| CVE-2020-15203 | unknown | — | — | 6y ago | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability … | |||
| CVE-2020-15202 | unknown | — | — | 6y ago | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However… | |||
| CVE-2020-15201 | unknown | — | — | 6y ago | In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the … | |||
| CVE-2020-15200 | unknown | — | — | 6y ago | In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the … | |||
| CVE-2020-15197 | unknown | — | — | 6y ago | In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the … | |||
| CVE-2020-15195 | unknown | — | — | 6y ago | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an… | |||
| CVE-2020-15193 | unknown | — | — | 6y ago | In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 gl… | |||
| CVE-2020-15191 | unknown | — | — | 6y ago | In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` v… | |||
| CVE-2020-15199 | unknown | — | — | 6y ago | In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the `splits` tensor… | |||
| CVE-2020-15198 | unknown | — | — | 6y ago | In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the … | |||
| CVE-2020-15196 | unknown | — | — | 6y ago | In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. The check exists for … | |||
| CVE-2020-15194 | unknown | — | — | 6y ago | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map… | |||
| CVE-2020-15192 | unknown | — | — | 6y ago | In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. The issue occurs because the `… | |||
| CVE-2020-15190 | unknown | — | — | 6y ago | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, o… | |||
| CVE-2020-35896 | unknown | — | — | 6y ago | Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory | |||
| CVE-2020-25768 | unknown | — | — | 6y ago | Contao Insert tag injection in forms | |||
| CVE-2020-35895 | unknown | — | — | 6y ago | Missing check in ArrayVec leads to out-of-bounds write. | |||
| CVE-2020-35897 | unknown | — | — | 6y ago | Unsafe Send implementation in Atom allows data races | |||
| CVE-2020-25489 | unknown | — | — | 6y ago | A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption. | |||
| CVE-2020-25739 | unknown | — | — | 6y ago | An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in go… |