CVEs from 2020
Total
3,802
critical
critical 206
high
high 563
medium
medium 743
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-2800 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2781 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2757 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2756 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2778 | high | — | 8.0 | 6y ago | RHSA-2020:1514: java-11-openjdk security update (Important) | |||
| CVE-2020-2767 | high | — | 8.0 | 6y ago | RHSA-2020:1514: java-11-openjdk security update (Important) | |||
| CVE-2020-2755 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2754 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-6822 | high | — | 8.0 | 6y ago | On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is possible that with enough effort this could have been explo… | |||
| CVE-2020-7039 | high | — | 8.0 | 6y ago | tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds a… | |||
| CVE-2020-1711 | high | — | 8.0 | 6y ago | An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a… | |||
| CVE-2020-8608 | high | — | 8.0 | 6y ago | In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. | |||
| CVE-2020-10188 | high | — | 8.0 | 6y ago | RHSA-2020:1318: telnet security update (Important) | |||
| CVE-2020-7598 | high | — | 8.0 | 6y ago | RHSA-2020:2852: nodejs:12 security update (Important) | |||
| CVE-2020-5313 | high | — | 8.0 | 6y ago | RHSA-2020:3185: python-pillow security update (Important) | |||
| CVE-2020-5208 | high | — | 8.0 | 6y ago | RHSA-2020:0981: ipmitool security update (Important) | |||
| CVE-2020-10531 | high | — | 8.0 | 6y ago | RHSA-2020:1317: nodejs:10 security update (Important) | |||
| CVE-2020-8597 | high | — | 8.0 | 6y ago | eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. | |||
| CVE-2020-1712 | high | — | 8.0 | 6y ago | A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse… | |||
| CVE-2020-8112 | high | — | 8.0 | 6y ago | RHSA-2020:0570: openjpeg2 security update (Important) | |||
| CVE-2020-6851 | high | — | 8.0 | 6y ago | RHSA-2020:0274: openjpeg2 security update (Important) | |||
| CVE-2020-2659 | high | — | 8.0 | 7y ago | RHSA-2020:0465: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2590 | high | — | 8.0 | 7y ago | RHSA-2020:3386: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2601 | high | — | 8.0 | 7y ago | RHSA-2020:3386: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2583 | high | — | 8.0 | 7y ago | RHSA-2020:0465: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2593 | high | — | 8.0 | 7y ago | RHSA-2020:0465: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2604 | high | — | 8.0 | 7y ago | RHSA-2020:0465: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2654 | high | — | 8.0 | 7y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2655 | high | — | 8.0 | 7y ago | RHSA-2020:0128: java-11-openjdk security update (Important) | |||
| CVE-2020-10720 | high | — | 8.0 | 7y ago | A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system. | |||
| CVE-2020-37247 | high | 7.8 | 7.8 | 20d ago | Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers … | |||
| CVE-2020-37232 | high | 7.8 | 7.8 | 20d ago | Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Atta… | |||
| CVE-2020-37231 | high | 7.8 | 7.8 | 20d ago | Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Atta… | |||
| CVE-2020-37230 | high | 7.8 | 7.8 | 20d ago | Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path… | |||
| CVE-2020-37229 | high | 7.8 | 7.8 | 20d ago | OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unqu… | |||
| CVE-2020-37223 | high | 7.8 | 7.8 | 23d ago | IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a maliciou… | |||
| CVE-2020-17091 | high | 7.8 | 7.8 | 6y ago | Microsoft Teams Remote Code Execution Vulnerability | |||
| CVE-2020-17003 | high | 7.8 | 7.8 | 6y ago | <p>A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.</p> <p>An attacker who successfully exploited the vulnerability would gain execution on a v… | |||
| CVE-2020-16918 | high | 7.8 | 7.8 | 6y ago | <p>A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.</p> <p>An attacker who successfully exploited the vulnerability would gain execution on a v… | |||
| CVE-2020-11725 | high | 7.8 | 7.8 | 6y ago | snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effe… | |||
| CVE-2020-10648 | high | 7.8 | 7.8 | 6y ago | Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default con… | |||
| CVE-2020-37245 | high | 7.5 | 7.5 | 20d ago | Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequ… | |||
| CVE-2020-37220 | high | 7.5 | 7.5 | 23d ago | Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can quer… | |||
| CVE-2020-37219 | high | 7.5 | 7.5 | 23d ago | Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET reques… | |||
| CVE-2020-37130 | high | 7.5 | 7.5 | 4mo ago | Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 byte… | |||
| CVE-2020-37015 | high | 7.5 | 7.5 | 4mo ago | The Ruijie Networks Switch eWeb S29_RGOS version 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file p… | |||
| CVE-2020-37011 | high | 7.5 | 7.5 | 4mo ago | Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially cr… | |||
| CVE-2020-25720 | high | 7.5 | 7.5 | 2y ago | A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-se… | |||
| CVE-2020-27279 | high | 7.5 | 7.5 | 6y ago | A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build version… | |||
| CVE-2020-15783 | high | 7.5 | 7.5 | 6y ago | A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Se… | |||
| CVE-2020-16927 | high | 7.5 | 7.5 | 6y ago | <p>A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfull… | |||
| CVE-2020-7488 | high | 7.5 | 7.5 | 6y ago | A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 cont… | |||
| CVE-2020-7477 | high | 7.5 | 7.5 | 6y ago | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethern… | |||
| CVE-2020-6988 | high | 7.5 | 7.5 | 6y ago | Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthe… | |||
| CVE-2020-6984 | high | 7.5 | 7.5 | 6y ago | Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic… | |||
| CVE-2020-6986 | high | 7.5 | 7.5 | 6y ago | In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which in turn causes a PLC se… | |||
| CVE-2020-7566 | high | 7.3 | 7.3 | 6y ago | A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured t… | |||
| CVE-2020-7565 | high | 7.3 | 7.3 | 6y ago | A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured … | |||
| CVE-2020-37222 | high | 7.2 | 7.2 | 23d ago | Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoi… | |||
| CVE-2020-37226 | high | 7.1 | 7.1 | 23d ago | Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Att… | |||
| CVE-2020-37224 | high | 7.1 | 7.1 | 23d ago | Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Att… | |||
| CVE-2020-17103 | high | 7.0 | 7.0 | 6y ago | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||
| CVE-2020-28209 | high | 7.0 | 7.0 | 6y ago | A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any… | |||
| CVE-2020-9488 | low | 3.7 | 3.7 | 6y ago | Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log mess… | |||
| CVE-2020-7656 | low | — | 3.5 | 6y ago | RHSA-2021:4142: pcs security, bug fix, and enhancement update (Low) | |||
| CVE-2020-22024 | low | — | 2.5 | — | Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service. | |||
| CVE-2020-35450 | low | — | 2.5 | — | Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls. | |||
| CVE-2020-20448 | low | — | 2.5 | — | FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service. | |||
| CVE-2020-14196 | low | — | 2.5 | — | In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced. | |||
| CVE-2020-22026 | low | — | 2.5 | — | Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service. | |||
| CVE-2020-24823 | low | — | 2.5 | — | A vulnerability in the dwarf::to_string function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||
| CVE-2020-16121 | low | — | 2.5 | — | PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own. | |||
| CVE-2020-27837 | low | — | 2.5 | — | A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessin… | |||
| CVE-2020-27675 | low | — | 2.5 | — | An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condit… | |||
| CVE-2020-18774 | low | — | 2.5 | — | A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. | |||
| CVE-2020-25639 | low | — | 2.5 | — | A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This fl… | |||
| CVE-2020-27673 | low | — | 2.5 | — | An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e995… | |||
| CVE-2020-25691 | low | — | 2.5 | — | denial of service in darkhttpd | |||
| CVE-2020-28030 | low | — | 2.5 | — | In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. | |||
| CVE-2020-12823 | low | — | 2.5 | — | OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. | |||
| CVE-2020-24825 | low | — | 2.5 | — | A vulnerability in the line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||
| CVE-2020-18974 | low | — | 2.5 | — | Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147. | |||
| CVE-2020-24824 | low | — | 2.5 | — | A global buffer overflow issue in the dwarf::line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS). | |||
| CVE-2020-35112 | low | — | 2.5 | — | If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an … | |||
| CVE-2020-18773 | low | — | 2.5 | — | An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. | |||
| CVE-2020-24826 | low | — | 2.5 | — | A vulnerability in the elf::section::as_strtab function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||
| CVE-2020-12755 | low | — | 2.5 | — | fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended… | |||
| CVE-2020-35501 | low | — | 2.5 | — | A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem | |||
| CVE-2020-9359 | low | — | 2.5 | — | KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. | |||
| CVE-2020-15466 | low | — | 2.5 | — | In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations. | |||
| CVE-2020-22028 | low | — | 2.5 | — | Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service. | |||
| CVE-2020-29562 | low | — | 2.5 | — | The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, … | |||
| CVE-2020-24821 | low | — | 2.5 | — | A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||
| CVE-2020-24822 | low | — | 2.5 | — | A vulnerability in the dwarf::cursor::uleb function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||
| CVE-2020-24827 | low | — | 2.5 | — | A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||
| CVE-2020-11867 | low | — | 2.5 | — | Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and… | |||
| CVE-2020-24363 | unknown | — | 2.5 | 9mo ago | TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST … | |||
| CVE-2020-2883 | unknown | — | 2.5 | 1y ago | Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3. | |||
| CVE-2020-0618 | unknown | — | 2.5 | 2y ago | Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. An authenticated attacker can exploit this vulnerability to execute code in t… | |||
| CVE-2020-21710 | low | — | 2.5 | 2y ago | RHSA-2024:2966: ghostscript security update (Low) |