CVEs from 2020
Total
3,801
critical
critical 206
high
high 563
medium
medium 744
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-9951 | medium | — | 5.5 | 5y ago | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | |||
| CVE-2020-27618 | medium | — | 5.5 | 5y ago | RHSA-2021:1585: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8231 | medium | — | 5.5 | 5y ago | Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. | |||
| CVE-2020-8284 | medium | — | 5.5 | 5y ago | A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about ser… | |||
| CVE-2020-8285 | medium | — | 5.5 | 5y ago | curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. | |||
| CVE-2020-8286 | medium | — | 5.5 | 5y ago | curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. | |||
| CVE-2020-13776 | medium | — | 5.5 | 5y ago | systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user acc… | |||
| CVE-2020-24977 | medium | — | 5.5 | 5y ago | GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. | |||
| CVE-2020-28196 | medium | — | 5.5 | 5y ago | RHSA-2021:1593: krb5 security update (Moderate) | |||
| CVE-2020-12108 | medium | — | 5.5 | 5y ago | RHSA-2021:1751: mailman:2.1 security update (Moderate) | |||
| CVE-2020-26117 | medium | — | 5.5 | 5y ago | RHSA-2021:1783: tigervnc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-28935 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-10878 | medium | — | 5.5 | 5y ago | RHSA-2021:1678: perl security and bug fix update (Moderate) | |||
| CVE-2020-15358 | medium | — | 5.5 | 5y ago | RHSA-2021:1581: sqlite security update (Moderate) | |||
| CVE-2020-15011 | medium | — | 5.5 | 5y ago | RHSA-2021:1751: mailman:2.1 security update (Moderate) | |||
| CVE-2020-10543 | medium | — | 5.5 | 5y ago | RHSA-2021:1678: perl security and bug fix update (Moderate) | |||
| CVE-2020-7754 | medium | — | 5.5 | 5y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-1747 | medium | — | 5.5 | 5y ago | RHSA-2021:2583: python38:3.8 and python38-devel:3.8 security update (Moderate) | |||
| CVE-2020-35678 | medium | — | 5.5 | 5y ago | Autobahn|Python before 20.12.3 allows redirect header injection. | |||
| CVE-2020-28473 | medium | — | 5.5 | 5y ago | The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), … | |||
| CVE-2020-28374 | medium | — | 5.5 | 5y ago | In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via direct… | |||
| CVE-2020-35518 | medium | — | 5.5 | 5y ago | RHSA-2021:1086: 389-ds:1.4 security and bug fix update (Moderate) | |||
| CVE-2020-28463 | medium | — | 5.5 | 5y ago | All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Step… | |||
| CVE-2020-7774 | medium | — | 5.5 | 5y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-14343 | medium | — | 5.5 | 5y ago | RHSA-2021:2583: python38:3.8 and python38-devel:3.8 security update (Moderate) | |||
| CVE-2020-28493 | medium | — | 5.5 | 5y ago | RHSA-2021:4162: python38:3.8 and python38-devel:3.8 security update (Moderate) | |||
| CVE-2020-24583 | medium | — | 5.5 | 5y ago | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level d… | |||
| CVE-2020-24584 | medium | — | 5.5 | 5y ago | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's st… | |||
| CVE-2020-35653 | medium | — | 5.5 | 5y ago | RHSA-2021:4149: python-pillow security update (Moderate) | |||
| CVE-2020-35655 | medium | — | 5.5 | 5y ago | RHSA-2021:4149: python-pillow security update (Moderate) | |||
| CVE-2020-35654 | medium | — | 5.5 | 5y ago | In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. | |||
| CVE-2020-13949 | medium | — | 5.5 | 5y ago | Uncontrolled Resource Consumption in Apache Thrift | |||
| CVE-2020-8265 | medium | — | 5.5 | 5y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-8287 | medium | — | 5.5 | 5y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-12400 | medium | — | 5.5 | 5y ago | When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects F… | |||
| CVE-2020-12401 | medium | — | 5.5 | 5y ago | During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This… | |||
| CVE-2020-12403 | medium | — | 5.5 | 5y ago | A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly di… | |||
| CVE-2020-12723 | medium | — | 5.5 | 5y ago | RHSA-2021:0557: perl security update (Moderate) | |||
| CVE-2020-6829 | medium | — | 5.5 | 5y ago | When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-m… | |||
| CVE-2020-36242 | medium | — | 5.5 | 5y ago | RHSA-2021:1608: python-cryptography security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11979 | medium | — | 5.5 | 5y ago | Code injection in Apache Ant | |||
| CVE-2020-26272 | medium | — | 5.5 | 5y ago | IPC messages delivered to the wrong frame in Electron | |||
| CVE-2020-27783 | medium | — | 5.5 | 6y ago | RHSA-2021:1898: python-lxml security update (Moderate) | |||
| CVE-2020-26297 | medium | — | 5.5 | 6y ago | XSS in mdBook's search page | |||
| CVE-2020-26275 | medium | — | 5.5 | 6y ago | The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version … | |||
| CVE-2020-13249 | medium | — | 5.5 | 6y ago | RHSA-2020:5503: mariadb-connector-c security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14776 | medium | — | 5.5 | 6y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14789 | medium | — | 5.5 | 6y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14812 | medium | — | 5.5 | 6y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8277 | medium | — | 5.5 | 6y ago | RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) | |||
| CVE-2020-25654 | medium | — | 5.5 | 6y ago | RHSA-2020:5487: pacemaker security update (Moderate) | |||
| CVE-2020-24659 | medium | — | 5.5 | 6y ago | RHSA-2020:5483: gnutls security and bug fix update (Moderate) | |||
| CVE-2020-16166 | medium | — | 5.5 | 6y ago | The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is relat… | |||
| CVE-2020-28214 | medium | 5.5 | 5.5 | 6y ago | A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictiona… | |||
| CVE-2020-26257 | medium | — | 5.5 | 6y ago | Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed e… | |||
| CVE-2020-28948 | medium | — | 5.5 | 6y ago | RHSA-2022:6542: php:7.4 security update (Moderate) | |||
| CVE-2020-28941 | medium | 5.5 | 5.5 | 6y ago | An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack… | |||
| CVE-2020-15266 | medium | — | 5.5 | 6y ago | In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Atte… | |||
| CVE-2020-15265 | medium | — | 5.5 | 6y ago | In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tens… | |||
| CVE-2020-8624 | medium | — | 5.5 | 6y ago | RHSA-2020:4500: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1751 | medium | — | 5.5 | 6y ago | RHSA-2020:4444: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-10029 | medium | — | 5.5 | 6y ago | RHSA-2020:4444: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11653 | medium | — | 5.5 | 6y ago | An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There … | |||
| CVE-2020-12137 | medium | — | 5.5 | 6y ago | RHSA-2020:4667: mailman:2.1 security and bug fix update (Moderate) | |||
| CVE-2020-8177 | medium | — | 5.5 | 6y ago | curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | |||
| CVE-2020-0198 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-12767 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13113 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13114 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1931 | medium | — | 5.5 | 6y ago | RHSA-2020:4625: spamassassin security update (Moderate) | |||
| CVE-2020-1930 | medium | — | 5.5 | 6y ago | RHSA-2020:4625: spamassassin security update (Moderate) | |||
| CVE-2020-1730 | medium | — | 5.5 | 6y ago | RHSA-2020:4545: libssh security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-9327 | medium | — | 5.5 | 6y ago | RHSA-2020:4442: sqlite security update (Moderate) | |||
| CVE-2020-1752 | medium | — | 5.5 | 6y ago | RHSA-2020:4444: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14382 | medium | — | 5.5 | 6y ago | RHSA-2020:4542: cryptsetup security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0556 | medium | — | 5.5 | 6y ago | RHSA-2020:4481: bluez security update (Moderate) | |||
| CVE-2020-6405 | medium | — | 5.5 | 6y ago | Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2020-8631 | medium | — | 5.5 | 6y ago | RHSA-2020:4650: cloud-init security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13867 | medium | — | 5.5 | 6y ago | RHSA-2020:4697: targetcli security and enhancement update (Moderate) | |||
| CVE-2020-8632 | medium | — | 5.5 | 6y ago | RHSA-2020:4650: cloud-init security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0182 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8623 | medium | — | 5.5 | 6y ago | RHSA-2020:4500: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-10737 | medium | — | 5.5 | 6y ago | RHSA-2020:4687: oddjob security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8619 | medium | — | 5.5 | 6y ago | RHSA-2020:4500: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1721 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0181 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-0093 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-10730 | medium | — | 5.5 | 6y ago | RHSA-2020:4568: libldb security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8622 | medium | — | 5.5 | 6y ago | RHSA-2020:4500: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-25715 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-15720 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-25690 | medium | — | 5.5 | 6y ago | RHSA-2020:4844: fontforge security update (Moderate) | |||
| CVE-2020-10967 | medium | — | 5.5 | 6y ago | In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart. | |||
| CVE-2020-10958 | medium | — | 5.5 | 6y ago | In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving … | |||
| CVE-2020-1927 | medium | — | 5.5 | 6y ago | In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL… | |||
| CVE-2020-1934 | medium | — | 5.5 | 6y ago | In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. | |||
| CVE-2020-14058 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-15049 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-24606 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8449 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) |