CVEs from 2020
Total
3,802
critical
critical 206
high
high 563
medium
medium 745
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-1967 | high | — | 8.0 | 6y ago | Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signat… | |||
| CVE-2020-5260 | high | — | 8.0 | 6y ago | RHSA-2020:1513: git security update (Important) | |||
| CVE-2020-2803 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2800 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2781 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2757 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2756 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2816 | high | — | 8.0 | 6y ago | RHSA-2020:1514: java-11-openjdk security update (Important) | |||
| CVE-2020-2830 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2805 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2778 | high | — | 8.0 | 6y ago | RHSA-2020:1514: java-11-openjdk security update (Important) | |||
| CVE-2020-2754 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2755 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2767 | high | — | 8.0 | 6y ago | RHSA-2020:1514: java-11-openjdk security update (Important) | |||
| CVE-2020-6822 | high | — | 8.0 | 6y ago | On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is possible that with enough effort this could have been explo… | |||
| CVE-2020-7039 | high | — | 8.0 | 6y ago | tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds a… | |||
| CVE-2020-1711 | high | — | 8.0 | 6y ago | An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a… | |||
| CVE-2020-8608 | high | — | 8.0 | 6y ago | In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. | |||
| CVE-2020-10188 | high | — | 8.0 | 6y ago | RHSA-2020:1318: telnet security update (Important) | |||
| CVE-2020-7598 | high | — | 8.0 | 6y ago | RHSA-2020:2852: nodejs:12 security update (Important) | |||
| CVE-2020-5313 | high | — | 8.0 | 6y ago | RHSA-2020:3185: python-pillow security update (Important) | |||
| CVE-2020-5208 | high | — | 8.0 | 6y ago | RHSA-2020:0981: ipmitool security update (Important) | |||
| CVE-2020-10531 | high | — | 8.0 | 6y ago | RHSA-2020:1317: nodejs:10 security update (Important) | |||
| CVE-2020-8597 | high | — | 8.0 | 6y ago | eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. | |||
| CVE-2020-8112 | high | — | 8.0 | 6y ago | RHSA-2020:0570: openjpeg2 security update (Important) | |||
| CVE-2020-1712 | high | — | 8.0 | 6y ago | A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse… | |||
| CVE-2020-6851 | high | — | 8.0 | 6y ago | RHSA-2020:0274: openjpeg2 security update (Important) | |||
| CVE-2020-2659 | high | — | 8.0 | 7y ago | RHSA-2020:0465: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2655 | high | — | 8.0 | 7y ago | RHSA-2020:0128: java-11-openjdk security update (Important) | |||
| CVE-2020-2654 | high | — | 8.0 | 7y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2590 | high | — | 8.0 | 7y ago | RHSA-2020:3386: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2583 | high | — | 8.0 | 7y ago | RHSA-2020:0465: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2604 | high | — | 8.0 | 7y ago | RHSA-2020:0465: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2601 | high | — | 8.0 | 7y ago | RHSA-2020:3386: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2593 | high | — | 8.0 | 7y ago | RHSA-2020:0465: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-10720 | high | — | 8.0 | 7y ago | A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system. | |||
| CVE-2020-37247 | high | 7.8 | 7.8 | 20d ago | Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers … | |||
| CVE-2020-37232 | high | 7.8 | 7.8 | 20d ago | Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Atta… | |||
| CVE-2020-37231 | high | 7.8 | 7.8 | 20d ago | Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Atta… | |||
| CVE-2020-37230 | high | 7.8 | 7.8 | 20d ago | Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path… | |||
| CVE-2020-37229 | high | 7.8 | 7.8 | 20d ago | OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unqu… | |||
| CVE-2020-37223 | high | 7.8 | 7.8 | 23d ago | IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a maliciou… | |||
| CVE-2020-17091 | high | 7.8 | 7.8 | 6y ago | Microsoft Teams Remote Code Execution Vulnerability | |||
| CVE-2020-17003 | high | 7.8 | 7.8 | 6y ago | <p>A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.</p> <p>An attacker who successfully exploited the vulnerability would gain execution on a v… | |||
| CVE-2020-16918 | high | 7.8 | 7.8 | 6y ago | <p>A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.</p> <p>An attacker who successfully exploited the vulnerability would gain execution on a v… | |||
| CVE-2020-11725 | high | 7.8 | 7.8 | 6y ago | snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effe… | |||
| CVE-2020-10648 | high | 7.8 | 7.8 | 6y ago | Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default con… | |||
| CVE-2020-37245 | high | 7.5 | 7.5 | 20d ago | Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequ… | |||
| CVE-2020-37220 | high | 7.5 | 7.5 | 23d ago | Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can quer… | |||
| CVE-2020-37219 | high | 7.5 | 7.5 | 23d ago | Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET reques… | |||
| CVE-2020-37130 | high | 7.5 | 7.5 | 4mo ago | Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 byte… | |||
| CVE-2020-37015 | high | 7.5 | 7.5 | 4mo ago | The Ruijie Networks Switch eWeb S29_RGOS version 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file p… | |||
| CVE-2020-37011 | high | 7.5 | 7.5 | 4mo ago | Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially cr… | |||
| CVE-2020-25720 | high | 7.5 | 7.5 | 2y ago | A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-se… | |||
| CVE-2020-27279 | high | 7.5 | 7.5 | 6y ago | A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build version… | |||
| CVE-2020-15783 | high | 7.5 | 7.5 | 6y ago | A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Se… | |||
| CVE-2020-16927 | high | 7.5 | 7.5 | 6y ago | <p>A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfull… | |||
| CVE-2020-7488 | high | 7.5 | 7.5 | 6y ago | A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 cont… | |||
| CVE-2020-7477 | high | 7.5 | 7.5 | 6y ago | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethern… | |||
| CVE-2020-6988 | high | 7.5 | 7.5 | 6y ago | Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthe… | |||
| CVE-2020-6984 | high | 7.5 | 7.5 | 6y ago | Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic… | |||
| CVE-2020-6986 | high | 7.5 | 7.5 | 6y ago | In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which in turn causes a PLC se… | |||
| CVE-2020-7566 | high | 7.3 | 7.3 | 6y ago | A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured t… | |||
| CVE-2020-7565 | high | 7.3 | 7.3 | 6y ago | A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured … | |||
| CVE-2020-37222 | high | 7.2 | 7.2 | 23d ago | Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoi… | |||
| CVE-2020-37226 | high | 7.1 | 7.1 | 23d ago | Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Att… | |||
| CVE-2020-37224 | high | 7.1 | 7.1 | 23d ago | Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Att… | |||
| CVE-2020-17103 | high | 7.0 | 7.0 | 6y ago | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||
| CVE-2020-28209 | high | 7.0 | 7.0 | 6y ago | A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any… | |||
| CVE-2020-24363 | unknown | — | 2.5 | 9mo ago | TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST … | |||
| CVE-2020-2883 | unknown | — | 2.5 | 1y ago | Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3. | |||
| CVE-2020-0618 | unknown | — | 2.5 | 2y ago | Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. An authenticated attacker can exploit this vulnerability to execute code in t… | |||
| CVE-2020-5741 | unknown | — | 2.5 | 3y ago | Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload featur… | |||
| CVE-2020-3153 | unknown | — | 2.5 | 4y ago | Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary … | |||
| CVE-2020-3433 | unknown | — | 2.5 | 4y ago | Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacke… | |||
| CVE-2020-9934 | unknown | — | 2.5 | 4y ago | Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information. | |||
| CVE-2020-0601 | unknown | — | 2.5 | 4y ago | Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by usin… | |||
| CVE-2020-3837 | unknown | — | 2.5 | 4y ago | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. | |||
| CVE-2020-16846 | unknown | — | 2.5 | 4y ago | SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users runnin… | |||
| CVE-2020-11651 | unknown | — | 2.5 | 4y ago | SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some m… | |||
| CVE-2020-11652 | unknown | — | 2.5 | 4y ago | SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security … | |||
| CVE-2020-7961 | unknown | — | 2.5 | 4y ago | Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services. | |||
| CVE-2020-25223 | unknown | — | 2.5 | 4y ago | A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM. | |||
| CVE-2020-0796 | unknown | — | 2.5 | 4y ago | A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerabili… | |||
| CVE-2020-17530 | unknown | — | 2.5 | 4y ago | Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution. | |||
| CVE-2020-0787 | unknown | — | 2.5 | 4y ago | Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-l… | |||
| CVE-2020-5722 | unknown | — | 2.5 | 4y ago | Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root. | |||
| CVE-2020-14864 | unknown | — | 2.5 | 4y ago | Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file. | |||
| CVE-2020-8816 | unknown | — | 2.5 | 5y ago | Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. | |||
| CVE-2020-5735 | unknown | — | 2.5 | 5y ago | Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the device and possibly execute code. | |||
| CVE-2020-8515 | unknown | — | 2.5 | 5y ago | DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution. | |||
| CVE-2020-0683 | unknown | — | 2.5 | 5y ago | Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or remove files. | |||
| CVE-2020-0688 | unknown | — | 2.5 | 5y ago | Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution. | |||
| CVE-2020-3950 | unknown | — | 2.5 | 5y ago | VMware Fusion, Remote Console (VMRC) for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileg… | |||
| CVE-2020-14871 | unknown | — | 2.5 | 5y ago | Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems. | |||
| CVE-2020-2555 | unknown | — | 2.5 | 5y ago | Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. Impacted Oracle prod… | |||
| CVE-2020-14883 | unknown | — | 2.5 | 5y ago | Oracle WebLogic Server contains an unspecified vulnerability in the Console component with high impacts to confidentilaity, integrity, and availability. | |||
| CVE-2020-3161 | unknown | — | 2.5 | 5y ago | Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service (… | |||
| CVE-2020-8260 | unknown | — | 2.5 | 5y ago | Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction. | |||
| CVE-2020-14882 | unknown | — | 2.5 | 5y ago | Oracle WebLogic Server contains an unspecified vulnerability, which is assessed to allow for remote code execution, based on this vulnerability being related to CVE-2020-14750. |