CVEs from 2020
Total
3,797
critical
critical 206
high
high 563
medium
medium 745
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-1967 | high | — | 8.0 | 6y ago | Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signat… | |||
| CVE-2020-2778 | high | — | 8.0 | 6y ago | RHSA-2020:1514: java-11-openjdk security update (Important) | |||
| CVE-2020-2767 | high | — | 8.0 | 6y ago | RHSA-2020:1514: java-11-openjdk security update (Important) | |||
| CVE-2020-5260 | high | — | 8.0 | 6y ago | RHSA-2020:1513: git security update (Important) | |||
| CVE-2020-2816 | high | — | 8.0 | 6y ago | RHSA-2020:1514: java-11-openjdk security update (Important) | |||
| CVE-2020-2755 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2830 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2805 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2803 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2800 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2781 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2757 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2756 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2754 | high | — | 8.0 | 6y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-6822 | high | — | 8.0 | 6y ago | On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is possible that with enough effort this could have been explo… | |||
| CVE-2020-7039 | high | — | 8.0 | 6y ago | tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds a… | |||
| CVE-2020-1711 | high | — | 8.0 | 6y ago | An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a… | |||
| CVE-2020-8608 | high | — | 8.0 | 6y ago | In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. | |||
| CVE-2020-10188 | high | — | 8.0 | 6y ago | RHSA-2020:1318: telnet security update (Important) | |||
| CVE-2020-7598 | high | — | 8.0 | 6y ago | RHSA-2020:2852: nodejs:12 security update (Important) | |||
| CVE-2020-5313 | high | — | 8.0 | 6y ago | RHSA-2020:3185: python-pillow security update (Important) | |||
| CVE-2020-5208 | high | — | 8.0 | 6y ago | RHSA-2020:0981: ipmitool security update (Important) | |||
| CVE-2020-10531 | high | — | 8.0 | 6y ago | RHSA-2020:1317: nodejs:10 security update (Important) | |||
| CVE-2020-8597 | high | — | 8.0 | 6y ago | eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. | |||
| CVE-2020-8112 | high | — | 8.0 | 6y ago | RHSA-2020:0570: openjpeg2 security update (Important) | |||
| CVE-2020-1712 | high | — | 8.0 | 6y ago | A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse… | |||
| CVE-2020-6851 | high | — | 8.0 | 6y ago | RHSA-2020:0274: openjpeg2 security update (Important) | |||
| CVE-2020-2659 | high | — | 8.0 | 7y ago | RHSA-2020:0465: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2583 | high | — | 8.0 | 7y ago | RHSA-2020:0465: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2601 | high | — | 8.0 | 7y ago | RHSA-2020:3386: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2590 | high | — | 8.0 | 7y ago | RHSA-2020:3386: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2655 | high | — | 8.0 | 7y ago | RHSA-2020:0128: java-11-openjdk security update (Important) | |||
| CVE-2020-2593 | high | — | 8.0 | 7y ago | RHSA-2020:0465: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2604 | high | — | 8.0 | 7y ago | RHSA-2020:0465: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-2654 | high | — | 8.0 | 7y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2020-10720 | high | — | 8.0 | 7y ago | A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system. | |||
| CVE-2020-37247 | high | 7.8 | 7.8 | 21d ago | Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers … | |||
| CVE-2020-37232 | high | 7.8 | 7.8 | 21d ago | Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Atta… | |||
| CVE-2020-37231 | high | 7.8 | 7.8 | 21d ago | Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Atta… | |||
| CVE-2020-37230 | high | 7.8 | 7.8 | 21d ago | Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path… | |||
| CVE-2020-37229 | high | 7.8 | 7.8 | 21d ago | OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unqu… | |||
| CVE-2020-37223 | high | 7.8 | 7.8 | 24d ago | IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a maliciou… | |||
| CVE-2020-17091 | high | 7.8 | 7.8 | 6y ago | Microsoft Teams Remote Code Execution Vulnerability | |||
| CVE-2020-17003 | high | 7.8 | 7.8 | 6y ago | <p>A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.</p> <p>An attacker who successfully exploited the vulnerability would gain execution on a v… | |||
| CVE-2020-16918 | high | 7.8 | 7.8 | 6y ago | <p>A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.</p> <p>An attacker who successfully exploited the vulnerability would gain execution on a v… | |||
| CVE-2020-11725 | high | 7.8 | 7.8 | 6y ago | snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effe… | |||
| CVE-2020-10648 | high | 7.8 | 7.8 | 6y ago | Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default con… | |||
| CVE-2020-37245 | high | 7.5 | 7.5 | 21d ago | Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequ… | |||
| CVE-2020-37220 | high | 7.5 | 7.5 | 24d ago | Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can quer… | |||
| CVE-2020-37219 | high | 7.5 | 7.5 | 24d ago | Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET reques… | |||
| CVE-2020-37130 | high | 7.5 | 7.5 | 4mo ago | Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 byte… | |||
| CVE-2020-37015 | high | 7.5 | 7.5 | 4mo ago | The Ruijie Networks Switch eWeb S29_RGOS version 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file p… | |||
| CVE-2020-37011 | high | 7.5 | 7.5 | 4mo ago | Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially cr… | |||
| CVE-2020-25720 | high | 7.5 | 7.5 | 2y ago | A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-se… | |||
| CVE-2020-27279 | high | 7.5 | 7.5 | 6y ago | A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build version… | |||
| CVE-2020-15783 | high | 7.5 | 7.5 | 6y ago | A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Se… | |||
| CVE-2020-16927 | high | 7.5 | 7.5 | 6y ago | <p>A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfull… | |||
| CVE-2020-7488 | high | 7.5 | 7.5 | 6y ago | A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 cont… | |||
| CVE-2020-7477 | high | 7.5 | 7.5 | 6y ago | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethern… | |||
| CVE-2020-6988 | high | 7.5 | 7.5 | 6y ago | Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthe… | |||
| CVE-2020-6984 | high | 7.5 | 7.5 | 6y ago | Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic… | |||
| CVE-2020-6986 | high | 7.5 | 7.5 | 6y ago | In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which in turn causes a PLC se… | |||
| CVE-2020-7566 | high | 7.3 | 7.3 | 6y ago | A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured t… | |||
| CVE-2020-7565 | high | 7.3 | 7.3 | 6y ago | A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured … | |||
| CVE-2020-37222 | high | 7.2 | 7.2 | 24d ago | Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoi… | |||
| CVE-2020-37226 | high | 7.1 | 7.1 | 24d ago | Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Att… | |||
| CVE-2020-37224 | high | 7.1 | 7.1 | 24d ago | Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Att… | |||
| CVE-2020-17103 | high | 7.0 | 7.0 | 6y ago | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||
| CVE-2020-28209 | high | 7.0 | 7.0 | 6y ago | A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any… | |||
| CVE-2020-24363 | unknown | — | 2.5 | 9mo ago | TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST … | |||
| CVE-2020-2883 | unknown | — | 2.5 | 1y ago | Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3. | |||
| CVE-2020-0618 | unknown | — | 2.5 | 2y ago | Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. An authenticated attacker can exploit this vulnerability to execute code in t… | |||
| CVE-2020-5741 | unknown | — | 2.5 | 3y ago | Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload featur… | |||
| CVE-2020-3153 | unknown | — | 2.5 | 4y ago | Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary … | |||
| CVE-2020-3433 | unknown | — | 2.5 | 4y ago | Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacke… | |||
| CVE-2020-9934 | unknown | — | 2.5 | 4y ago | Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information. | |||
| CVE-2020-0601 | unknown | — | 2.5 | 4y ago | Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by usin… | |||
| CVE-2020-3837 | unknown | — | 2.5 | 4y ago | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. | |||
| CVE-2020-16846 | unknown | — | 2.5 | 4y ago | SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users runnin… | |||
| CVE-2020-11651 | unknown | — | 2.5 | 4y ago | SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some m… | |||
| CVE-2020-11652 | unknown | — | 2.5 | 4y ago | SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security … | |||
| CVE-2020-7961 | unknown | — | 2.5 | 4y ago | Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services. | |||
| CVE-2020-25223 | unknown | — | 2.5 | 4y ago | A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM. | |||
| CVE-2020-0796 | unknown | — | 2.5 | 4y ago | A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerabili… | |||
| CVE-2020-17530 | unknown | — | 2.5 | 4y ago | Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution. | |||
| CVE-2020-5722 | unknown | — | 2.5 | 4y ago | Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root. | |||
| CVE-2020-0787 | unknown | — | 2.5 | 4y ago | Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-l… | |||
| CVE-2020-14864 | unknown | — | 2.5 | 4y ago | Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file. | |||
| CVE-2020-8816 | unknown | — | 2.5 | 5y ago | Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. | |||
| CVE-2020-17496 | unknown | — | 2.5 | 5y ago | The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. Thi… | |||
| CVE-2020-4427 | unknown | — | 2.5 | 5y ago | IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially craf… | |||
| CVE-2020-11738 | unknown | — | 2.5 | 5y ago | WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the generated files from their… | |||
| CVE-2020-15505 | unknown | — | 2.5 | 5y ago | Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution. | |||
| CVE-2020-0683 | unknown | — | 2.5 | 5y ago | Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or remove files. | |||
| CVE-2020-14883 | unknown | — | 2.5 | 5y ago | Oracle WebLogic Server contains an unspecified vulnerability in the Console component with high impacts to confidentilaity, integrity, and availability. | |||
| CVE-2020-2555 | unknown | — | 2.5 | 5y ago | Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. Impacted Oracle prod… | |||
| CVE-2020-14871 | unknown | — | 2.5 | 5y ago | Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems. | |||
| CVE-2020-0646 | unknown | — | 2.5 | 5y ago | Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution. | |||
| CVE-2020-1054 | unknown | — | 2.5 | 5y ago | Microsoft Win32k contains a privilege escalation vulnerability when the Windows kernel-mode driver fails to properly handle objects in memory. Successful exploitation allows an attacker to execute co… | |||
| CVE-2020-8644 | unknown | — | 2.5 | 5y ago | PlaySMS contains a server-side template injection vulnerability that allows for remote code execution. |