CVEs from 2020
Total
3,799
critical
critical 206
high
high 563
medium
medium 745
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-18773 | low | — | 2.5 | — | An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. | |||
| CVE-2020-35450 | low | — | 2.5 | — | Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls. | |||
| CVE-2020-21710 | low | — | 2.5 | 2y ago | RHSA-2024:2966: ghostscript security update (Low) | |||
| CVE-2020-23903 | low | — | 2.5 | 4y ago | Low: speex security update | |||
| CVE-2020-13950 | low | — | 2.5 | 4y ago | Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, le… | |||
| CVE-2020-22083 | low | — | 2.5 | 4y ago | ** DISPUTED ** jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. Note: It has been argued that this is expected and cl… | |||
| CVE-2020-17489 | low | — | 2.5 | 4y ago | RHSA-2022:1814: gnome-shell security and bug fix update (Low) | |||
| CVE-2020-24370 | low | — | 2.5 | 5y ago | RHSA-2021:4510: lua security update (Low) | |||
| CVE-2020-16135 | low | — | 2.5 | 5y ago | RHSA-2021:4387: libssh security update (Low) | |||
| CVE-2020-14155 | low | — | 2.5 | 5y ago | RHSA-2021:4373: pcre security update (Low) | |||
| CVE-2020-18442 | low | — | 2.5 | 5y ago | RHSA-2021:4316: zziplib security update (Low) | |||
| CVE-2020-8037 | low | — | 2.5 | 5y ago | RHSA-2021:4236: tcpdump security and bug fix update (Low) | |||
| CVE-2020-36314 | low | — | 2.5 | 5y ago | RHSA-2021:4179: file-roller security update (Low) | |||
| CVE-2020-13987 | low | — | 2.5 | 5y ago | RHBA-2021:4446: iscsi-initiator-utils bug fix and enhancement update (Low) | |||
| CVE-2020-16117 | low | — | 2.5 | 5y ago | RHSA-2021:1752: evolution security, bug fix, and enhancement update (Low) | |||
| CVE-2020-36318 | low | — | 2.5 | 5y ago | In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or doub… | |||
| CVE-2020-36317 | low | — | 2.5 | 5y ago | In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could res… | |||
| CVE-2020-29651 | low | — | 2.5 | 5y ago | A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying … | |||
| CVE-2020-3898 | low | — | 2.5 | 6y ago | RHSA-2020:4469: cups security and bug fix update (Low) | |||
| CVE-2020-11736 | low | — | 2.5 | 6y ago | RHSA-2021:4179: file-roller security update (Low) | |||
| CVE-2020-14928 | low | — | 2.5 | 6y ago | RHSA-2020:4649: evolution security and bug fix update (Low) | |||
| CVE-2020-12802 | low | — | 2.5 | 6y ago | LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who w… | |||
| CVE-2020-12803 | low | — | 2.5 | 6y ago | ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable f… | |||
| CVE-2020-10759 | low | — | 2.5 | 6y ago | A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practi… | |||
| CVE-2020-11078 | low | — | 2.5 | 6y ago | RHSA-2020:4605: resource-agents security and bug fix update (Low) | |||
| CVE-2020-11054 | low | — | 2.5 | 6y ago | In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (col… | |||
| CVE-2020-15719 | low | — | 2.5 | 7y ago | RHBA-2019:3674: openldap bug fix and enhancement update (Low) | |||
| CVE-2020-8562 | low | 2.2 | 2.2 | 4y ago | As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Servi… |