CVEs from 2020
Total
3,795
critical
critical 206
high
high 563
medium
medium 745
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-21597 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file. | |||
| CVE-2020-23109 | medium | — | 5.5 | — | Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a craf… | |||
| CVE-2020-21605 | medium | — | 5.5 | — | libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file. | |||
| CVE-2020-36404 | medium | — | 5.5 | — | arbitrary code execution in keystone | |||
| CVE-2020-29385 | medium | — | 5.5 | — | GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign t… | |||
| CVE-2020-26273 | medium | — | 5.5 | — | arbitrary filesystem access in osquery | |||
| CVE-2020-28623 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-18972 | medium | — | 5.5 | — | Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'. | |||
| CVE-2020-27748 | medium | — | 5.5 | — | A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderb… | |||
| CVE-2020-21606 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file. | |||
| CVE-2020-36230 | medium | — | 5.5 | — | A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. | |||
| CVE-2020-28599 | medium | — | 5.5 | — | A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attack… | |||
| CVE-2020-26559 | medium | — | 5.5 | — | multiple issues in linux | |||
| CVE-2020-35474 | medium | — | 5.5 | — | In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that t… | |||
| CVE-2020-28622 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-12244 | medium | — | 5.5 | — | An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allow… | |||
| CVE-2020-35478 | medium | — | 5.5 | — | MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki … | |||
| CVE-2020-35479 | medium | — | 5.5 | — | MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is alway… | |||
| CVE-2020-10995 | medium | — | 5.5 | — | PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recu… | |||
| CVE-2020-35480 | medium | — | 5.5 | — | An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the vi… | |||
| CVE-2020-21603 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file. | |||
| CVE-2020-36225 | medium | — | 5.5 | — | A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. | |||
| CVE-2020-21599 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file. | |||
| CVE-2020-25722 | medium | — | 5.5 | — | Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. | |||
| CVE-2020-28928 | medium | — | 5.5 | — | In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). | |||
| CVE-2020-26416 | medium | — | 5.5 | — | information disclosure in gitlab | |||
| CVE-2020-26415 | medium | — | 5.5 | — | multiple issues in gitlab | |||
| CVE-2020-36405 | medium | — | 5.5 | — | arbitrary code execution in keystone | |||
| CVE-2020-35850 | medium | — | 5.5 | — | multiple issues in cockpit | |||
| CVE-2020-25594 | medium | — | 5.5 | — | information disclosure in vault | |||
| CVE-2020-36227 | medium | — | 5.5 | — | A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. | |||
| CVE-2020-26412 | medium | — | 5.5 | — | information disclosure in gitlab | |||
| CVE-2020-26142 | medium | — | 5.5 | — | insufficient validation in linux | |||
| CVE-2020-35512 | medium | — | 5.5 | — | A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharin… | |||
| CVE-2020-8618 | medium | — | 5.5 | — | An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clie… | |||
| CVE-2020-26975 | medium | — | 5.5 | — | When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authori… | |||
| CVE-2020-36228 | medium | — | 5.5 | — | An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service. | |||
| CVE-2020-26557 | medium | — | 5.5 | — | multiple issues in linux | |||
| CVE-2020-12912 | medium | — | 5.5 | — | A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks.… | |||
| CVE-2020-36223 | medium | — | 5.5 | — | A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). | |||
| CVE-2020-36224 | medium | — | 5.5 | — | A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. | |||
| CVE-2020-36221 | medium | — | 5.5 | — | An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssu… | |||
| CVE-2020-26560 | medium | — | 5.5 | — | multiple issues in linux | |||
| CVE-2020-26682 | medium | — | 5.5 | — | In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow. | |||
| CVE-2020-29511 | medium | — | 5.5 | — | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that be… | |||
| CVE-2020-35965 | medium | — | 5.5 | — | decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. | |||
| CVE-2020-25669 | medium | — | 5.5 | — | A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkb… | |||
| CVE-2020-29573 | medium | — | 5.5 | — | sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long … | |||
| CVE-2020-26418 | medium | — | 5.5 | — | Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | |||
| CVE-2020-15954 | medium | — | 5.5 | — | KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use. | |||
| CVE-2020-35979 | medium | — | 5.5 | — | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c. | |||
| CVE-2020-36152 | medium | — | 5.5 | — | Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA. | |||
| CVE-2020-36148 | medium | — | 5.5 | — | Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protec… | |||
| CVE-2020-36401 | medium | — | 5.5 | — | mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free). | |||
| CVE-2020-36150 | medium | — | 5.5 | — | Incorrect handling of input data in loudness function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and access to unallocated memory block. | |||
| CVE-2020-27815 | medium | — | 5.5 | — | A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating … | |||
| CVE-2020-10595 | medium | — | 5.5 | — | pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underly… | |||
| CVE-2020-36149 | medium | — | 5.5 | — | Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protec… | |||
| CVE-2020-28635 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-24119 | medium | — | 5.5 | — | A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect. | |||
| CVE-2020-27637 | medium | — | 5.5 | — | The R programming language’s default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability affects packages installed via the R CMD… | |||
| CVE-2020-15660 | medium | — | 5.5 | — | cross-site request forgery in geckodriver | |||
| CVE-2020-36151 | medium | — | 5.5 | — | Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block. | |||
| CVE-2020-7046 | medium | — | 5.5 | — | lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login in… | |||
| CVE-2020-28634 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-23931 | medium | — | 5.5 | — | An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. | |||
| CVE-2020-22019 | medium | — | 5.5 | — | Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service. | |||
| CVE-2020-26407 | medium | — | 5.5 | — | multiple issues in gitlab | |||
| CVE-2020-26797 | medium | — | 5.5 | — | Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping. | |||
| CVE-2020-26409 | medium | — | 5.5 | — | multiple issues in gitlab | |||
| CVE-2020-26417 | medium | — | 5.5 | — | multiple issues in gitlab | |||
| CVE-2020-26408 | medium | — | 5.5 | — | multiple issues in gitlab | |||
| CVE-2020-13938 | medium | — | 5.5 | — | Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows | |||
| CVE-2020-0499 | medium | — | 5.5 | — | In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional exe… | |||
| CVE-2020-8694 | medium | — | 5.5 | — | Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||
| CVE-2020-23932 | medium | — | 5.5 | — | An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service. | |||
| CVE-2020-26422 | medium | — | 5.5 | — | Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file | |||
| CVE-2020-6097 | medium | — | 5.5 | — | An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() ca… | |||
| CVE-2020-28407 | medium | — | 5.5 | — | In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall. | |||
| CVE-2020-20453 | medium | — | 5.5 | — | FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service | |||
| CVE-2020-28086 | medium | — | 5.5 | — | pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the… | |||
| CVE-2020-26556 | medium | — | 5.5 | — | multiple issues in linux | |||
| CVE-2020-22015 | medium | — | 5.5 | — | Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Deni… | |||
| CVE-2020-35766 | medium | — | 5.5 | — | The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c… | |||
| CVE-2020-22021 | medium | — | 5.5 | — | Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service. | |||
| CVE-2020-21600 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file. | |||
| CVE-2020-28633 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-13902 | medium | — | 5.5 | — | ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding. | |||
| CVE-2020-28636 | medium | — | 5.5 | — | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->… | |||
| CVE-2020-28627 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-35605 | medium | — | 5.5 | — | The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error messa… | |||
| CVE-2020-23928 | medium | — | 5.5 | — | An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. | |||
| CVE-2020-35964 | medium | — | 5.5 | — | track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing. | |||
| CVE-2020-12740 | medium | — | 5.5 | — | tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c. | |||
| CVE-2020-27840 | medium | — | 5.5 | — | A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds me… | |||
| CVE-2020-20445 | medium | — | 5.5 | — | FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service. | |||
| CVE-2020-26664 | medium | — | 5.5 | — | arbitrary code execution in vlc | |||
| CVE-2020-23922 | medium | — | 5.5 | — | An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read. | |||
| CVE-2020-25718 | medium | — | 5.5 | — | A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. | |||
| CVE-2020-11810 | medium | — | 5.5 | — | An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arri… |