CVEs from 2020
Total
3,798
critical
critical 206
high
high 563
medium
medium 745
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-28617 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28619 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28613 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28615 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28626 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28618 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28620 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28625 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28624 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28630 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28629 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28628 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-35629 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28631 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-20446 | medium | — | 5.5 | — | FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. | |||
| CVE-2020-26418 | medium | — | 5.5 | — | Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | |||
| CVE-2020-35981 | medium | — | 5.5 | — | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c. | |||
| CVE-2020-36152 | medium | — | 5.5 | — | Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA. | |||
| CVE-2020-29385 | medium | — | 5.5 | — | GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign t… | |||
| CVE-2020-36150 | medium | — | 5.5 | — | Incorrect handling of input data in loudness function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and access to unallocated memory block. | |||
| CVE-2020-36149 | medium | — | 5.5 | — | Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protec… | |||
| CVE-2020-8618 | medium | — | 5.5 | — | An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clie… | |||
| CVE-2020-35635 | medium | — | 5.5 | — | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB r… | |||
| CVE-2020-35634 | medium | — | 5.5 | — | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() s… | |||
| CVE-2020-35633 | medium | — | 5.5 | — | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() s… | |||
| CVE-2020-35631 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28635 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28634 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28633 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28636 | medium | — | 5.5 | — | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->… | |||
| CVE-2020-28607 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28603 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-24027 | medium | — | 5.5 | — | multiple issues in live-media | |||
| CVE-2020-28602 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-21606 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file. | |||
| CVE-2020-25718 | medium | — | 5.5 | — | A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. | |||
| CVE-2020-25722 | medium | — | 5.5 | — | Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. | |||
| CVE-2020-27840 | medium | — | 5.5 | — | A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds me… | |||
| CVE-2020-18972 | medium | — | 5.5 | — | Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'. | |||
| CVE-2020-29511 | medium | — | 5.5 | — | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that be… | |||
| CVE-2020-35965 | medium | — | 5.5 | — | decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. | |||
| CVE-2020-23930 | medium | — | 5.5 | — | An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service. | |||
| CVE-2020-26977 | medium | — | 5.5 | — | By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar displayed the original domain. *Note: This issue only affects F… | |||
| CVE-2020-27748 | medium | — | 5.5 | — | A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderb… | |||
| CVE-2020-22019 | medium | — | 5.5 | — | Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service. | |||
| CVE-2020-23922 | medium | — | 5.5 | — | An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read. | |||
| CVE-2020-22037 | medium | — | 5.5 | — | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c. | |||
| CVE-2020-35738 | medium | — | 5.5 | — | WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" re… | |||
| CVE-2020-29573 | medium | — | 5.5 | — | sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long … | |||
| CVE-2020-21605 | medium | — | 5.5 | — | libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file. | |||
| CVE-2020-26557 | medium | — | 5.5 | — | multiple issues in linux | |||
| CVE-2020-21598 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file. | |||
| CVE-2020-21601 | medium | — | 5.5 | — | libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file. | |||
| CVE-2020-27637 | medium | — | 5.5 | — | The R programming language’s default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability affects packages installed via the R CMD… | |||
| CVE-2020-26421 | medium | — | 5.5 | — | Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | |||
| CVE-2020-27841 | medium | — | 5.5 | — | There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bo… | |||
| CVE-2020-36405 | medium | — | 5.5 | — | arbitrary code execution in keystone | |||
| CVE-2020-12740 | medium | — | 5.5 | — | tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c. | |||
| CVE-2020-20445 | medium | — | 5.5 | — | FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service. | |||
| CVE-2020-35850 | medium | — | 5.5 | — | multiple issues in cockpit | |||
| CVE-2020-21595 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file. | |||
| CVE-2020-26413 | medium | — | 5.5 | — | multiple issues in gitlab | |||
| CVE-2020-26412 | medium | — | 5.5 | — | information disclosure in gitlab | |||
| CVE-2020-25669 | medium | — | 5.5 | — | A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkb… | |||
| CVE-2020-29510 | medium | — | 5.5 | — | The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave … | |||
| CVE-2020-24119 | medium | — | 5.5 | — | A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect. | |||
| CVE-2020-35132 | medium | — | 5.5 | — | An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php. | |||
| CVE-2020-35499 | medium | — | 5.5 | — | A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when usin… | |||
| CVE-2020-20453 | medium | — | 5.5 | — | FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service | |||
| CVE-2020-28086 | medium | — | 5.5 | — | pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the… | |||
| CVE-2020-35766 | medium | — | 5.5 | — | The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c… | |||
| CVE-2020-36226 | medium | — | 5.5 | — | A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. | |||
| CVE-2020-35964 | medium | — | 5.5 | — | track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing. | |||
| CVE-2020-26560 | medium | — | 5.5 | — | multiple issues in linux | |||
| CVE-2020-26556 | medium | — | 5.5 | — | multiple issues in linux | |||
| CVE-2020-10595 | medium | — | 5.5 | — | pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underly… | |||
| CVE-2020-12272 | medium | — | 5.5 | — | OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsin… | |||
| CVE-2020-35630 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-26975 | medium | — | 5.5 | — | When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authori… | |||
| CVE-2020-35980 | medium | — | 5.5 | — | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c. | |||
| CVE-2020-35475 | medium | — | 5.5 | — | In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to ch… | |||
| CVE-2020-15660 | medium | — | 5.5 | — | cross-site request forgery in geckodriver | |||
| CVE-2020-26273 | medium | — | 5.5 | — | arbitrary filesystem access in osquery | |||
| CVE-2020-15954 | medium | — | 5.5 | — | KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use. | |||
| CVE-2020-36151 | medium | — | 5.5 | — | Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block. | |||
| CVE-2020-26407 | medium | — | 5.5 | — | multiple issues in gitlab | |||
| CVE-2020-23931 | medium | — | 5.5 | — | An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. | |||
| CVE-2020-12460 | medium | — | 5.5 | — | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a spe… | |||
| CVE-2020-26409 | medium | — | 5.5 | — | multiple issues in gitlab | |||
| CVE-2020-26417 | medium | — | 5.5 | — | multiple issues in gitlab | |||
| CVE-2020-26408 | medium | — | 5.5 | — | multiple issues in gitlab | |||
| CVE-2020-21599 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file. | |||
| CVE-2020-23932 | medium | — | 5.5 | — | An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service. | |||
| CVE-2020-21603 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file. | |||
| CVE-2020-21596 | medium | — | 5.5 | — | libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file. | |||
| CVE-2020-21594 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file. | |||
| CVE-2020-21604 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file. | |||
| CVE-2020-21602 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file. | |||
| CVE-2020-28598 | medium | — | 5.5 | — | An out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted AMF file can… | |||
| CVE-2020-28594 | medium | — | 5.5 | — | A use-after-free vulnerability exists in the _3MF_Importer::_handle_end_model() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted 3MF file can lead … |