CVEs from 2020
Total
3,802
critical
critical 206
high
high 563
medium
medium 743
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-14058 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13962 | medium | — | 5.5 | 6y ago | RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate) | |||
| CVE-2020-0570 | medium | — | 5.5 | 6y ago | RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate) | |||
| CVE-2020-0569 | medium | — | 5.5 | 6y ago | RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate) | |||
| CVE-2020-12052 | medium | — | 5.5 | 6y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14339 | medium | — | 5.5 | 6y ago | RHSA-2020:4676: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14301 | medium | — | 5.5 | 6y ago | RHSA-2020:4676: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-10703 | medium | — | 5.5 | 6y ago | RHSA-2020:4676: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1722 | medium | — | 5.5 | 6y ago | RHSA-2020:4670: idm:DL1 and idm:client security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11047 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11048 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11045 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11046 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11043 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11044 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11085 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11049 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11058 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11522 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11086 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11526 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11525 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11088 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13396 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11087 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-13397 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11089 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11018 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11019 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11038 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11039 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11040 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11041 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-11042 | medium | — | 5.5 | 6y ago | RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-8492 | medium | — | 5.5 | 6y ago | RHSA-2020:4641: python38:3.8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14422 | medium | — | 5.5 | 6y ago | RHSA-2020:4641: python38:3.8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-12831 | medium | — | 5.5 | 6y ago | An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissi… | |||
| CVE-2020-3868 | medium | — | 5.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for… | |||
| CVE-2020-9806 | medium | — | 5.5 | 6y ago | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud … | |||
| CVE-2020-3865 | medium | — | 5.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for… | |||
| CVE-2020-3897 | medium | — | 5.5 | 6y ago | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Window… | |||
| CVE-2020-3902 | medium | — | 5.5 | 6y ago | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3,… | |||
| CVE-2020-9802 | medium | — | 5.5 | 6y ago | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2… | |||
| CVE-2020-3894 | medium | — | 5.5 | 6y ago | A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for W… | |||
| CVE-2020-3895 | medium | — | 5.5 | 6y ago | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Win… | |||
| CVE-2020-3900 | medium | — | 5.5 | 6y ago | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Win… | |||
| CVE-2020-3901 | medium | — | 5.5 | 6y ago | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Window… | |||
| CVE-2020-3899 | medium | — | 5.5 | 6y ago | A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Wi… | |||
| CVE-2020-9925 | medium | — | 5.5 | 6y ago | A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows … | |||
| CVE-2020-9803 | medium | — | 5.5 | 6y ago | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Wi… | |||
| CVE-2020-9807 | medium | — | 5.5 | 6y ago | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud … | |||
| CVE-2020-9805 | medium | — | 5.5 | 6y ago | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2… | |||
| CVE-2020-9843 | medium | — | 5.5 | 6y ago | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud … | |||
| CVE-2020-11793 | medium | — | 5.5 | 6y ago | A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memo… | |||
| CVE-2020-10018 | medium | — | 5.5 | 6y ago | WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This… | |||
| CVE-2020-3862 | medium | — | 5.5 | 6y ago | A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows … | |||
| CVE-2020-3864 | medium | — | 5.5 | 6y ago | A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and… | |||
| CVE-2020-3867 | medium | — | 5.5 | 6y ago | A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iClou… | |||
| CVE-2020-9862 | medium | — | 5.5 | 6y ago | A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes… | |||
| CVE-2020-9894 | medium | — | 5.5 | 6y ago | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for … | |||
| CVE-2020-9893 | medium | — | 5.5 | 6y ago | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud fo… | |||
| CVE-2020-9895 | medium | — | 5.5 | 6y ago | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud fo… | |||
| CVE-2020-9915 | medium | — | 5.5 | 6y ago | An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.… | |||
| CVE-2020-9952 | medium | — | 5.5 | 6y ago | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windo… | |||
| CVE-2020-3885 | medium | — | 5.5 | 6y ago | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Wind… | |||
| CVE-2020-14391 | medium | — | 5.5 | 6y ago | RHSA-2020:4451: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-15503 | medium | — | 5.5 | 6y ago | RHSA-2020:4451: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-12826 | medium | — | 5.5 | 6y ago | A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a… | |||
| CVE-2020-0305 | medium | — | 5.5 | 6y ago | In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no… | |||
| CVE-2020-12655 | medium | — | 5.5 | 6y ago | An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata… | |||
| CVE-2020-8649 | medium | — | 5.5 | 6y ago | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. | |||
| CVE-2020-8647 | medium | — | 5.5 | 6y ago | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. | |||
| CVE-2020-12659 | medium | — | 5.5 | 6y ago | An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom val… | |||
| CVE-2020-12770 | medium | — | 5.5 | 6y ago | An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. | |||
| CVE-2020-25641 | medium | — | 5.5 | 6y ago | A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loo… | |||
| CVE-2020-10732 | medium | — | 5.5 | 6y ago | A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. | |||
| CVE-2020-0444 | medium | — | 5.5 | 6y ago | In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution priv… | |||
| CVE-2020-11565 | medium | — | 5.5 | 6y ago | An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, … | |||
| CVE-2020-10773 | medium | — | 5.5 | 6y ago | A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local us… | |||
| CVE-2020-8648 | medium | — | 5.5 | 6y ago | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. | |||
| CVE-2020-14381 | medium | — | 5.5 | 6y ago | A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is abou… | |||
| CVE-2020-12465 | medium | — | 5.5 | 6y ago | An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragmen… | |||
| CVE-2020-10751 | medium | — | 5.5 | 6y ago | A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrec… | |||
| CVE-2020-11668 | medium | — | 5.5 | 6y ago | In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. | |||
| CVE-2020-10774 | medium | — | 5.5 | 6y ago | A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysctl subsystem when reading the /proc/sys/kernel/rh_features file. This flaw allows a local user to re… | |||
| CVE-2020-10942 | medium | — | 5.5 | 6y ago | In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. | |||
| CVE-2020-25659 | medium | — | 5.5 | 6y ago | RHSA-2021:1608: python-cryptography security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-14779 | medium | — | 5.5 | 6y ago | RHSA-2021:0530: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2020-14796 | medium | — | 5.5 | 6y ago | RHSA-2021:0530: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2020-14797 | medium | — | 5.5 | 6y ago | RHSA-2021:0530: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2020-14792 | medium | — | 5.5 | 6y ago | RHSA-2020:4347: java-1.8.0-openjdk security update (Moderate) | |||
| CVE-2020-8201 | medium | — | 5.5 | 6y ago | RHSA-2020:4272: nodejs:12 security and bug fix update (Moderate) | |||
| CVE-2020-8252 | medium | — | 5.5 | 6y ago | The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is lon… | |||
| CVE-2020-10756 | medium | — | 5.5 | 6y ago | An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo reques… | |||
| CVE-2020-25613 | medium | — | 5.5 | 6y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-1945 | medium | — | 5.5 | 6y ago | Sensitive Data Exposure in Apache Ant | |||
| CVE-2020-2922 | medium | — | 5.5 | 6y ago | RHSA-2020:5503: mariadb-connector-c security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-2752 | medium | — | 5.5 | 6y ago | RHSA-2020:5503: mariadb-connector-c security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-2574 | medium | — | 5.5 | 6y ago | RHSA-2020:5503: mariadb-connector-c security, bug fix, and enhancement update (Moderate) | |||
| CVE-2020-7065 | medium | — | 5.5 | 6y ago | RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate) |