CVEs from 2020
Total
3,798
critical
critical 206
high
high 563
medium
medium 745
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-12912 | medium | — | 5.5 | — | A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks.… | |||
| CVE-2020-29074 | medium | — | 5.5 | — | scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user. | |||
| CVE-2020-27840 | medium | — | 5.5 | — | A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds me… | |||
| CVE-2020-26407 | medium | — | 5.5 | — | multiple issues in gitlab | |||
| CVE-2020-23931 | medium | — | 5.5 | — | An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. | |||
| CVE-2020-36401 | medium | — | 5.5 | — | mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free). | |||
| CVE-2020-35979 | medium | — | 5.5 | — | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c. | |||
| CVE-2020-22033 | medium | — | 5.5 | — | A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service. | |||
| CVE-2020-35474 | medium | — | 5.5 | — | In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that t… | |||
| CVE-2020-35628 | medium | — | 5.5 | — | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->… | |||
| CVE-2020-35982 | medium | — | 5.5 | — | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c. | |||
| CVE-2020-12460 | medium | — | 5.5 | — | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a spe… | |||
| CVE-2020-36230 | medium | — | 5.5 | — | A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. | |||
| CVE-2020-28632 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-16120 | medium | — | 5.5 | — | Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were al… | |||
| CVE-2020-22019 | medium | — | 5.5 | — | Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service. | |||
| CVE-2020-29573 | medium | — | 5.5 | — | sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long … | |||
| CVE-2020-26557 | medium | — | 5.5 | — | multiple issues in linux | |||
| CVE-2020-26797 | medium | — | 5.5 | — | Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping. | |||
| CVE-2020-18971 | medium | — | 5.5 | — | Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'. | |||
| CVE-2020-29510 | medium | — | 5.5 | — | The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave … | |||
| CVE-2020-27171 | medium | — | 5.5 | — | An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic… | |||
| CVE-2020-28595 | medium | — | 5.5 | — | An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code ex… | |||
| CVE-2020-24119 | medium | — | 5.5 | — | A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect. | |||
| CVE-2020-35132 | medium | — | 5.5 | — | An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php. | |||
| CVE-2020-36221 | medium | — | 5.5 | — | An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssu… | |||
| CVE-2020-28631 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-26682 | medium | — | 5.5 | — | In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow. | |||
| CVE-2020-6097 | medium | — | 5.5 | — | An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() ca… | |||
| CVE-2020-28407 | medium | — | 5.5 | — | In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall. | |||
| CVE-2020-26420 | medium | — | 5.5 | — | Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | |||
| CVE-2020-35629 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28628 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-36222 | medium | — | 5.5 | — | A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. | |||
| CVE-2020-15078 | medium | — | 5.5 | — | OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentia… | |||
| CVE-2020-11810 | medium | — | 5.5 | — | An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arri… | |||
| CVE-2020-35498 | medium | — | 5.5 | — | A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow i… | |||
| CVE-2020-28629 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-22015 | medium | — | 5.5 | — | Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Deni… | |||
| CVE-2020-28630 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28624 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28625 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28620 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28618 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28626 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28615 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-35766 | medium | — | 5.5 | — | The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c… | |||
| CVE-2020-28613 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28619 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-21595 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file. | |||
| CVE-2020-28617 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28614 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28608 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28606 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28609 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-21596 | medium | — | 5.5 | — | libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file. | |||
| CVE-2020-21594 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file. | |||
| CVE-2020-21604 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file. | |||
| CVE-2020-21602 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file. | |||
| CVE-2020-28604 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-35499 | medium | — | 5.5 | — | A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when usin… | |||
| CVE-2020-21600 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file. | |||
| CVE-2020-18771 | medium | — | 5.5 | — | Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak. | |||
| CVE-2020-35630 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-25594 | medium | — | 5.5 | — | information disclosure in vault | |||
| CVE-2020-28596 | medium | — | 5.5 | — | A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead … | |||
| CVE-2020-28928 | medium | — | 5.5 | — | In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). | |||
| CVE-2020-28627 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28636 | medium | — | 5.5 | — | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->… | |||
| CVE-2020-28633 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28634 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-28635 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-35631 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-35633 | medium | — | 5.5 | — | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() s… | |||
| CVE-2020-35634 | medium | — | 5.5 | — | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() s… | |||
| CVE-2020-25721 | medium | — | 5.5 | — | Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued ticket… | |||
| CVE-2020-21598 | medium | — | 5.5 | — | libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file. | |||
| CVE-2020-28623 | medium | — | 5.5 | — | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu… | |||
| CVE-2020-20446 | medium | — | 5.5 | — | FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. | |||
| CVE-2020-27830 | medium | — | 5.5 | — | A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr d… | |||
| CVE-2020-8694 | medium | — | 5.5 | — | Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||
| CVE-2020-26664 | medium | — | 5.5 | — | arbitrary code execution in vlc | |||
| CVE-2020-23109 | medium | — | 5.5 | — | Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a craf… | |||
| CVE-2020-26415 | medium | — | 5.5 | — | multiple issues in gitlab | |||
| CVE-2020-26416 | medium | — | 5.5 | — | information disclosure in gitlab | |||
| CVE-2020-7046 | medium | — | 5.5 | — | lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login in… | |||
| CVE-2020-28200 | medium | — | 5.5 | — | The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension. | |||
| CVE-2020-35738 | medium | — | 5.5 | — | WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" re… | |||
| CVE-2020-21601 | medium | — | 5.5 | — | libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file. | |||
| CVE-2020-35964 | medium | — | 5.5 | — | track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing. | |||
| CVE-2020-37174 | medium | 5.5 | 5.5 | 24d ago | WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design … | |||
| CVE-2020-37169 | medium | 5.5 | 5.5 | 24d ago | WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-u… | |||
| CVE-2020-36855 | medium | 5.5 | 5.5 | 8mo ago | A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stac… | |||
| CVE-2020-16156 | medium | — | 5.5 | 1y ago | RHSA-2025:8432: perl-CPAN security update (Moderate) | |||
| CVE-2020-13790 | medium | — | 5.5 | 1y ago | RHSA-2025:7540: libjpeg-turbo security update (Moderate) | |||
| CVE-2020-27792 | medium | — | 5.5 | 1y ago | RHSA-2025:4362: ghostscript security update (Moderate) | |||
| CVE-2020-10135 | medium | — | 5.5 | 2y ago | RHSA-2024:9315: kernel security update (Moderate) | |||
| CVE-2020-27827 | medium | — | 5.5 | 2y ago | Moderate: lldpd security update | |||
| CVE-2020-26154 | medium | — | 5.5 | 2y ago | RHEA-2024:8852: libproxy bug fix and enhancement update (Moderate) | |||
| CVE-2020-25219 | medium | — | 5.5 | 2y ago | RHEA-2024:8852: libproxy bug fix and enhancement update (Moderate) |