VIR Vulnerability Intelligence Relay

CVEs from 2020

4,160 normalized CVEs published or assigned in this year.

Total
4,160
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%

Top vendors

Top products

  • banking_digital_experience 30
  • retail_xstore_point_of_service 28
  • primavera_unifier 27
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 10
  • communications_network_charging_and_control 10
  • communications_contacts_server 9
  • agile_plm 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-8616 high 8.0 A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause … debianarchsuse
CVE-2020-6481 high 8.0 multiple issues in chromium archdebian
CVE-2020-25683 high 8.0 A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who… archsusedebian
CVE-2020-6462 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6445 high 8.0 multiple issues in chromium archdebian
CVE-2020-6465 high 8.0 multiple issues in chromium archdebian
CVE-2020-14303 high 8.0 A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. archsusedebian
CVE-2020-6493 high 8.0 multiple issues in chromium archdebian
CVE-2020-8169 high 8.0 curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). archdebiansuse
CVE-2020-25681 high 8.0 A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge… archsusedebian
CVE-2020-23171 high 8.0 multiple issues in nim arch
CVE-2020-25686 high 8.0 A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of … archdebiansuse
CVE-2020-6475 high 8.0 multiple issues in chromium archdebian
CVE-2020-8696 high 8.0 Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. archsusedebianrockylinux
CVE-2020-0549 high 8.0 Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. archsuserockylinuxdebian
CVE-2020-4031 high 8.0 In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2. archsusedebian
CVE-2020-6477 high 8.0 multiple issues in chromium archdebian
CVE-2020-6509 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-15655 high 8.0 A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affe… archsusedebian
CVE-2020-16034 high 8.0 multiple issues in chromium archdebian
CVE-2020-16023 high 8.0 multiple issues in chromium archdebian
CVE-2020-6482 high 8.0 multiple issues in chromium archdebian
CVE-2020-6472 high 8.0 multiple issues in chromium archdebian
CVE-2020-6491 high 8.0 multiple issues in chromium archdebian
CVE-2020-15658 high 8.0 The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file typ… archsusedebian
CVE-2020-15810 high 8.0 An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poi… suserockylinuxdebian
CVE-2020-6489 high 8.0 multiple issues in chromium archdebian
CVE-2020-15965 high 8.0 multiple issues in chromium archdebian
CVE-2020-6485 high 8.0 multiple issues in chromium archdebian
CVE-2020-6470 high 8.0 multiple issues in chromium archdebian
CVE-2020-13904 high 8.0 FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_inp… archsusedebian
CVE-2020-6487 high 8.0 multiple issues in chromium archdebian
CVE-2020-6471 high 8.0 multiple issues in chromium archdebian
CVE-2020-15653 high 8.0 An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed po… archsusedebian
CVE-2020-28018 high 8.0 Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL. archdebian
CVE-2020-6447 high 8.0 multiple issues in chromium archdebian
CVE-2020-28023 high 8.0 Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client. archdebian
CVE-2020-8835 high 8.0 In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel … archsusedebian
CVE-2020-15674 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archsusedebian
CVE-2020-28014 high 8.0 Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten. archdebian
CVE-2020-6575 high 8.0 multiple issues in chromium archdebian
CVE-2020-28017 high 8.0 Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of res… archdebian
CVE-2020-35176 high 8.0 In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf fo… debianarch
CVE-2020-6574 high 8.0 multiple issues in chromium archdebian
CVE-2020-5260 high 8.0 Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store … archsusedebian
CVE-2020-10760 high 8.0 A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba. archsusedebian
CVE-2020-6490 high 8.0 multiple issues in chromium archdebian
CVE-2020-15966 high 8.0 multiple issues in chromium archdebian
CVE-2020-6459 high 8.0 multiple issues in chromium archdebian
CVE-2020-16020 high 8.0 multiple issues in chromium archdebian
CVE-2020-6460 high 8.0 multiple issues in chromium archdebian
CVE-2020-15961 high 8.0 multiple issues in chromium archdebian
CVE-2020-15677 high 8.0 By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open red… archsusedebian
CVE-2020-6442 high 8.0 multiple issues in chromium archdebian
CVE-2020-6438 high 8.0 multiple issues in chromium archdebian
CVE-2020-6436 high 8.0 multiple issues in chromium archdebian
CVE-2020-6425 high 8.0 multiple issues in chromium archdebian
CVE-2020-6435 high 8.0 multiple issues in chromium archdebian
CVE-2020-6433 high 8.0 multiple issues in chromium archdebian
CVE-2020-6432 high 8.0 multiple issues in chromium archdebian
CVE-2020-6431 high 8.0 multiple issues in chromium archdebian
CVE-2020-6430 high 8.0 multiple issues in chromium archdebian
CVE-2020-6452 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6428 high 8.0 multiple issues in chromium archdebian
CVE-2020-16024 high 8.0 multiple issues in chromium archdebian
CVE-2020-6439 high 8.0 multiple issues in chromium archdebian
CVE-2020-6424 high 8.0 multiple issues in chromium archdebian
CVE-2020-6427 high 8.0 multiple issues in chromium archdebian
CVE-2020-6449 high 8.0 multiple issues in chromium archdebian
CVE-2020-10957 high 8.0 In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. archsusedebian
CVE-2020-6422 high 8.0 multiple issues in chromium archdebian
CVE-2020-15685 high 8.0 During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7. archsusedebian
CVE-2020-6429 high 8.0 multiple issues in chromium archdebian
CVE-2020-12408 high 8.0 When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77. archsusedebian
CVE-2020-28007 high 8.0 Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting crit… archdebian
CVE-2020-6494 high 8.0 multiple issues in chromium archdebian
CVE-2020-6454 high 8.0 multiple issues in chromium archdebian
CVE-2020-6451 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6426 high 8.0 multiple issues in chromium archdebian
CVE-2020-15889 high 8.0 Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. archdebian
CVE-2020-6450 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6407 high 8.0 multiple issues in chromium archdebian
CVE-2020-15995 high 8.0 multiple issues in chromium archdebian
CVE-2020-16032 high 8.0 multiple issues in chromium archdebian
CVE-2020-16043 high 8.0 multiple issues in chromium archdebian
CVE-2020-16028 high 8.0 multiple issues in chromium archdebian
CVE-2020-16026 high 8.0 multiple issues in chromium archdebian
CVE-2020-16035 high 8.0 multiple issues in chromium archdebian
CVE-2020-16042 high 8.0 multiple issues in chromium archdebiansuse
CVE-2020-16027 high 8.0 multiple issues in chromium archdebian
CVE-2020-16038 high 8.0 multiple issues in chromium archdebian
CVE-2020-16036 high 8.0 multiple issues in chromium archdebian
CVE-2020-16031 high 8.0 multiple issues in chromium archdebian
CVE-2020-16014 high 8.0 multiple issues in chromium archdebian
CVE-2020-16037 high 8.0 multiple issues in chromium archdebian
CVE-2020-16019 high 8.0 multiple issues in chromium archdebian
CVE-2020-16030 high 8.0 multiple issues in chromium archdebian
CVE-2020-16025 high 8.0 multiple issues in chromium archdebian
CVE-2020-6456 high 8.0 multiple issues in chromium archdebian
CVE-2020-1723 high 8.0 multiple issues in keycloak arch