VIR Vulnerability Intelligence Relay

CVEs from 2020

4,634 normalized CVEs published or assigned in this year.

Total
4,634
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.2%
% with KEV
3.2%
% with exploit
3.2%

Top vendors

Top products

  • banking_digital_experience 30
  • retail_xstore_point_of_service 28
  • primavera_unifier 27
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 10
  • communications_network_charging_and_control 10
  • communications_contacts_server 9
  • agile_plm 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-35733 high 8.0 certificate verification bypass in erlang archdebian
CVE-2020-28023 high 8.0 Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client. archdebian
CVE-2020-3123 high 8.0 A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service … archdebian
CVE-2020-28025 high 8.0 Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might le… archdebian
CVE-2020-6485 high 8.0 multiple issues in chromium archdebian
CVE-2020-16025 high 8.0 multiple issues in chromium archdebian
CVE-2020-28009 high 8.0 Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation … archdebian
CVE-2020-28014 high 8.0 Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten. archdebian
CVE-2020-28017 high 8.0 Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of res… archdebian
CVE-2020-28020 high 8.0 Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header… archdebian
CVE-2020-15965 high 8.0 multiple issues in chromium archdebian
CVE-2020-16015 high 8.0 multiple issues in chromium archdebian
CVE-2020-16029 high 8.0 multiple issues in chromium archdebian
CVE-2020-6423 high 8.0 multiple issues in chromium archdebian
CVE-2020-6434 high 8.0 multiple issues in chromium archdebian
CVE-2020-6455 high 8.0 multiple issues in chromium archdebian
CVE-2020-6458 high 8.0 multiple issues in chromium archdebian
CVE-2020-6444 high 8.0 multiple issues in chromium archdebian
CVE-2020-6507 high 8.0 Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2020-6472 high 8.0 multiple issues in chromium archdebian
CVE-2020-28018 high 8.0 Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL. archdebian
CVE-2020-15676 high 8.0 Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditabl… archdebian
CVE-2020-6470 high 8.0 multiple issues in chromium archdebian
CVE-2020-16018 high 8.0 multiple issues in chromium archdebian
CVE-2020-6462 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-28012 high 8.0 Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag. archdebian
CVE-2020-35114 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2020-26414 high 8.0 multiple issues in gitlab arch
CVE-2020-14302 high 8.0 multiple issues in keycloak arch
CVE-2020-16034 high 8.0 multiple issues in chromium archdebian
CVE-2020-35679 high 8.0 smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups. archdebian
CVE-2020-15966 high 8.0 multiple issues in chromium archdebian
CVE-2020-6447 high 8.0 multiple issues in chromium archdebian
CVE-2020-16027 high 8.0 multiple issues in chromium archdebian
CVE-2020-26164 high 8.0 In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a De… archdebian
CVE-2020-35113 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archsusedebian
CVE-2020-6445 high 8.0 multiple issues in chromium archdebian
CVE-2020-28016 high 8.0 Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase. archdebian
CVE-2020-6464 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-15963 high 8.0 multiple issues in chromium archdebian
CVE-2020-6459 high 8.0 multiple issues in chromium archdebian
CVE-2020-1716 high 8.0 Important: Rocky Enterprise Software Foundation Ceph Storage 4.1 security, bug fix, and enhancement update rockylinux
CVE-2020-26262 high 8.0 Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.… archdebian
CVE-2020-15964 high 8.0 multiple issues in chromium archdebian
CVE-2020-27187 high 8.0 An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker … archdebian
CVE-2020-6460 high 8.0 multiple issues in chromium archdebian
CVE-2020-6456 high 8.0 multiple issues in chromium archdebian
CVE-2020-6574 high 8.0 multiple issues in chromium archdebian
CVE-2020-6439 high 8.0 multiple issues in chromium archdebian
CVE-2020-6579 high 8.0 multiple issues in chromium arch
CVE-2020-6461 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-15961 high 8.0 multiple issues in chromium archdebian
CVE-2020-6438 high 8.0 multiple issues in chromium archdebian
CVE-2020-25684 high 8.0 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pendin… archdebiansuse
CVE-2020-6436 high 8.0 multiple issues in chromium archdebian
CVE-2020-6490 high 8.0 multiple issues in chromium archdebian
CVE-2020-6425 high 8.0 multiple issues in chromium archdebian
CVE-2020-16040 high 8.0 multiple issues in chromium archdebian
CVE-2020-24654 high 8.0 arbitrary filesystem access in ark debianarch
CVE-2020-6483 high 8.0 multiple issues in chromium archdebian
CVE-2020-6433 high 8.0 multiple issues in chromium archdebian
CVE-2020-35702 high 8.0 DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones … archdebian
CVE-2020-6432 high 8.0 multiple issues in chromium archdebian
CVE-2020-6481 high 8.0 multiple issues in chromium archdebian
CVE-2020-6431 high 8.0 multiple issues in chromium archdebian
CVE-2020-26976 high 8.0 When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe … archsusedebian
CVE-2020-6430 high 8.0 multiple issues in chromium archdebian
CVE-2020-6468 high 8.0 multiple issues in chromium archdebian
CVE-2020-6452 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-25685 high 8.0 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only u… archdebiansuse
CVE-2020-6428 high 8.0 multiple issues in chromium archdebian
CVE-2020-6573 high 8.0 multiple issues in chromium archdebian
CVE-2020-6407 high 8.0 multiple issues in chromium archdebian
CVE-2020-24512 high 8.0 Important: microcode_ctl security, bug fix and enhancement update archsusedebianrockylinux
CVE-2020-6450 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6496 high 8.0 multiple issues in chromium archdebian
CVE-2020-6429 high 8.0 multiple issues in chromium archdebian
CVE-2020-15995 high 8.0 multiple issues in chromium archdebian
CVE-2020-6449 high 8.0 multiple issues in chromium archdebian
CVE-2020-6493 high 8.0 multiple issues in chromium archdebian
CVE-2020-6427 high 8.0 multiple issues in chromium archdebian
CVE-2020-15962 high 8.0 multiple issues in chromium archdebian
CVE-2020-6422 high 8.0 multiple issues in chromium archdebian
CVE-2020-6509 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6424 high 8.0 multiple issues in chromium archdebian
CVE-2020-26979 high 8.0 When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the d… archsusedebian
CVE-2020-16016 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6491 high 8.0 multiple issues in chromium archdebian
CVE-2020-8616 high 8.0 A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause … debianarchsuse
CVE-2020-35176 high 8.0 In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf fo… debianarch
CVE-2020-6489 high 8.0 multiple issues in chromium archdebian
CVE-2020-16019 high 8.0 multiple issues in chromium archdebian
CVE-2020-6831 high 8.0 arbitrary code execution in chromium archdebiansuse
CVE-2020-15960 high 8.0 multiple issues in chromium archdebian
CVE-2020-25683 high 8.0 A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who… archsusedebian
CVE-2020-15166 high 8.0 In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and con… archdebian
CVE-2020-14387 high 8.0 A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing… archdebian
CVE-2020-12398 high 8.0 If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent … archdebian
CVE-2020-28011 high 8.0 Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root. archdebian
CVE-2020-13114 high 8.0 An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. archsusedebian