VIR Vulnerability Intelligence Relay

CVEs from 2020

4,160 normalized CVEs published or assigned in this year.

Total
4,160
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%

Top vendors

Top products

  • banking_digital_experience 30
  • retail_xstore_point_of_service 28
  • primavera_unifier 27
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 10
  • communications_network_charging_and_control 10
  • communications_contacts_server 9
  • agile_plm 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-1723 high 8.0 multiple issues in keycloak arch
CVE-2020-13777 high 8.0 GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version i… archsusedebian
CVE-2020-15659 high 8.0 Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enoug… archsusedebian
CVE-2020-26976 high 8.0 When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe … archsusedebian
CVE-2020-8169 high 8.0 curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). archdebiansuse
CVE-2020-8835 high 8.0 In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel … archsusedebian
CVE-2020-8616 high 8.0 A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause … debianarchsuse
CVE-2020-25684 high 8.0 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pendin… archdebiansuse
CVE-2020-14387 high 8.0 A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing… archdebian
CVE-2020-6429 high 8.0 multiple issues in chromium archdebian
CVE-2020-6428 high 8.0 multiple issues in chromium archdebian
CVE-2020-28926 high 8.0 ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug re… archdebian
CVE-2020-9383 high 8.0 An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before a… archsusedebian
CVE-2020-28023 high 8.0 Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client. archdebian
CVE-2020-28017 high 8.0 Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of res… archdebian
CVE-2020-6575 high 8.0 multiple issues in chromium archdebian
CVE-2020-13871 high 8.0 SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. archdebian
CVE-2020-28007 high 8.0 Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting crit… archdebian
CVE-2020-6431 high 8.0 multiple issues in chromium archdebian
CVE-2020-12409 high 8.0 When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox < 77. archsusedebian
CVE-2020-16032 high 8.0 multiple issues in chromium archdebian
CVE-2020-1716 high 8.0 Important: Rocky Enterprise Software Foundation Ceph Storage 4.1 security, bug fix, and enhancement update rockylinux
CVE-2020-15676 high 8.0 Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditabl… archdebian
CVE-2020-15966 high 8.0 multiple issues in chromium archdebian
CVE-2020-15961 high 8.0 multiple issues in chromium archdebian
CVE-2020-6487 high 8.0 multiple issues in chromium archdebian
CVE-2020-6491 high 8.0 multiple issues in chromium archdebian
CVE-2020-35733 high 8.0 certificate verification bypass in erlang archdebian
CVE-2020-6465 high 8.0 multiple issues in chromium archdebian
CVE-2020-16040 high 8.0 multiple issues in chromium archdebian
CVE-2020-16026 high 8.0 multiple issues in chromium archdebian
CVE-2020-6427 high 8.0 multiple issues in chromium archdebian
CVE-2020-28018 high 8.0 Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL. archdebian
CVE-2020-6422 high 8.0 multiple issues in chromium archdebian
CVE-2020-28010 high 8.0 Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms). archdebian
CVE-2020-6459 high 8.0 multiple issues in chromium archdebian
CVE-2020-6424 high 8.0 multiple issues in chromium archdebian
CVE-2020-28025 high 8.0 Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might le… archdebian
CVE-2020-28014 high 8.0 Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten. archdebian
CVE-2020-6432 high 8.0 multiple issues in chromium archdebian
CVE-2020-6460 high 8.0 multiple issues in chromium archdebian
CVE-2020-6435 high 8.0 multiple issues in chromium archdebian
CVE-2020-6433 high 8.0 multiple issues in chromium archdebian
CVE-2020-6469 high 8.0 multiple issues in chromium archdebian
CVE-2020-16021 high 8.0 multiple issues in chromium archdebian
CVE-2020-6450 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6430 high 8.0 multiple issues in chromium archdebian
CVE-2020-16014 high 8.0 multiple issues in chromium archdebian
CVE-2020-6452 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-16025 high 8.0 multiple issues in chromium archdebian
CVE-2020-35176 high 8.0 In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf fo… debianarch
CVE-2020-16018 high 8.0 multiple issues in chromium archdebian
CVE-2020-16016 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6474 high 8.0 multiple issues in chromium archdebian
CVE-2020-6574 high 8.0 multiple issues in chromium archdebian
CVE-2020-6509 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6489 high 8.0 multiple issues in chromium archdebian
CVE-2020-6493 high 8.0 multiple issues in chromium archdebian
CVE-2020-6496 high 8.0 multiple issues in chromium archdebian
CVE-2020-24654 high 8.0 arbitrary filesystem access in ark debianarch
CVE-2020-8695 high 8.0 Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. susedebianrockylinux
CVE-2020-6446 high 8.0 multiple issues in chromium archdebian
CVE-2020-6448 high 8.0 multiple issues in chromium archdebian
CVE-2020-6475 high 8.0 multiple issues in chromium archdebian
CVE-2020-6476 high 8.0 multiple issues in chromium archdebian
CVE-2020-6464 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6437 high 8.0 multiple issues in chromium archdebian
CVE-2020-6470 high 8.0 multiple issues in chromium archdebian
CVE-2020-8698 high 8.0 Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. archsuserockylinuxdebian
CVE-2020-6440 high 8.0 multiple issues in chromium archdebian
CVE-2020-6439 high 8.0 multiple issues in chromium archdebian
CVE-2020-6420 high 8.0 access restriction bypass in chromium archdebian
CVE-2020-6462 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-16150 high 8.0 A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode … archdebian
CVE-2020-28011 high 8.0 Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root. archdebian
CVE-2020-6831 high 8.0 arbitrary code execution in chromium archdebiansuse
CVE-2020-6449 high 8.0 multiple issues in chromium archdebian
CVE-2020-15653 high 8.0 An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed po… archsusedebian
CVE-2020-0556 high 8.0 Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access debianarchsuse
CVE-2020-6436 high 8.0 multiple issues in chromium archdebian
CVE-2020-6445 high 8.0 multiple issues in chromium archdebian
CVE-2020-6456 high 8.0 multiple issues in chromium archdebian
CVE-2020-3123 high 8.0 A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service … archdebian
CVE-2020-6444 high 8.0 multiple issues in chromium archdebian
CVE-2020-6477 high 8.0 multiple issues in chromium archdebian
CVE-2020-4031 high 8.0 In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2. archsusedebian
CVE-2020-6486 high 8.0 multiple issues in chromium archdebian
CVE-2020-6482 high 8.0 multiple issues in chromium archdebian
CVE-2020-35111 high 8.0 When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a us… archsusedebian
CVE-2020-6425 high 8.0 multiple issues in chromium archdebian
CVE-2020-15960 high 8.0 multiple issues in chromium archdebian
CVE-2020-13112 high 8.0 An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. archsusedebian
CVE-2020-16036 high 8.0 multiple issues in chromium archdebian
CVE-2020-16028 high 8.0 multiple issues in chromium archdebian
CVE-2020-16043 high 8.0 multiple issues in chromium archdebian
CVE-2020-16038 high 8.0 multiple issues in chromium archdebian
CVE-2020-16035 high 8.0 multiple issues in chromium archdebian
CVE-2020-16042 high 8.0 multiple issues in chromium archdebiansuse
CVE-2020-16027 high 8.0 multiple issues in chromium archdebian
CVE-2020-6447 high 8.0 multiple issues in chromium archdebian