VIR Vulnerability Intelligence Relay

CVEs from 2020

4,156 normalized CVEs published or assigned in this year.

Total
4,156
critical
critical 193
high
high 470
medium
medium 674
low
low 57
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%

Top vendors

Top products

  • banking_digital_experience 30
  • retail_xstore_point_of_service 28
  • primavera_unifier 27
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 10
  • communications_network_charging_and_control 10
  • communications_contacts_server 9
  • agile_plm 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-11112 high 8.8 8.8 6y ago jackson-databind mishandles the interaction between serialization gadgets and typing debianjavaoracle
CVE-2020-37221 high 8.4 8.4 15d ago Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Cloc…
CVE-2020-37244 high 8.2 8.2 12d ago Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' p…
CVE-2020-37243 high 8.2 8.2 12d ago Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl acti…
CVE-2020-37242 high 8.2 8.2 12d ago Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parame…
CVE-2020-37218 high 8.2 8.2 15d ago Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the …
CVE-2020-37004 high 8.2 8.2 4mo ago The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attac…
CVE-2020-36183 high 8.1 8.1 6y ago Unsafe Deserialization in jackson-databind debianjavaoracle
CVE-2020-35728 high 8.1 8.1 6y ago Serialization gadget exploit in jackson-databind susedebianjavaoracle
CVE-2020-14060 high 8.1 8.1 6y ago Deserialization of untrusted data in Jackson Databind debianjavaoracle
CVE-2020-14062 high 8.1 8.1 6y ago Deserialization of untrusted data in Jackson Databind debianjavaoracle
CVE-2020-11619 high 8.1 8.1 6y ago jackson-databind mishandles the interaction between serialization gadgets and typing debianjavaoracle
CVE-2020-6469 high 8.0 multiple issues in chromium archdebian
CVE-2020-6476 high 8.0 multiple issues in chromium archdebian
CVE-2020-6444 high 8.0 multiple issues in chromium archdebian
CVE-2020-6440 high 8.0 multiple issues in chromium archdebian
CVE-2020-6437 high 8.0 multiple issues in chromium archdebian
CVE-2020-28013 high 8.0 Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the i… archdebian
CVE-2020-6462 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6448 high 8.0 multiple issues in chromium archdebian
CVE-2020-6465 high 8.0 multiple issues in chromium archdebian
CVE-2020-6831 high 8.0 arbitrary code execution in chromium archdebiansuse
CVE-2020-6461 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6447 high 8.0 multiple issues in chromium archdebian
CVE-2020-6445 high 8.0 multiple issues in chromium archdebian
CVE-2020-6464 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6459 high 8.0 multiple issues in chromium archdebian
CVE-2020-6446 high 8.0 multiple issues in chromium archdebian
CVE-2020-6460 high 8.0 multiple issues in chromium archdebian
CVE-2020-6470 high 8.0 multiple issues in chromium archdebian
CVE-2020-13112 high 8.0 An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. archsusedebian
CVE-2020-14303 high 8.0 A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. archsusedebian
CVE-2020-15674 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archsusedebian
CVE-2020-15811 high 8.0 An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poi… suserockylinuxdebian
CVE-2020-10188 high 8.0 utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem … archsusedebian
CVE-2020-12409 high 8.0 When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox < 77. archsusedebian
CVE-2020-8177 high 8.0 curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. archdebiansuse
CVE-2020-25686 high 8.0 A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of … archdebiansuse
CVE-2020-12406 high 8.0 Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary cod… archsusedebian
CVE-2020-0093 high 8.0 In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privile… archsusedebian
CVE-2020-23171 high 8.0 multiple issues in nim arch
CVE-2020-15654 high 8.0 When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived brok… archsusedebian
CVE-2020-1716 high 8.0 Important: Rocky Enterprise Software Foundation Ceph Storage 4.1 security, bug fix, and enhancement update rockylinux
CVE-2020-35680 high 8.0 smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of cl… archdebian
CVE-2020-15889 high 8.0 Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. archdebian
CVE-2020-28024 high 8.0 Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can … archdebian
CVE-2020-15995 high 8.0 multiple issues in chromium archdebian
CVE-2020-16032 high 8.0 multiple issues in chromium archdebian
CVE-2020-16043 high 8.0 multiple issues in chromium archdebian
CVE-2020-16028 high 8.0 multiple issues in chromium archdebian
CVE-2020-16026 high 8.0 multiple issues in chromium archdebian
CVE-2020-16035 high 8.0 multiple issues in chromium archdebian
CVE-2020-16042 high 8.0 multiple issues in chromium archdebiansuse
CVE-2020-16027 high 8.0 multiple issues in chromium archdebian
CVE-2020-16038 high 8.0 multiple issues in chromium archdebian
CVE-2020-16036 high 8.0 multiple issues in chromium archdebian
CVE-2020-16031 high 8.0 multiple issues in chromium archdebian
CVE-2020-16014 high 8.0 multiple issues in chromium archdebian
CVE-2020-16037 high 8.0 multiple issues in chromium archdebian
CVE-2020-16019 high 8.0 multiple issues in chromium archdebian
CVE-2020-16030 high 8.0 multiple issues in chromium archdebian
CVE-2020-16025 high 8.0 multiple issues in chromium archdebian
CVE-2020-16024 high 8.0 multiple issues in chromium archdebian
CVE-2020-16021 high 8.0 multiple issues in chromium archdebian
CVE-2020-16020 high 8.0 multiple issues in chromium archdebian
CVE-2020-16018 high 8.0 multiple issues in chromium archdebian
CVE-2020-16012 high 8.0 multiple issues in chromium archdebiansuse
CVE-2020-16016 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-15966 high 8.0 multiple issues in chromium archdebian
CVE-2020-15963 high 8.0 multiple issues in chromium archdebian
CVE-2020-15964 high 8.0 multiple issues in chromium archdebian
CVE-2020-6574 high 8.0 multiple issues in chromium archdebian
CVE-2020-15961 high 8.0 multiple issues in chromium archdebian
CVE-2020-6490 high 8.0 multiple issues in chromium archdebian
CVE-2020-6483 high 8.0 multiple issues in chromium archdebian
CVE-2020-6481 high 8.0 multiple issues in chromium archdebian
CVE-2020-6468 high 8.0 multiple issues in chromium archdebian
CVE-2020-6573 high 8.0 multiple issues in chromium archdebian
CVE-2020-6496 high 8.0 multiple issues in chromium archdebian
CVE-2020-6493 high 8.0 multiple issues in chromium archdebian
CVE-2020-6509 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6491 high 8.0 multiple issues in chromium archdebian
CVE-2020-6489 high 8.0 multiple issues in chromium archdebian
CVE-2020-6488 high 8.0 multiple issues in chromium archdebian
CVE-2020-6487 high 8.0 multiple issues in chromium archdebian
CVE-2020-6486 high 8.0 multiple issues in chromium archdebian
CVE-2020-6484 high 8.0 multiple issues in chromium archdebian
CVE-2020-6485 high 8.0 multiple issues in chromium archdebian
CVE-2020-6475 high 8.0 multiple issues in chromium archdebian
CVE-2020-6480 high 8.0 multiple issues in chromium archdebian
CVE-2020-6471 high 8.0 multiple issues in chromium archdebian
CVE-2020-15953 high 8.0 LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the clien… archdebian
CVE-2020-26971 high 8.0 Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefo… archsusedebian
CVE-2020-26976 high 8.0 When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe … archsusedebian
CVE-2020-16022 high 8.0 multiple issues in chromium archdebian
CVE-2020-8625 high 8.0 BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not … debianarchsuse
CVE-2020-11008 high 8.0 Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q… archsusedebian
CVE-2020-25685 high 8.0 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only u… archdebiansuse
CVE-2020-28021 high 8.0 Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code executi… archdebian
CVE-2020-15676 high 8.0 Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditabl… archdebian