VIR Vulnerability Intelligence Relay

CVEs from 2020

4,160 normalized CVEs published or assigned in this year.

Total
4,160
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%

Top vendors

Top products

  • banking_digital_experience 30
  • retail_xstore_point_of_service 28
  • primavera_unifier 27
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 10
  • communications_network_charging_and_control 10
  • communications_contacts_server 9
  • agile_plm 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-6430 high 8.0 multiple issues in chromium archdebian
CVE-2020-6455 high 8.0 multiple issues in chromium archdebian
CVE-2020-6458 high 8.0 multiple issues in chromium archdebian
CVE-2020-6452 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6428 high 8.0 multiple issues in chromium archdebian
CVE-2020-26970 high 8.0 When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, … archdebian
CVE-2020-6407 high 8.0 multiple issues in chromium archdebian
CVE-2020-6507 high 8.0 Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2020-6450 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6477 high 8.0 multiple issues in chromium archdebian
CVE-2020-27780 high 8.0 A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of … archsusedebian
CVE-2020-15964 high 8.0 multiple issues in chromium archdebian
CVE-2020-6449 high 8.0 multiple issues in chromium archdebian
CVE-2020-15658 high 8.0 The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file typ… archsusedebian
CVE-2020-36328 high 8.0 A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vuln… suserockylinuxdebian
CVE-2020-6574 high 8.0 multiple issues in chromium archdebian
CVE-2020-6422 high 8.0 multiple issues in chromium archdebian
CVE-2020-12663 high 8.0 Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. archsusedebian
CVE-2020-6424 high 8.0 multiple issues in chromium archdebian
CVE-2020-15961 high 8.0 multiple issues in chromium archdebian
CVE-2020-8696 high 8.0 Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. archsusedebianrockylinux
CVE-2020-28012 high 8.0 Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag. archdebian
CVE-2020-35176 high 8.0 In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf fo… debianarch
CVE-2020-15995 high 8.0 multiple issues in chromium archdebian
CVE-2020-6490 high 8.0 multiple issues in chromium archdebian
CVE-2020-24654 high 8.0 arbitrary filesystem access in ark debianarch
CVE-2020-6483 high 8.0 multiple issues in chromium archdebian
CVE-2020-16022 high 8.0 multiple issues in chromium archdebian
CVE-2020-15673 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archsusedebian
CVE-2020-6505 high 8.0 Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. archdebian
CVE-2020-6481 high 8.0 multiple issues in chromium archdebian
CVE-2020-25829 high 8.0 An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSS… archdebian
CVE-2020-16032 high 8.0 multiple issues in chromium archdebian
CVE-2020-13398 high 8.0 An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. archdebian
CVE-2020-6468 high 8.0 multiple issues in chromium archdebian
CVE-2020-28016 high 8.0 Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase. archdebian
CVE-2020-14302 high 8.0 multiple issues in keycloak arch
CVE-2020-26414 high 8.0 multiple issues in gitlab arch
CVE-2020-6573 high 8.0 multiple issues in chromium archdebian
CVE-2020-24490 high 8.0 Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ. archsusedebian
CVE-2020-16043 high 8.0 multiple issues in chromium archdebian
CVE-2020-15953 high 8.0 LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the clien… archdebian
CVE-2020-6496 high 8.0 multiple issues in chromium archdebian
CVE-2020-12407 high 8.0 Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the u… archsusedebian
CVE-2020-15678 high 8.0 When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClipped… archsusedebian
CVE-2020-28018 high 8.0 Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL. archdebian
CVE-2020-9383 high 8.0 An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before a… archsusedebian
CVE-2020-6493 high 8.0 multiple issues in chromium archdebian
CVE-2020-16028 high 8.0 multiple issues in chromium archdebian
CVE-2020-8169 high 8.0 curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). archdebiansuse
CVE-2020-6509 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-25684 high 8.0 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pendin… archdebiansuse
CVE-2020-6443 high 8.0 multiple issues in chromium archdebian
CVE-2020-6441 high 8.0 multiple issues in chromium archdebian
CVE-2020-6491 high 8.0 multiple issues in chromium archdebian
CVE-2020-25685 high 8.0 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only u… archdebiansuse
CVE-2020-16026 high 8.0 multiple issues in chromium archdebian
CVE-2020-16119 high 8.0 Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ub… archsusedebian
CVE-2020-6489 high 8.0 multiple issues in chromium archdebian
CVE-2020-27187 high 8.0 An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker … archdebian
CVE-2020-28015 high 8.0 Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character. archdebian
CVE-2020-6576 high 8.0 multiple issues in chromium archdebian
CVE-2020-6488 high 8.0 multiple issues in chromium archdebian
CVE-2020-16034 high 8.0 multiple issues in chromium archdebian
CVE-2020-16042 high 8.0 multiple issues in chromium archdebiansuse
CVE-2020-28021 high 8.0 Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code executi… archdebian
CVE-2020-6487 high 8.0 multiple issues in chromium archdebian
CVE-2020-28022 high 8.0 Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands. archdebian
CVE-2020-16033 high 8.0 multiple issues in chromium archdebian
CVE-2020-4031 high 8.0 In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2. archsusedebian
CVE-2020-6486 high 8.0 multiple issues in chromium archdebian
CVE-2020-14386 high 8.0 A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data conf… archsusedebian
CVE-2020-28008 high 8.0 Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input s… archdebian
CVE-2020-13904 high 8.0 FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_inp… archsusedebian
CVE-2020-2732 high 8.0 A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 gu… archsusedebian
CVE-2020-6479 high 8.0 multiple issues in chromium archdebian
CVE-2020-6474 high 8.0 multiple issues in chromium archdebian
CVE-2020-6478 high 8.0 multiple issues in chromium archdebian
CVE-2020-26976 high 8.0 When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe … archsusedebian
CVE-2020-26555 high 8.0 2y ago Important: kernel security, bug fix, and enhancement update archredhatrockylinuxsuse
CVE-2020-22219 high 8.0 3y ago Important: flac security update redhatsusedebian
CVE-2020-28367 high 8.0 4y ago Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. archsusedebiangolang
CVE-2020-28366 high 8.0 4y ago Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. archsusedebiangolang
CVE-2020-28915 high 8.0 4y ago A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. suserockylinuxdebian
CVE-2020-27838 high 8.0 4y ago Keycloak discloses information without authentication archjava
CVE-2020-7613 high 8.0 4y ago Clamscan vulnerable to command injection archnpm
CVE-2020-0404 high 8.0 4y ago In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional e… suserockylinuxdebian
CVE-2020-4788 high 8.0 4y ago IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. suserockylinuxdebian
CVE-2020-27820 high 8.0 4y ago A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-o… suserockylinuxdebian
CVE-2020-13974 high 8.0 4y ago An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in th… suserockylinuxdebian
CVE-2020-10734 high 8.0 4y ago OIDC Logout redirect in keycloak archjava
CVE-2020-13692 high 8.0 4y ago Improper Restriction of XML External Entity Reference susedebianrockylinuxjava
CVE-2020-1717 high 8.0 4y ago Generation of Error Message Containing Sensitive Information in Keycloak archjava
CVE-2020-1725 high 8.0 4y ago Incorrect Authorization in keycloak archjava
CVE-2020-1714 high 8.0 4y ago Improper Input Validation in Keycloak archjava
CVE-2020-14359 high 8.0 4y ago Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers archgolang
CVE-2020-13935 high 8.0 4y ago Infinite Loop in Apache Tomcat archsusedebianjava
CVE-2020-13934 high 8.0 4y ago Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat archsusedebianjava
CVE-2020-8927 high 8.0 5y ago Important: .NET 5.0 security and bugfix update debianarchsuserockylinux+4
CVE-2020-25717 high 8.0 5y ago Important: samba security update archsuserockylinuxdebian