VIR Vulnerability Intelligence Relay

CVEs from 2020

4,354 normalized CVEs published or assigned in this year.

Total
4,354
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.4%
% with KEV
3.4%
% with exploit
3.4%

Top vendors

Top products

  • banking_digital_experience 30
  • retail_xstore_point_of_service 28
  • primavera_unifier 27
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 10
  • communications_network_charging_and_control 10
  • communications_contacts_server 9
  • agile_plm 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-11112 high 8.8 8.8 6y ago jackson-databind mishandles the interaction between serialization gadgets and typing debianjavaoracle
CVE-2020-37221 high 8.4 8.4 15d ago Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Cloc…
CVE-2020-37244 high 8.2 8.2 12d ago Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' p…
CVE-2020-37243 high 8.2 8.2 12d ago Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl acti…
CVE-2020-37242 high 8.2 8.2 12d ago Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parame…
CVE-2020-37218 high 8.2 8.2 15d ago Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the …
CVE-2020-37004 high 8.2 8.2 4mo ago The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attac…
CVE-2020-36183 high 8.1 8.1 6y ago Unsafe Deserialization in jackson-databind debianjavaoracle
CVE-2020-35728 high 8.1 8.1 6y ago Serialization gadget exploit in jackson-databind susedebianjavaoracle
CVE-2020-14060 high 8.1 8.1 6y ago Deserialization of untrusted data in Jackson Databind debianjavaoracle
CVE-2020-14062 high 8.1 8.1 6y ago Deserialization of untrusted data in Jackson Databind debianjavaoracle
CVE-2020-11619 high 8.1 8.1 6y ago jackson-databind mishandles the interaction between serialization gadgets and typing debianjavaoracle
CVE-2020-16018 high 8.0 multiple issues in chromium archdebian
CVE-2020-6486 high 8.0 multiple issues in chromium archdebian
CVE-2020-6831 high 8.0 arbitrary code execution in chromium archdebiansuse
CVE-2020-16024 high 8.0 multiple issues in chromium archdebian
CVE-2020-13904 high 8.0 FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_inp… archsusedebian
CVE-2020-6483 high 8.0 multiple issues in chromium archdebian
CVE-2020-6452 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-16025 high 8.0 multiple issues in chromium archdebian
CVE-2020-16030 high 8.0 multiple issues in chromium archdebian
CVE-2020-16012 high 8.0 multiple issues in chromium archdebiansuse
CVE-2020-6491 high 8.0 multiple issues in chromium archdebian
CVE-2020-6484 high 8.0 multiple issues in chromium archdebian
CVE-2020-6461 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6428 high 8.0 multiple issues in chromium archdebian
CVE-2020-35176 high 8.0 In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf fo… debianarch
CVE-2020-16031 high 8.0 multiple issues in chromium archdebian
CVE-2020-6476 high 8.0 multiple issues in chromium archdebian
CVE-2020-6470 high 8.0 multiple issues in chromium archdebian
CVE-2020-16038 high 8.0 multiple issues in chromium archdebian
CVE-2020-15961 high 8.0 multiple issues in chromium archdebian
CVE-2020-6487 high 8.0 multiple issues in chromium archdebian
CVE-2020-6465 high 8.0 multiple issues in chromium archdebian
CVE-2020-9383 high 8.0 An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before a… archsusedebian
CVE-2020-16037 high 8.0 multiple issues in chromium archdebian
CVE-2020-8835 high 8.0 In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel … archsusedebian
CVE-2020-16027 high 8.0 multiple issues in chromium archdebian
CVE-2020-6509 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6437 high 8.0 multiple issues in chromium archdebian
CVE-2020-6447 high 8.0 multiple issues in chromium archdebian
CVE-2020-15966 high 8.0 multiple issues in chromium archdebian
CVE-2020-6433 high 8.0 multiple issues in chromium archdebian
CVE-2020-6431 high 8.0 multiple issues in chromium archdebian
CVE-2020-26974 high 8.0 When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a poten… archsusedebian
CVE-2020-16026 high 8.0 multiple issues in chromium archdebian
CVE-2020-16035 high 8.0 multiple issues in chromium archdebian
CVE-2020-6432 high 8.0 multiple issues in chromium archdebian
CVE-2020-16043 high 8.0 multiple issues in chromium archdebian
CVE-2020-6463 high 8.0 Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebiansuse
CVE-2020-6440 high 8.0 multiple issues in chromium archdebian
CVE-2020-16028 high 8.0 multiple issues in chromium archdebian
CVE-2020-6435 high 8.0 multiple issues in chromium archdebian
CVE-2020-6430 high 8.0 multiple issues in chromium archdebian
CVE-2020-6429 high 8.0 multiple issues in chromium archdebian
CVE-2020-6424 high 8.0 multiple issues in chromium archdebian
CVE-2020-6482 high 8.0 multiple issues in chromium archdebian
CVE-2020-6477 high 8.0 multiple issues in chromium archdebian
CVE-2020-6448 high 8.0 multiple issues in chromium archdebian
CVE-2020-15995 high 8.0 multiple issues in chromium archdebian
CVE-2020-8696 high 8.0 Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. archsusedebianrockylinux
CVE-2020-16032 high 8.0 multiple issues in chromium archdebian
CVE-2020-6407 high 8.0 multiple issues in chromium archdebian
CVE-2020-26978 high 8.0 Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerabi… archsusedebian
CVE-2020-6489 high 8.0 multiple issues in chromium archdebian
CVE-2020-16042 high 8.0 multiple issues in chromium archdebiansuse
CVE-2020-1971 high 8.0 The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares d… archsusedebian
CVE-2020-35114 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2020-6493 high 8.0 multiple issues in chromium archdebian
CVE-2020-6445 high 8.0 multiple issues in chromium archdebian
CVE-2020-1716 high 8.0 Important: Rocky Enterprise Software Foundation Ceph Storage 4.1 security, bug fix, and enhancement update rockylinux
CVE-2020-24511 high 8.0 Important: microcode_ctl security, bug fix and enhancement update archsuserockylinuxdebian
CVE-2020-15811 high 8.0 An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poi… suserockylinuxdebian
CVE-2020-6574 high 8.0 multiple issues in chromium archdebian
CVE-2020-28025 high 8.0 Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might le… archdebian
CVE-2020-6438 high 8.0 multiple issues in chromium archdebian
CVE-2020-6422 high 8.0 multiple issues in chromium archdebian
CVE-2020-3123 high 8.0 A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service … archdebian
CVE-2020-25686 high 8.0 A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of … archdebiansuse
CVE-2020-6480 high 8.0 multiple issues in chromium archdebian
CVE-2020-6442 high 8.0 multiple issues in chromium archdebian
CVE-2020-24513 high 8.0 Important: microcode_ctl security, bug fix and enhancement update archsusedebianrockylinux
CVE-2020-15963 high 8.0 multiple issues in chromium archdebian
CVE-2020-16034 high 8.0 multiple issues in chromium archdebian
CVE-2020-10745 high 8.0 A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server… archsusedebian
CVE-2020-6469 high 8.0 multiple issues in chromium archdebian
CVE-2020-6427 high 8.0 multiple issues in chromium archdebian
CVE-2020-35702 high 8.0 DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones … archdebian
CVE-2020-6575 high 8.0 multiple issues in chromium archdebian
CVE-2020-15960 high 8.0 multiple issues in chromium archdebian
CVE-2020-1723 high 8.0 multiple issues in keycloak arch
CVE-2020-28026 high 8.0 Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline … archdebian
CVE-2020-6474 high 8.0 multiple issues in chromium archdebian
CVE-2020-6449 high 8.0 multiple issues in chromium archdebian
CVE-2020-12410 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archsusedebian
CVE-2020-6472 high 8.0 multiple issues in chromium archdebian
CVE-2020-15678 high 8.0 When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClipped… archsusedebian
CVE-2020-28019 high 8.0 Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a clien… archdebian
CVE-2020-0543 high 8.0 Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. archsusedebianrockylinux
CVE-2020-6420 high 8.0 access restriction bypass in chromium archdebian