VIR Vulnerability Intelligence Relay

CVEs from 2020

4,634 normalized CVEs published or assigned in this year.

Total
4,634
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.2%
% with KEV
3.2%
% with exploit
3.2%

Top vendors

Top products

  • banking_digital_experience 30
  • retail_xstore_point_of_service 28
  • primavera_unifier 27
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 10
  • communications_network_charging_and_control 10
  • communications_contacts_server 9
  • agile_plm 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-6452 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-15966 high 8.0 multiple issues in chromium archdebian
CVE-2020-6428 high 8.0 multiple issues in chromium archdebian
CVE-2020-15963 high 8.0 multiple issues in chromium archdebian
CVE-2020-6507 high 8.0 Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2020-6407 high 8.0 multiple issues in chromium archdebian
CVE-2020-6450 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-15964 high 8.0 multiple issues in chromium archdebian
CVE-2020-6429 high 8.0 multiple issues in chromium archdebian
CVE-2020-24511 high 8.0 Important: microcode_ctl security, bug fix and enhancement update archsuserockylinuxdebian
CVE-2020-6449 high 8.0 multiple issues in chromium archdebian
CVE-2020-6574 high 8.0 multiple issues in chromium archdebian
CVE-2020-6427 high 8.0 multiple issues in chromium archdebian
CVE-2020-27187 high 8.0 An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker … archdebian
CVE-2020-6422 high 8.0 multiple issues in chromium archdebian
CVE-2020-15961 high 8.0 multiple issues in chromium archdebian
CVE-2020-6487 high 8.0 multiple issues in chromium archdebian
CVE-2020-6424 high 8.0 multiple issues in chromium archdebian
CVE-2020-16038 high 8.0 multiple issues in chromium archdebian
CVE-2020-26978 high 8.0 Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerabi… archsusedebian
CVE-2020-35176 high 8.0 In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf fo… debianarch
CVE-2020-15953 high 8.0 LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the clien… archdebian
CVE-2020-12410 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archsusedebian
CVE-2020-35701 high 8.0 An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id paramete… archdebian
CVE-2020-15995 high 8.0 multiple issues in chromium archdebian
CVE-2020-12767 high 8.0 exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. archsusedebian
CVE-2020-6481 high 8.0 multiple issues in chromium archdebian
CVE-2020-12398 high 8.0 If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent … archdebian
CVE-2020-16033 high 8.0 multiple issues in chromium archdebian
CVE-2020-35113 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archsusedebian
CVE-2020-6468 high 8.0 multiple issues in chromium archdebian
CVE-2020-6505 high 8.0 Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. archdebian
CVE-2020-16032 high 8.0 multiple issues in chromium archdebian
CVE-2020-25684 high 8.0 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pendin… archdebiansuse
CVE-2020-6573 high 8.0 multiple issues in chromium archdebian
CVE-2020-16039 high 8.0 multiple issues in chromium archdebian
CVE-2020-25687 high 8.0 A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a rem… archsusedebian
CVE-2020-35679 high 8.0 smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups. archdebian
CVE-2020-6496 high 8.0 multiple issues in chromium archdebian
CVE-2020-28018 high 8.0 Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL. archdebian
CVE-2020-16043 high 8.0 multiple issues in chromium archdebian
CVE-2020-15676 high 8.0 Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditabl… archdebian
CVE-2020-0556 high 8.0 Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access debianarchsuse
CVE-2020-15652 high 8.0 By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulne… archsusedebian
CVE-2020-6493 high 8.0 multiple issues in chromium archdebian
CVE-2020-15677 high 8.0 By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open red… archsusedebian
CVE-2020-6489 high 8.0 multiple issues in chromium archdebian
CVE-2020-25829 high 8.0 An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSS… archdebian
CVE-2020-10730 high 8.0 A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped wit… archsusedebian
CVE-2020-6466 high 8.0 multiple issues in chromium archdebian
CVE-2020-6491 high 8.0 multiple issues in chromium archdebian
CVE-2020-12411 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archsusedebian
CVE-2020-15888 high 8.0 Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free. archsusedebian
CVE-2020-10188 high 8.0 utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem … archsusedebian
CVE-2020-16026 high 8.0 multiple issues in chromium archdebian
CVE-2020-28024 high 8.0 Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can … archdebian
CVE-2020-10760 high 8.0 A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba. archsusedebian
CVE-2020-6469 high 8.0 multiple issues in chromium archdebian
CVE-2020-6488 high 8.0 multiple issues in chromium archdebian
CVE-2020-15238 high 8.0 Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depe… debianarch
CVE-2020-12407 high 8.0 Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the u… archsusedebian
CVE-2020-26972 high 8.0 The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check w… archdebian
CVE-2020-6475 high 8.0 multiple issues in chromium archdebian
CVE-2020-16035 high 8.0 multiple issues in chromium archdebian
CVE-2020-16042 high 8.0 multiple issues in chromium archdebiansuse
CVE-2020-6579 high 8.0 multiple issues in chromium arch
CVE-2020-6486 high 8.0 multiple issues in chromium archdebian
CVE-2020-23171 high 8.0 multiple issues in nim arch
CVE-2020-1723 high 8.0 multiple issues in keycloak arch
CVE-2020-10745 high 8.0 A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server… archsusedebian
CVE-2020-6484 high 8.0 multiple issues in chromium archdebian
CVE-2020-24512 high 8.0 Important: microcode_ctl security, bug fix and enhancement update archsusedebianrockylinux
CVE-2020-16027 high 8.0 multiple issues in chromium archdebian
CVE-2020-13871 high 8.0 SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. archdebian
CVE-2020-6485 high 8.0 multiple issues in chromium archdebian
CVE-2020-28007 high 8.0 Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting crit… archdebian
CVE-2020-11008 high 8.0 Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q… archsusedebian
CVE-2020-15655 high 8.0 A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affe… archsusedebian
CVE-2020-28008 high 8.0 Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input s… archdebian
CVE-2020-26555 high 8.0 2y ago Important: kernel security, bug fix, and enhancement update archredhatrockylinuxsuse
CVE-2020-22219 high 8.0 3y ago Important: flac security update redhatsusedebian
CVE-2020-28367 high 8.0 4y ago Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. archsusedebiangolang
CVE-2020-28366 high 8.0 4y ago Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. archsusedebiangolang
CVE-2020-28915 high 8.0 4y ago Important: kernel-rt security and bug fix update suserockylinuxdebian
CVE-2020-27838 high 8.0 4y ago Keycloak discloses information without authentication archjava
CVE-2020-7613 high 8.0 4y ago Clamscan vulnerable to command injection archnpm
CVE-2020-13974 high 8.0 4y ago Important: kernel security, bug fix, and enhancement update suserockylinuxdebian
CVE-2020-0404 high 8.0 4y ago Important: kernel security, bug fix, and enhancement update suserockylinuxdebian
CVE-2020-4788 high 8.0 4y ago Important: kernel security, bug fix, and enhancement update suserockylinuxdebian
CVE-2020-27820 high 8.0 4y ago Important: kernel security, bug fix, and enhancement update suserockylinuxdebian
CVE-2020-10734 high 8.0 4y ago OIDC Logout redirect in keycloak archjava
CVE-2020-13692 high 8.0 4y ago Improper Restriction of XML External Entity Reference susedebianrockylinuxjava
CVE-2020-1717 high 8.0 4y ago Generation of Error Message Containing Sensitive Information in Keycloak archjava
CVE-2020-1725 high 8.0 4y ago Incorrect Authorization in keycloak archjava
CVE-2020-1714 high 8.0 4y ago Improper Input Validation in Keycloak archjava
CVE-2020-14359 high 8.0 4y ago Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers archgolang
CVE-2020-13935 high 8.0 4y ago The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could t… archsusedebianjava
CVE-2020-13934 high 8.0 4y ago Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat archsusedebianjava
CVE-2020-8927 high 8.0 5y ago Important: .NET 5.0 security and bugfix update debianarchsuserockylinux+4
CVE-2020-25717 high 8.0 5y ago Important: samba security update archsuserockylinuxdebian