VIR Vulnerability Intelligence Relay

CVEs from 2020

4,634 normalized CVEs published or assigned in this year.

Total
4,634
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.2%
% with KEV
3.2%
% with exploit
3.2%

Top vendors

Top products

  • banking_digital_experience 30
  • retail_xstore_point_of_service 28
  • primavera_unifier 27
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 10
  • communications_network_charging_and_control 10
  • communications_contacts_server 9
  • agile_plm 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-11112 high 8.8 8.8 6y ago jackson-databind mishandles the interaction between serialization gadgets and typing debianjavaoracle
CVE-2020-37221 high 8.4 8.4 15d ago Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Cloc…
CVE-2020-37244 high 8.2 8.2 12d ago Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' p…
CVE-2020-37243 high 8.2 8.2 12d ago Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl acti…
CVE-2020-37242 high 8.2 8.2 12d ago Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parame…
CVE-2020-37218 high 8.2 8.2 15d ago Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the …
CVE-2020-37004 high 8.2 8.2 4mo ago The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attac…
CVE-2020-36183 high 8.1 8.1 6y ago Unsafe Deserialization in jackson-databind debianjavaoracle
CVE-2020-35728 high 8.1 8.1 6y ago Serialization gadget exploit in jackson-databind susedebianjavaoracle
CVE-2020-14060 high 8.1 8.1 6y ago Deserialization of untrusted data in Jackson Databind debianjavaoracle
CVE-2020-14062 high 8.1 8.1 6y ago Deserialization of untrusted data in Jackson Databind debianjavaoracle
CVE-2020-11619 high 8.1 8.1 6y ago jackson-databind mishandles the interaction between serialization gadgets and typing debianjavaoracle
CVE-2020-6462 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6514 high 8.0 Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. archdebiansuse
CVE-2020-6470 high 8.0 multiple issues in chromium archdebian
CVE-2020-15965 high 8.0 multiple issues in chromium archdebian
CVE-2020-6437 high 8.0 multiple issues in chromium archdebian
CVE-2020-6440 high 8.0 multiple issues in chromium archdebian
CVE-2020-15962 high 8.0 multiple issues in chromium archdebian
CVE-2020-16041 high 8.0 multiple issues in chromium archdebian
CVE-2020-6476 high 8.0 multiple issues in chromium archdebian
CVE-2020-6469 high 8.0 multiple issues in chromium archdebian
CVE-2020-15675 high 8.0 When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81. archsusedebian
CVE-2020-6426 high 8.0 multiple issues in chromium archdebian
CVE-2020-28015 high 8.0 Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character. archdebian
CVE-2020-35701 high 8.0 An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id paramete… archdebian
CVE-2020-12663 high 8.0 Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. archsusedebian
CVE-2020-24512 high 8.0 Important: microcode_ctl security, bug fix and enhancement update archsusedebianrockylinux
CVE-2020-6475 high 8.0 multiple issues in chromium archdebian
CVE-2020-6485 high 8.0 multiple issues in chromium archdebian
CVE-2020-6505 high 8.0 Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. archdebian
CVE-2020-6484 high 8.0 multiple issues in chromium archdebian
CVE-2020-25685 high 8.0 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only u… archdebiansuse
CVE-2020-24511 high 8.0 Important: microcode_ctl security, bug fix and enhancement update archsuserockylinuxdebian
CVE-2020-6486 high 8.0 multiple issues in chromium archdebian
CVE-2020-6480 high 8.0 multiple issues in chromium archdebian
CVE-2020-6471 high 8.0 multiple issues in chromium archdebian
CVE-2020-1716 high 8.0 Important: Rocky Enterprise Software Foundation Ceph Storage 4.1 security, bug fix, and enhancement update rockylinux
CVE-2020-6488 high 8.0 multiple issues in chromium archdebian
CVE-2020-28013 high 8.0 Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the i… archdebian
CVE-2020-28020 high 8.0 Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header… archdebian
CVE-2020-28017 high 8.0 Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of res… archdebian
CVE-2020-28014 high 8.0 Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten. archdebian
CVE-2020-6444 high 8.0 multiple issues in chromium archdebian
CVE-2020-6487 high 8.0 multiple issues in chromium archdebian
CVE-2020-6451 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6489 high 8.0 multiple issues in chromium archdebian
CVE-2020-16022 high 8.0 multiple issues in chromium archdebian
CVE-2020-28009 high 8.0 Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation … archdebian
CVE-2020-6491 high 8.0 multiple issues in chromium archdebian
CVE-2020-15238 high 8.0 Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depe… debianarch
CVE-2020-26970 high 8.0 When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, … archdebian
CVE-2020-6448 high 8.0 multiple issues in chromium archdebian
CVE-2020-16015 high 8.0 multiple issues in chromium archdebian
CVE-2020-26976 high 8.0 When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe … archsusedebian
CVE-2020-6509 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6493 high 8.0 multiple issues in chromium archdebian
CVE-2020-6454 high 8.0 multiple issues in chromium archdebian
CVE-2020-6573 high 8.0 multiple issues in chromium archdebian
CVE-2020-6496 high 8.0 multiple issues in chromium archdebian
CVE-2020-28025 high 8.0 Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might le… archdebian
CVE-2020-3123 high 8.0 A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service … archdebian
CVE-2020-26971 high 8.0 Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefo… archsusedebian
CVE-2020-28023 high 8.0 Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client. archdebian
CVE-2020-6468 high 8.0 multiple issues in chromium archdebian
CVE-2020-6481 high 8.0 multiple issues in chromium archdebian
CVE-2020-11008 high 8.0 Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q… archsusedebian
CVE-2020-6495 high 8.0 multiple issues in chromium archdebian
CVE-2020-15676 high 8.0 Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditabl… archdebian
CVE-2020-6483 high 8.0 multiple issues in chromium archdebian
CVE-2020-6490 high 8.0 multiple issues in chromium archdebian
CVE-2020-15953 high 8.0 LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the clien… archdebian
CVE-2020-6574 high 8.0 multiple issues in chromium archdebian
CVE-2020-24654 high 8.0 arbitrary filesystem access in ark debianarch
CVE-2020-15961 high 8.0 multiple issues in chromium archdebian
CVE-2020-28007 high 8.0 Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting crit… archdebian
CVE-2020-15166 high 8.0 In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and con… archdebian
CVE-2020-15964 high 8.0 multiple issues in chromium archdebian
CVE-2020-25829 high 8.0 An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSS… archdebian
CVE-2020-15963 high 8.0 multiple issues in chromium archdebian
CVE-2020-35733 high 8.0 certificate verification bypass in erlang archdebian
CVE-2020-28010 high 8.0 Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms). archdebian
CVE-2020-28011 high 8.0 Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root. archdebian
CVE-2020-15966 high 8.0 multiple issues in chromium archdebian
CVE-2020-16150 high 8.0 A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode … archdebian
CVE-2020-16016 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-12398 high 8.0 If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent … archdebian
CVE-2020-2732 high 8.0 A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 gu… archsusedebian
CVE-2020-28008 high 8.0 Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input s… archdebian
CVE-2020-16012 high 8.0 multiple issues in chromium archdebiansuse
CVE-2020-16018 high 8.0 multiple issues in chromium archdebian
CVE-2020-26262 high 8.0 Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.… archdebian
CVE-2020-16020 high 8.0 multiple issues in chromium archdebian
CVE-2020-16021 high 8.0 multiple issues in chromium archdebian
CVE-2020-6494 high 8.0 multiple issues in chromium archdebian
CVE-2020-16040 high 8.0 multiple issues in chromium archdebian
CVE-2020-16024 high 8.0 multiple issues in chromium archdebian
CVE-2020-16030 high 8.0 multiple issues in chromium archdebian
CVE-2020-16039 high 8.0 multiple issues in chromium archdebian
CVE-2020-16025 high 8.0 multiple issues in chromium archdebian