VIR Vulnerability Intelligence Relay

CVEs from 2020

4,156 normalized CVEs published or assigned in this year.

Total
4,156
critical
critical 193
high
high 470
medium
medium 674
low
low 57
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%

Top vendors

Top products

  • banking_digital_experience 30
  • retail_xstore_point_of_service 28
  • primavera_unifier 27
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 10
  • communications_network_charging_and_control 10
  • communications_contacts_server 9
  • agile_plm 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-6487 high 8.0 multiple issues in chromium archdebian
CVE-2020-6486 high 8.0 multiple issues in chromium archdebian
CVE-2020-6484 high 8.0 multiple issues in chromium archdebian
CVE-2020-6485 high 8.0 multiple issues in chromium archdebian
CVE-2020-6475 high 8.0 multiple issues in chromium archdebian
CVE-2020-6480 high 8.0 multiple issues in chromium archdebian
CVE-2020-6471 high 8.0 multiple issues in chromium archdebian
CVE-2020-6469 high 8.0 multiple issues in chromium archdebian
CVE-2020-6476 high 8.0 multiple issues in chromium archdebian
CVE-2020-6444 high 8.0 multiple issues in chromium archdebian
CVE-2020-6440 high 8.0 multiple issues in chromium archdebian
CVE-2020-6437 high 8.0 multiple issues in chromium archdebian
CVE-2020-6470 high 8.0 multiple issues in chromium archdebian
CVE-2020-6462 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6448 high 8.0 multiple issues in chromium archdebian
CVE-2020-6465 high 8.0 multiple issues in chromium archdebian
CVE-2020-6831 high 8.0 arbitrary code execution in chromium archdebiansuse
CVE-2020-6461 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6447 high 8.0 multiple issues in chromium archdebian
CVE-2020-6445 high 8.0 multiple issues in chromium archdebian
CVE-2020-6464 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6459 high 8.0 multiple issues in chromium archdebian
CVE-2020-6446 high 8.0 multiple issues in chromium archdebian
CVE-2020-6460 high 8.0 multiple issues in chromium archdebian
CVE-2020-6456 high 8.0 multiple issues in chromium archdebian
CVE-2020-6439 high 8.0 multiple issues in chromium archdebian
CVE-2020-6442 high 8.0 multiple issues in chromium archdebian
CVE-2020-6438 high 8.0 multiple issues in chromium archdebian
CVE-2020-6436 high 8.0 multiple issues in chromium archdebian
CVE-2020-6425 high 8.0 multiple issues in chromium archdebian
CVE-2020-6435 high 8.0 multiple issues in chromium archdebian
CVE-2020-6433 high 8.0 multiple issues in chromium archdebian
CVE-2020-6432 high 8.0 multiple issues in chromium archdebian
CVE-2020-6431 high 8.0 multiple issues in chromium archdebian
CVE-2020-6430 high 8.0 multiple issues in chromium archdebian
CVE-2020-6452 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6428 high 8.0 multiple issues in chromium archdebian
CVE-2020-6407 high 8.0 multiple issues in chromium archdebian
CVE-2020-6450 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6429 high 8.0 multiple issues in chromium archdebian
CVE-2020-6422 high 8.0 multiple issues in chromium archdebian
CVE-2020-6449 high 8.0 multiple issues in chromium archdebian
CVE-2020-6427 high 8.0 multiple issues in chromium archdebian
CVE-2020-6424 high 8.0 multiple issues in chromium archdebian
CVE-2020-6505 high 8.0 Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. archdebian
CVE-2020-6466 high 8.0 multiple issues in chromium archdebian
CVE-2020-35733 high 8.0 certificate verification bypass in erlang archdebian
CVE-2020-15962 high 8.0 multiple issues in chromium archdebian
CVE-2020-6455 high 8.0 multiple issues in chromium archdebian
CVE-2020-6458 high 8.0 multiple issues in chromium archdebian
CVE-2020-16022 high 8.0 multiple issues in chromium archdebian
CVE-2020-26976 high 8.0 When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe … archsusedebian
CVE-2020-26971 high 8.0 Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefo… archsusedebian
CVE-2020-9383 high 8.0 An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before a… archsusedebian
CVE-2020-8835 high 8.0 In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel … archsusedebian
CVE-2020-2732 high 8.0 A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 gu… archsusedebian
CVE-2020-16119 high 8.0 Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ub… archsusedebian
CVE-2020-14386 high 8.0 A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data conf… archsusedebian
CVE-2020-6579 high 8.0 multiple issues in chromium arch
CVE-2020-28016 high 8.0 Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase. archdebian
CVE-2020-13398 high 8.0 An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. archdebian
CVE-2020-25829 high 8.0 An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSS… archdebian
CVE-2020-26979 high 8.0 When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the d… archsusedebian
CVE-2020-16043 high 8.0 multiple issues in chromium archdebian
CVE-2020-6474 high 8.0 multiple issues in chromium archdebian
CVE-2020-16030 high 8.0 multiple issues in chromium archdebian
CVE-2020-16042 high 8.0 multiple issues in chromium archdebiansuse
CVE-2020-16040 high 8.0 multiple issues in chromium archdebian
CVE-2020-10760 high 8.0 A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba. archsusedebian
CVE-2020-16038 high 8.0 multiple issues in chromium archdebian
CVE-2020-26164 high 8.0 In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a De… archdebian
CVE-2020-6472 high 8.0 multiple issues in chromium archdebian
CVE-2020-16021 high 8.0 multiple issues in chromium archdebian
CVE-2020-14302 high 8.0 multiple issues in keycloak arch
CVE-2020-16016 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-16020 high 8.0 multiple issues in chromium archdebian
CVE-2020-15966 high 8.0 multiple issues in chromium archdebian
CVE-2020-25686 high 8.0 A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of … archdebiansuse
CVE-2020-35176 high 8.0 In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf fo… debianarch
CVE-2020-1971 high 8.0 The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares d… archsusedebian
CVE-2020-8616 high 8.0 A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause … debianarchsuse
CVE-2020-6574 high 8.0 multiple issues in chromium archdebian
CVE-2020-16012 high 8.0 multiple issues in chromium archdebiansuse
CVE-2020-25687 high 8.0 A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a rem… archsusedebian
CVE-2020-4032 high 8.0 In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1… archsusedebian
CVE-2020-16031 high 8.0 multiple issues in chromium archdebian
CVE-2020-16025 high 8.0 multiple issues in chromium archdebian
CVE-2020-12407 high 8.0 Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the u… archsusedebian
CVE-2020-16037 high 8.0 multiple issues in chromium archdebian
CVE-2020-15964 high 8.0 multiple issues in chromium archdebian
CVE-2020-27187 high 8.0 An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker … archdebian
CVE-2020-16033 high 8.0 multiple issues in chromium archdebian
CVE-2020-15678 high 8.0 When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClipped… archsusedebian
CVE-2020-16035 high 8.0 multiple issues in chromium archdebian
CVE-2020-35702 high 8.0 DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones … archdebian
CVE-2020-15656 high 8.0 JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only … archsusedebian
CVE-2020-27780 high 8.0 A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of … archsusedebian
CVE-2020-26414 high 8.0 multiple issues in gitlab arch
CVE-2020-0556 high 8.0 Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access debianarchsuse
CVE-2020-36329 high 8.0 A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and inte… suserockylinuxdebian