VIR Vulnerability Intelligence Relay

CVEs from 2020

4,160 normalized CVEs published or assigned in this year.

Total
4,160
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%

Top vendors

Top products

  • banking_digital_experience 30
  • retail_xstore_point_of_service 28
  • primavera_unifier 27
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 10
  • communications_network_charging_and_control 10
  • communications_contacts_server 9
  • agile_plm 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-35701 high 8.0 An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id paramete… archdebian
CVE-2020-26970 high 8.0 When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, … archdebian
CVE-2020-12663 high 8.0 Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. archsusedebian
CVE-2020-12662 high 8.0 Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. archsusedebian
CVE-2020-28018 high 8.0 Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL. archdebian
CVE-2020-27780 high 8.0 A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of … archsusedebian
CVE-2020-15676 high 8.0 Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditabl… archdebian
CVE-2020-6478 high 8.0 multiple issues in chromium archdebian
CVE-2020-16033 high 8.0 multiple issues in chromium archdebian
CVE-2020-25682 high 8.0 A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the n… archsusedebian
CVE-2020-8616 high 8.0 A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause … debianarchsuse
CVE-2020-10188 high 8.0 utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem … archsusedebian
CVE-2020-24513 high 8.0 Important: microcode_ctl security, bug fix and enhancement update archsusedebianrockylinux
CVE-2020-24489 high 8.0 Important: microcode_ctl security, bug fix and enhancement update archsusedebianrockylinux
CVE-2020-0549 high 8.0 Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. archsuserockylinuxdebian
CVE-2020-25683 high 8.0 A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who… archsusedebian
CVE-2020-25681 high 8.0 A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge… archsusedebian
CVE-2020-8169 high 8.0 curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). archdebiansuse
CVE-2020-4032 high 8.0 In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1… archsusedebian
CVE-2020-26262 high 8.0 Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.… archdebian
CVE-2020-14302 high 8.0 multiple issues in keycloak arch
CVE-2020-35702 high 8.0 DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones … archdebian
CVE-2020-15960 high 8.0 multiple issues in chromium archdebian
CVE-2020-6575 high 8.0 multiple issues in chromium archdebian
CVE-2020-6482 high 8.0 multiple issues in chromium archdebian
CVE-2020-6477 high 8.0 multiple issues in chromium archdebian
CVE-2020-15995 high 8.0 multiple issues in chromium archdebian
CVE-2020-16032 high 8.0 multiple issues in chromium archdebian
CVE-2020-16043 high 8.0 multiple issues in chromium archdebian
CVE-2020-16028 high 8.0 multiple issues in chromium archdebian
CVE-2020-16026 high 8.0 multiple issues in chromium archdebian
CVE-2020-16035 high 8.0 multiple issues in chromium archdebian
CVE-2020-16042 high 8.0 multiple issues in chromium archdebiansuse
CVE-2020-16027 high 8.0 multiple issues in chromium archdebian
CVE-2020-16038 high 8.0 multiple issues in chromium archdebian
CVE-2020-16036 high 8.0 multiple issues in chromium archdebian
CVE-2020-16031 high 8.0 multiple issues in chromium archdebian
CVE-2020-16014 high 8.0 multiple issues in chromium archdebian
CVE-2020-16037 high 8.0 multiple issues in chromium archdebian
CVE-2020-16019 high 8.0 multiple issues in chromium archdebian
CVE-2020-16030 high 8.0 multiple issues in chromium archdebian
CVE-2020-16025 high 8.0 multiple issues in chromium archdebian
CVE-2020-16024 high 8.0 multiple issues in chromium archdebian
CVE-2020-15656 high 8.0 JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only … archsusedebian
CVE-2020-16021 high 8.0 multiple issues in chromium archdebian
CVE-2020-16020 high 8.0 multiple issues in chromium archdebian
CVE-2020-16018 high 8.0 multiple issues in chromium archdebian
CVE-2020-16012 high 8.0 multiple issues in chromium archdebiansuse
CVE-2020-16016 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-15966 high 8.0 multiple issues in chromium archdebian
CVE-2020-15963 high 8.0 multiple issues in chromium archdebian
CVE-2020-15964 high 8.0 multiple issues in chromium archdebian
CVE-2020-6574 high 8.0 multiple issues in chromium archdebian
CVE-2020-15961 high 8.0 multiple issues in chromium archdebian
CVE-2020-6490 high 8.0 multiple issues in chromium archdebian
CVE-2020-6483 high 8.0 multiple issues in chromium archdebian
CVE-2020-6481 high 8.0 multiple issues in chromium archdebian
CVE-2020-6468 high 8.0 multiple issues in chromium archdebian
CVE-2020-6573 high 8.0 multiple issues in chromium archdebian
CVE-2020-6496 high 8.0 multiple issues in chromium archdebian
CVE-2020-6493 high 8.0 multiple issues in chromium archdebian
CVE-2020-6509 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6491 high 8.0 multiple issues in chromium archdebian
CVE-2020-6489 high 8.0 multiple issues in chromium archdebian
CVE-2020-6488 high 8.0 multiple issues in chromium archdebian
CVE-2020-6487 high 8.0 multiple issues in chromium archdebian
CVE-2020-6486 high 8.0 multiple issues in chromium archdebian
CVE-2020-6484 high 8.0 multiple issues in chromium archdebian
CVE-2020-6485 high 8.0 multiple issues in chromium archdebian
CVE-2020-6475 high 8.0 multiple issues in chromium archdebian
CVE-2020-6480 high 8.0 multiple issues in chromium archdebian
CVE-2020-6471 high 8.0 multiple issues in chromium archdebian
CVE-2020-6469 high 8.0 multiple issues in chromium archdebian
CVE-2020-6476 high 8.0 multiple issues in chromium archdebian
CVE-2020-6444 high 8.0 multiple issues in chromium archdebian
CVE-2020-6440 high 8.0 multiple issues in chromium archdebian
CVE-2020-6437 high 8.0 multiple issues in chromium archdebian
CVE-2020-6470 high 8.0 multiple issues in chromium archdebian
CVE-2020-6462 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6448 high 8.0 multiple issues in chromium archdebian
CVE-2020-6465 high 8.0 multiple issues in chromium archdebian
CVE-2020-6831 high 8.0 arbitrary code execution in chromium archdebiansuse
CVE-2020-6461 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6447 high 8.0 multiple issues in chromium archdebian
CVE-2020-6445 high 8.0 multiple issues in chromium archdebian
CVE-2020-6464 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6459 high 8.0 multiple issues in chromium archdebian
CVE-2020-6446 high 8.0 multiple issues in chromium archdebian
CVE-2020-6460 high 8.0 multiple issues in chromium archdebian
CVE-2020-6456 high 8.0 multiple issues in chromium archdebian
CVE-2020-6439 high 8.0 multiple issues in chromium archdebian
CVE-2020-6442 high 8.0 multiple issues in chromium archdebian
CVE-2020-6438 high 8.0 multiple issues in chromium archdebian
CVE-2020-6436 high 8.0 multiple issues in chromium archdebian
CVE-2020-6425 high 8.0 multiple issues in chromium archdebian
CVE-2020-6435 high 8.0 multiple issues in chromium archdebian
CVE-2020-6433 high 8.0 multiple issues in chromium archdebian
CVE-2020-6432 high 8.0 multiple issues in chromium archdebian
CVE-2020-6431 high 8.0 multiple issues in chromium archdebian
CVE-2020-6430 high 8.0 multiple issues in chromium archdebian