VIR Vulnerability Intelligence Relay

CVEs from 2020

4,160 normalized CVEs published or assigned in this year.

Total
4,160
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%

Top vendors

Top products

  • banking_digital_experience 30
  • retail_xstore_point_of_service 28
  • primavera_unifier 27
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 10
  • communications_network_charging_and_control 10
  • communications_contacts_server 9
  • agile_plm 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-6437 high 8.0 multiple issues in chromium archdebian
CVE-2020-15659 high 8.0 Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enoug… archsusedebian
CVE-2020-6831 high 8.0 arbitrary code execution in chromium archdebiansuse
CVE-2020-15962 high 8.0 multiple issues in chromium archdebian
CVE-2020-6445 high 8.0 multiple issues in chromium archdebian
CVE-2020-13114 high 8.0 An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. archsusedebian
CVE-2020-6456 high 8.0 multiple issues in chromium archdebian
CVE-2020-16119 high 8.0 Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ub… archsusedebian
CVE-2020-12663 high 8.0 Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. archsusedebian
CVE-2020-6425 high 8.0 multiple issues in chromium archdebian
CVE-2020-25685 high 8.0 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only u… archdebiansuse
CVE-2020-24511 high 8.0 Important: microcode_ctl security, bug fix and enhancement update archsuserockylinuxdebian
CVE-2020-6428 high 8.0 multiple issues in chromium archdebian
CVE-2020-6407 high 8.0 multiple issues in chromium archdebian
CVE-2020-6429 high 8.0 multiple issues in chromium archdebian
CVE-2020-6449 high 8.0 multiple issues in chromium archdebian
CVE-2020-6576 high 8.0 multiple issues in chromium archdebian
CVE-2020-6444 high 8.0 multiple issues in chromium archdebian
CVE-2020-6469 high 8.0 multiple issues in chromium archdebian
CVE-2020-15964 high 8.0 multiple issues in chromium archdebian
CVE-2020-6480 high 8.0 multiple issues in chromium archdebian
CVE-2020-6485 high 8.0 multiple issues in chromium archdebian
CVE-2020-6574 high 8.0 multiple issues in chromium archdebian
CVE-2020-0543 high 8.0 Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. archsusedebianrockylinux
CVE-2020-6486 high 8.0 multiple issues in chromium archdebian
CVE-2020-36329 high 8.0 A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and inte… suserockylinuxdebian
CVE-2020-16041 high 8.0 multiple issues in chromium archdebian
CVE-2020-6491 high 8.0 multiple issues in chromium archdebian
CVE-2020-6509 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6493 high 8.0 multiple issues in chromium archdebian
CVE-2020-15674 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archsusedebian
CVE-2020-8169 high 8.0 curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). archdebiansuse
CVE-2020-6468 high 8.0 multiple issues in chromium archdebian
CVE-2020-6481 high 8.0 multiple issues in chromium archdebian
CVE-2020-6490 high 8.0 multiple issues in chromium archdebian
CVE-2020-15811 high 8.0 An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poi… suserockylinuxdebian
CVE-2020-4032 high 8.0 In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1… archsusedebian
CVE-2020-28013 high 8.0 Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the i… archdebian
CVE-2020-16025 high 8.0 multiple issues in chromium archdebian
CVE-2020-16016 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-15166 high 8.0 In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and con… archdebian
CVE-2020-15810 high 8.0 An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poi… suserockylinuxdebian
CVE-2020-28015 high 8.0 Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character. archdebian
CVE-2020-24512 high 8.0 Important: microcode_ctl security, bug fix and enhancement update archsusedebianrockylinux
CVE-2020-16038 high 8.0 multiple issues in chromium archdebian
CVE-2020-16022 high 8.0 multiple issues in chromium archdebian
CVE-2020-5260 high 8.0 Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store … archsusedebian
CVE-2020-12352 high 8.0 Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. archsusedebian
CVE-2020-16037 high 8.0 multiple issues in chromium archdebian
CVE-2020-16031 high 8.0 multiple issues in chromium archdebian
CVE-2020-26974 high 8.0 When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a poten… archsusedebian
CVE-2020-28012 high 8.0 Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag. archdebian
CVE-2020-24490 high 8.0 Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ. archsusedebian
CVE-2020-16042 high 8.0 multiple issues in chromium archdebiansuse
CVE-2020-12351 high 8.0 Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. archsusedebian
CVE-2020-16028 high 8.0 multiple issues in chromium archdebian
CVE-2020-16043 high 8.0 multiple issues in chromium archdebian
CVE-2020-26976 high 8.0 When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe … archsusedebian
CVE-2020-35111 high 8.0 When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a us… archsusedebian
CVE-2020-28926 high 8.0 ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug re… archdebian
CVE-2020-6477 high 8.0 multiple issues in chromium archdebian
CVE-2020-27187 high 8.0 An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker … archdebian
CVE-2020-16032 high 8.0 multiple issues in chromium archdebian
CVE-2020-15995 high 8.0 multiple issues in chromium archdebian
CVE-2020-15960 high 8.0 multiple issues in chromium archdebian
CVE-2020-28019 high 8.0 Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a clien… archdebian
CVE-2020-6575 high 8.0 multiple issues in chromium archdebian
CVE-2020-15673 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archsusedebian
CVE-2020-16030 high 8.0 multiple issues in chromium archdebian
CVE-2020-15675 high 8.0 When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81. archsusedebian
CVE-2020-8616 high 8.0 A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause … debianarchsuse
CVE-2020-16040 high 8.0 multiple issues in chromium archdebian
CVE-2020-6482 high 8.0 multiple issues in chromium archdebian
CVE-2020-16014 high 8.0 multiple issues in chromium archdebian
CVE-2020-28026 high 8.0 Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline … archdebian
CVE-2020-23171 high 8.0 multiple issues in nim arch
CVE-2020-15676 high 8.0 Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditabl… archdebian
CVE-2020-11008 high 8.0 Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q… archsusedebian
CVE-2020-8625 high 8.0 BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not … debianarchsuse
CVE-2020-12767 high 8.0 exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. archsusedebian
CVE-2020-25684 high 8.0 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pendin… archdebiansuse
CVE-2020-24654 high 8.0 arbitrary filesystem access in ark debianarch
CVE-2020-4031 high 8.0 In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2. archsusedebian
CVE-2020-16027 high 8.0 multiple issues in chromium archdebian
CVE-2020-15888 high 8.0 Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free. archsusedebian
CVE-2020-15966 high 8.0 multiple issues in chromium archdebian
CVE-2020-15963 high 8.0 multiple issues in chromium archdebian
CVE-2020-14303 high 8.0 A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. archsusedebian
CVE-2020-13398 high 8.0 An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. archdebian
CVE-2020-15961 high 8.0 multiple issues in chromium archdebian
CVE-2020-6467 high 8.0 multiple issues in chromium archdebian
CVE-2020-6483 high 8.0 multiple issues in chromium archdebian
CVE-2020-35680 high 8.0 smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of cl… archdebian
CVE-2020-16021 high 8.0 multiple issues in chromium archdebian
CVE-2020-6573 high 8.0 multiple issues in chromium archdebian
CVE-2020-6496 high 8.0 multiple issues in chromium archdebian
CVE-2020-25687 high 8.0 A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a rem… archsusedebian
CVE-2020-16024 high 8.0 multiple issues in chromium archdebian
CVE-2020-10730 high 8.0 A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped wit… archsusedebian
CVE-2020-6489 high 8.0 multiple issues in chromium archdebian