VIR Vulnerability Intelligence Relay

CVEs from 2020

4,160 normalized CVEs published or assigned in this year.

Total
4,160
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%

Top vendors

Top products

  • banking_digital_experience 30
  • retail_xstore_point_of_service 28
  • primavera_unifier 27
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 10
  • communications_network_charging_and_control 10
  • communications_contacts_server 9
  • agile_plm 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-36385 high 8.0 5y ago An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_… suserockylinuxdebian
CVE-2020-14765 high 8.0 5y ago Important: mariadb:10.3 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2020-13675 high 8.0 5y ago Unrestricted Upload of File with Dangerous Type in Drupal core archphp
CVE-2020-13673 high 8.0 5y ago The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it i… archphp
CVE-2020-13677 high 8.0 5y ago Drupal core access bypass vulnerability archphp
CVE-2020-13676 high 8.0 5y ago Incorrect Authorization in Drupal core archphp
CVE-2020-13674 high 8.0 5y ago Cross-Site Request Forgery in Drupal core archphp
CVE-2020-26265 high 8.0 5y ago Consensus flaw in github.com/ethereum/go-ethereum archgolang
CVE-2020-26541 high 8.0 5y ago The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. archsuserockylinuxdebian
CVE-2020-15257 high 8.0 5y ago containerd-shim API Exposed to Host Network Containers in github.com/containerd/containerd archdebiansusegolang
CVE-2020-10696 high 8.0 5y ago Important: container-tools:2.0 security update susedebianrockylinuxgolang
CVE-2020-25097 high 8.0 5y ago Important: squid:4 security update suserockylinuxdebian
CVE-2020-25284 high 8.0 5y ago The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map … susedebian
CVE-2020-24394 high 8.0 5y ago In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs be… susedebian
CVE-2020-36322 high 8.0 5y ago An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a … susedebianalmalinux
CVE-2020-25704 high 8.0 5y ago A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denia… archsusedebianalmalinux
CVE-2020-27835 high 8.0 5y ago A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash… archsusedebianalmalinux
CVE-2020-25212 high 8.0 5y ago A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nf… susedebian
CVE-2020-25643 high 8.0 5y ago A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function wh… susedebian
CVE-2020-27786 high 8.0 5y ago A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue.… susedebianalmalinux
CVE-2020-35508 high 8.0 5y ago A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local… susedebianalmalinux
CVE-2020-28974 high 8.0 5y ago A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs … archsusedebianalmalinux
CVE-2020-25285 high 8.0 5y ago A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly hav… susedebian
CVE-2020-12464 high 8.0 5y ago usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. susedebian
CVE-2020-12114 high 8.0 5y ago A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to … susedebian
CVE-2020-0431 high 8.0 5y ago In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. U… susedebian
CVE-2020-12362 high 8.0 5y ago Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a… susedebianrockylinux
CVE-2020-15437 high 8.0 5y ago The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service… susedebian
CVE-2020-11608 high 8.0 5y ago An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoin… susedebian
CVE-2020-14314 high 8.0 5y ago A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to… susedebian
CVE-2020-14356 high 8.0 5y ago A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or e… susedebian
CVE-2020-12364 high 8.0 5y ago Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a den… susedebianrockylinux
CVE-2020-12363 high 8.0 5y ago Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial o… susedebianrockylinux
CVE-2020-28052 high 8.0 5y ago Logic error in Legion of the Bouncy Castle BC Java archdebianjava
CVE-2020-28468 high 8.0 5y ago This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code ex… archpython
CVE-2020-28362 high 8.0 5y ago Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. archsusedebiangolang
CVE-2020-0466 high 8.0 5y ago In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privilege… susedebian
CVE-2020-27152 high 8.0 5y ago An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge trigg… susedebian
CVE-2020-28374 high 8.0 5y ago In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via direct… archsusedebian
CVE-2020-35517 high 8.0 5y ago Important: virt:rhel and virt-devel:rhel security update rockylinuxdebian
CVE-2020-14351 high 8.0 5y ago A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly esca… susedebian
CVE-2020-25705 high 8.0 5y ago A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Soft… susedebian
CVE-2020-29661 high 8.0 5y ago A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. archsusedebian
CVE-2020-17525 high 8.0 5y ago Important: subversion:1.10 security update archsuserockylinuxdebian
CVE-2020-1720 high 8.0 6y ago Important: postgresql:12 security update suserockylinux
CVE-2020-25695 high 8.0 6y ago Important: postgresql:12 security update archsuserockylinuxdebian
CVE-2020-14350 high 8.0 6y ago Important: postgresql:12 security update suserockylinux
CVE-2020-25694 high 8.0 6y ago Important: postgresql:12 security update archsuserockylinuxdebian
CVE-2020-14349 high 8.0 6y ago Important: postgresql:12 security update suserockylinux
CVE-2020-25696 high 8.0 6y ago Important: postgresql:12 security update archsuserockylinuxdebian
CVE-2020-13249 high 8.0 6y ago Important: mariadb:10.3 security, bug fix, and enhancement update suserockylinux
CVE-2020-15180 high 8.0 6y ago Important: mariadb:10.3 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2020-0452 high 8.0 6y ago Important: libexif security update archsusedebianrockylinux
CVE-2020-17521 high 8.0 6y ago Information Disclosure in Apache Groovy archsusedebianjava
CVE-2020-26890 high 8.0 6y ago Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service atta… archdebianpython
CVE-2020-26891 high 8.0 6y ago AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Syn… archdebianpython
CVE-2020-6506 high 8.0 6y ago Android WebView Universal Cross-site Scripting archdebiannpm
CVE-2020-36327 high 8.0 6y ago Important: ruby:2.5 security update archsuserockylinuxdebian+1
CVE-2020-14364 high 8.0 6y ago Important: virt:rhel security update suserockylinuxdebian
CVE-2020-14597 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2760 high 8.0 6y ago Important: mariadb:10.3 security, bug fix, and enhancement update rockylinuxalmalinux
CVE-2020-14633 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14634 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14641 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2780 high 8.0 6y ago Important: mariadb:10.3 security, bug fix, and enhancement update rockylinuxalmalinux
CVE-2020-2926 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2660 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2930 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2580 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14654 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14663 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14680 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14624 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14614 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2570 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2679 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14725 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14567 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2779 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2904 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2893 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2573 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14619 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2812 high 8.0 6y ago Important: mariadb:10.3 security, bug fix, and enhancement update rockylinuxalmalinux
CVE-2020-14547 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2903 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2892 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2898 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14632 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2763 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14568 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2925 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2814 high 8.0 6y ago Important: mariadb:10.3 security, bug fix, and enhancement update rockylinuxalmalinux
CVE-2020-14799 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxdebianalmalinux
CVE-2020-2853 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2921 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14620 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14539 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14651 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2897 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux