VIR Vulnerability Intelligence Relay

CVEs from 2020

4,160 normalized CVEs published or assigned in this year.

Total
4,160
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%

Top vendors

Top products

  • banking_digital_experience 30
  • retail_xstore_point_of_service 28
  • primavera_unifier 27
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 10
  • communications_network_charging_and_control 10
  • communications_contacts_server 9
  • agile_plm 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-6484 high 8.0 multiple issues in chromium archdebian
CVE-2020-6485 high 8.0 multiple issues in chromium archdebian
CVE-2020-6475 high 8.0 multiple issues in chromium archdebian
CVE-2020-6480 high 8.0 multiple issues in chromium archdebian
CVE-2020-6471 high 8.0 multiple issues in chromium archdebian
CVE-2020-6469 high 8.0 multiple issues in chromium archdebian
CVE-2020-6476 high 8.0 multiple issues in chromium archdebian
CVE-2020-6444 high 8.0 multiple issues in chromium archdebian
CVE-2020-8835 high 8.0 In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel … archsusedebian
CVE-2020-6437 high 8.0 multiple issues in chromium archdebian
CVE-2020-6470 high 8.0 multiple issues in chromium archdebian
CVE-2020-6462 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6448 high 8.0 multiple issues in chromium archdebian
CVE-2020-6465 high 8.0 multiple issues in chromium archdebian
CVE-2020-6831 high 8.0 arbitrary code execution in chromium archdebiansuse
CVE-2020-6461 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6447 high 8.0 multiple issues in chromium archdebian
CVE-2020-6445 high 8.0 multiple issues in chromium archdebian
CVE-2020-6464 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6459 high 8.0 multiple issues in chromium archdebian
CVE-2020-6446 high 8.0 multiple issues in chromium archdebian
CVE-2020-6460 high 8.0 multiple issues in chromium archdebian
CVE-2020-6456 high 8.0 multiple issues in chromium archdebian
CVE-2020-6439 high 8.0 multiple issues in chromium archdebian
CVE-2020-6442 high 8.0 multiple issues in chromium archdebian
CVE-2020-28024 high 8.0 Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can … archdebian
CVE-2020-16033 high 8.0 multiple issues in chromium archdebian
CVE-2020-16034 high 8.0 multiple issues in chromium archdebian
CVE-2020-27187 high 8.0 An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker … archdebian
CVE-2020-28021 high 8.0 Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code executi… archdebian
CVE-2020-28022 high 8.0 Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands. archdebian
CVE-2020-28012 high 8.0 Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag. archdebian
CVE-2020-6576 high 8.0 multiple issues in chromium archdebian
CVE-2020-28007 high 8.0 Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting crit… archdebian
CVE-2020-6495 high 8.0 multiple issues in chromium archdebian
CVE-2020-6505 high 8.0 Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. archdebian
CVE-2020-6494 high 8.0 multiple issues in chromium archdebian
CVE-2020-6473 high 8.0 multiple issues in chromium archdebian
CVE-2020-6466 high 8.0 multiple issues in chromium archdebian
CVE-2020-6454 high 8.0 multiple issues in chromium archdebian
CVE-2020-6451 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6426 high 8.0 multiple issues in chromium archdebian
CVE-2020-6514 high 8.0 Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. archdebiansuse
CVE-2020-8616 high 8.0 A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause … debianarchsuse
CVE-2020-16041 high 8.0 multiple issues in chromium archdebian
CVE-2020-15962 high 8.0 multiple issues in chromium archdebian
CVE-2020-28015 high 8.0 Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character. archdebian
CVE-2020-35701 high 8.0 An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id paramete… archdebian
CVE-2020-24512 high 8.0 Important: microcode_ctl security, bug fix and enhancement update archsusedebianrockylinux
CVE-2020-24511 high 8.0 Important: microcode_ctl security, bug fix and enhancement update archsuserockylinuxdebian
CVE-2020-28013 high 8.0 Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the i… archdebian
CVE-2020-25685 high 8.0 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only u… archdebiansuse
CVE-2020-15238 high 8.0 Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depe… debianarch
CVE-2020-11008 high 8.0 Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q… archsusedebian
CVE-2020-26976 high 8.0 When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe … archsusedebian
CVE-2020-15953 high 8.0 LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the clien… archdebian
CVE-2020-16040 high 8.0 multiple issues in chromium archdebian
CVE-2020-16039 high 8.0 multiple issues in chromium archdebian
CVE-2020-15888 high 8.0 Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free. archsusedebian
CVE-2020-25687 high 8.0 A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a rem… archsusedebian
CVE-2020-25684 high 8.0 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pendin… archdebiansuse
CVE-2020-6443 high 8.0 multiple issues in chromium archdebian
CVE-2020-6441 high 8.0 multiple issues in chromium archdebian
CVE-2020-12407 high 8.0 Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the u… archsusedebian
CVE-2020-25829 high 8.0 An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSS… archdebian
CVE-2020-26970 high 8.0 When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, … archdebian
CVE-2020-15675 high 8.0 When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81. archsusedebian
CVE-2020-13871 high 8.0 SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. archdebian
CVE-2020-14387 high 8.0 A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing… archdebian
CVE-2020-15166 high 8.0 In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and con… archdebian
CVE-2020-25683 high 8.0 A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who… archsusedebian
CVE-2020-9383 high 8.0 An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before a… archsusedebian
CVE-2020-26555 high 8.0 2y ago Important: kernel security, bug fix, and enhancement update archredhatrockylinuxsuse
CVE-2020-22219 high 8.0 3y ago Important: flac security update redhatsusedebian
CVE-2020-28367 high 8.0 4y ago Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. archsusedebiangolang
CVE-2020-28366 high 8.0 4y ago Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. archsusedebiangolang
CVE-2020-28915 high 8.0 4y ago A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. suserockylinuxdebian
CVE-2020-27838 high 8.0 4y ago Keycloak discloses information without authentication archjava
CVE-2020-7613 high 8.0 4y ago Clamscan vulnerable to command injection archnpm
CVE-2020-13974 high 8.0 4y ago An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in th… suserockylinuxdebian
CVE-2020-27820 high 8.0 4y ago A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-o… suserockylinuxdebian
CVE-2020-0404 high 8.0 4y ago In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional e… suserockylinuxdebian
CVE-2020-4788 high 8.0 4y ago IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. suserockylinuxdebian
CVE-2020-10734 high 8.0 4y ago OIDC Logout redirect in keycloak archjava
CVE-2020-13692 high 8.0 4y ago Improper Restriction of XML External Entity Reference susedebianrockylinuxjava
CVE-2020-1717 high 8.0 4y ago Generation of Error Message Containing Sensitive Information in Keycloak archjava
CVE-2020-1725 high 8.0 4y ago Incorrect Authorization in keycloak archjava
CVE-2020-1714 high 8.0 4y ago Improper Input Validation in Keycloak archjava
CVE-2020-14359 high 8.0 4y ago Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers archgolang
CVE-2020-13935 high 8.0 4y ago Infinite Loop in Apache Tomcat archsusedebianjava
CVE-2020-13934 high 8.0 4y ago Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat archsusedebianjava
CVE-2020-8927 high 8.0 5y ago Important: .NET 5.0 security and bugfix update debianarchsuserockylinux+4
CVE-2020-25717 high 8.0 5y ago Important: samba security update archsuserockylinuxdebian
CVE-2020-36385 high 8.0 5y ago An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_… suserockylinuxdebian
CVE-2020-14765 high 8.0 5y ago Important: mariadb:10.3 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2020-13675 high 8.0 5y ago Unrestricted Upload of File with Dangerous Type in Drupal core archphp
CVE-2020-13673 high 8.0 5y ago The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it i… archphp
CVE-2020-13677 high 8.0 5y ago Drupal core access bypass vulnerability archphp
CVE-2020-13676 high 8.0 5y ago Incorrect Authorization in Drupal core archphp
CVE-2020-13674 high 8.0 5y ago Cross-Site Request Forgery in Drupal core archphp