VIR Vulnerability Intelligence Relay

CVEs from 2020

4,354 normalized CVEs published or assigned in this year.

Total
4,354
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.4%
% with KEV
3.4%
% with exploit
3.4%

Top vendors

Top products

  • banking_digital_experience 30
  • retail_xstore_point_of_service 28
  • primavera_unifier 27
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 10
  • communications_network_charging_and_control 10
  • communications_contacts_server 9
  • agile_plm 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-15655 high 8.0 A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affe… archsusedebian
CVE-2020-6420 high 8.0 access restriction bypass in chromium archdebian
CVE-2020-16018 high 8.0 multiple issues in chromium archdebian
CVE-2020-16020 high 8.0 multiple issues in chromium archdebian
CVE-2020-16021 high 8.0 multiple issues in chromium archdebian
CVE-2020-16024 high 8.0 multiple issues in chromium archdebian
CVE-2020-35114 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2020-16025 high 8.0 multiple issues in chromium archdebian
CVE-2020-16030 high 8.0 multiple issues in chromium archdebian
CVE-2020-0543 high 8.0 Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. archsusedebianrockylinux
CVE-2020-16019 high 8.0 multiple issues in chromium archdebian
CVE-2020-16037 high 8.0 multiple issues in chromium archdebian
CVE-2020-16014 high 8.0 multiple issues in chromium archdebian
CVE-2020-16031 high 8.0 multiple issues in chromium archdebian
CVE-2020-26976 high 8.0 When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe … archsusedebian
CVE-2020-6426 high 8.0 multiple issues in chromium archdebian
CVE-2020-16022 high 8.0 multiple issues in chromium archdebian
CVE-2020-6514 high 8.0 Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. archdebiansuse
CVE-2020-16041 high 8.0 multiple issues in chromium archdebian
CVE-2020-15962 high 8.0 multiple issues in chromium archdebian
CVE-2020-12663 high 8.0 Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. archsusedebian
CVE-2020-6465 high 8.0 multiple issues in chromium archdebian
CVE-2020-6831 high 8.0 arbitrary code execution in chromium archdebiansuse
CVE-2020-6437 high 8.0 multiple issues in chromium archdebian
CVE-2020-6461 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6447 high 8.0 multiple issues in chromium archdebian
CVE-2020-6445 high 8.0 multiple issues in chromium archdebian
CVE-2020-24490 high 8.0 Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ. archsusedebian
CVE-2020-6464 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6459 high 8.0 multiple issues in chromium archdebian
CVE-2020-6446 high 8.0 multiple issues in chromium archdebian
CVE-2020-6476 high 8.0 multiple issues in chromium archdebian
CVE-2020-6460 high 8.0 multiple issues in chromium archdebian
CVE-2020-16119 high 8.0 Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ub… archsusedebian
CVE-2020-6440 high 8.0 multiple issues in chromium archdebian
CVE-2020-6456 high 8.0 multiple issues in chromium archdebian
CVE-2020-2732 high 8.0 A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 gu… archsusedebian
CVE-2020-6439 high 8.0 multiple issues in chromium archdebian
CVE-2020-6469 high 8.0 multiple issues in chromium archdebian
CVE-2020-6442 high 8.0 multiple issues in chromium archdebian
CVE-2020-6438 high 8.0 multiple issues in chromium archdebian
CVE-2020-6436 high 8.0 multiple issues in chromium archdebian
CVE-2020-6444 high 8.0 multiple issues in chromium archdebian
CVE-2020-6425 high 8.0 multiple issues in chromium archdebian
CVE-2020-6435 high 8.0 multiple issues in chromium archdebian
CVE-2020-6471 high 8.0 multiple issues in chromium archdebian
CVE-2020-6433 high 8.0 multiple issues in chromium archdebian
CVE-2020-6470 high 8.0 multiple issues in chromium archdebian
CVE-2020-6432 high 8.0 multiple issues in chromium archdebian
CVE-2020-6431 high 8.0 multiple issues in chromium archdebian
CVE-2020-6430 high 8.0 multiple issues in chromium archdebian
CVE-2020-6452 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6428 high 8.0 multiple issues in chromium archdebian
CVE-2020-6407 high 8.0 multiple issues in chromium archdebian
CVE-2020-6450 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-16035 high 8.0 multiple issues in chromium archdebian
CVE-2020-16026 high 8.0 multiple issues in chromium archdebian
CVE-2020-16028 high 8.0 multiple issues in chromium archdebian
CVE-2020-35680 high 8.0 smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of cl… archdebian
CVE-2020-16043 high 8.0 multiple issues in chromium archdebian
CVE-2020-16032 high 8.0 multiple issues in chromium archdebian
CVE-2020-15995 high 8.0 multiple issues in chromium archdebian
CVE-2020-35113 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archsusedebian
CVE-2020-16034 high 8.0 multiple issues in chromium archdebian
CVE-2020-15953 high 8.0 LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the clien… archdebian
CVE-2020-26971 high 8.0 Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefo… archsusedebian
CVE-2020-16036 high 8.0 multiple issues in chromium archdebian
CVE-2020-16038 high 8.0 multiple issues in chromium archdebian
CVE-2020-16027 high 8.0 multiple issues in chromium archdebian
CVE-2020-15654 high 8.0 When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived brok… archsusedebian
CVE-2020-10730 high 8.0 A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped wit… archsusedebian
CVE-2020-16042 high 8.0 multiple issues in chromium archdebiansuse
CVE-2020-26555 high 8.0 2y ago Important: kernel security, bug fix, and enhancement update archredhatrockylinuxsuse
CVE-2020-22219 high 8.0 3y ago Important: flac security update redhatsusedebian
CVE-2020-28367 high 8.0 4y ago Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. archsusedebiangolang
CVE-2020-28366 high 8.0 4y ago Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. archsusedebiangolang
CVE-2020-28915 high 8.0 4y ago A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. suserockylinuxdebian
CVE-2020-27838 high 8.0 4y ago Keycloak discloses information without authentication archjava
CVE-2020-7613 high 8.0 4y ago Clamscan vulnerable to command injection archnpm
CVE-2020-13974 high 8.0 4y ago An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in th… suserockylinuxdebian
CVE-2020-27820 high 8.0 4y ago A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-o… suserockylinuxdebian
CVE-2020-4788 high 8.0 4y ago IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. suserockylinuxdebian
CVE-2020-0404 high 8.0 4y ago In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional e… suserockylinuxdebian
CVE-2020-10734 high 8.0 4y ago OIDC Logout redirect in keycloak archjava
CVE-2020-13692 high 8.0 4y ago Improper Restriction of XML External Entity Reference susedebianrockylinuxjava
CVE-2020-1717 high 8.0 4y ago Generation of Error Message Containing Sensitive Information in Keycloak archjava
CVE-2020-1725 high 8.0 4y ago Incorrect Authorization in keycloak archjava
CVE-2020-1714 high 8.0 4y ago Improper Input Validation in Keycloak archjava
CVE-2020-14359 high 8.0 4y ago Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers archgolang
CVE-2020-13935 high 8.0 4y ago The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could t… archsusedebianjava
CVE-2020-13934 high 8.0 4y ago Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat archsusedebianjava
CVE-2020-8927 high 8.0 5y ago Important: .NET 5.0 security and bugfix update debianarchsuserockylinux+4
CVE-2020-25717 high 8.0 5y ago Important: samba security update archsuserockylinuxdebian
CVE-2020-36385 high 8.0 5y ago An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_… suserockylinuxdebian
CVE-2020-14765 high 8.0 5y ago Important: mariadb:10.3 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2020-13675 high 8.0 5y ago Unrestricted Upload of File with Dangerous Type in Drupal core archphp
CVE-2020-13673 high 8.0 5y ago The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it i… archphp
CVE-2020-13677 high 8.0 5y ago Drupal core access bypass vulnerability archphp
CVE-2020-13676 high 8.0 5y ago Incorrect Authorization in Drupal core archphp
CVE-2020-13674 high 8.0 5y ago Cross-Site Request Forgery in Drupal core archphp