VIR Vulnerability Intelligence Relay

CVEs from 2020

4,781 normalized CVEs published or assigned in this year.

Total
4,781
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.0%
% with KEV
3.1%
% with exploit
3.1%

Top vendors

Top products

  • banking_digital_experience 30
  • retail_xstore_point_of_service 28
  • primavera_unifier 27
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 10
  • communications_network_charging_and_control 10
  • communications_contacts_server 9
  • agile_plm 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-16016 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6831 high 8.0 arbitrary code execution in chromium archdebiansuse
CVE-2020-6579 high 8.0 multiple issues in chromium arch
CVE-2020-6454 high 8.0 multiple issues in chromium archdebian
CVE-2020-6505 high 8.0 Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. archdebian
CVE-2020-6461 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-12662 high 8.0 Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. archsusedebian
CVE-2020-28014 high 8.0 Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten. archdebian
CVE-2020-6460 high 8.0 multiple issues in chromium archdebian
CVE-2020-24489 high 8.0 Important: microcode_ctl security, bug fix and enhancement update archsusedebianrockylinux
CVE-2020-6437 high 8.0 multiple issues in chromium archdebian
CVE-2020-15678 high 8.0 When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClipped… archsusedebian
CVE-2020-8616 high 8.0 A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause … debianarchsuse
CVE-2020-6507 high 8.0 Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2020-6423 high 8.0 multiple issues in chromium archdebian
CVE-2020-28017 high 8.0 Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of res… archdebian
CVE-2020-24513 high 8.0 Important: microcode_ctl security, bug fix and enhancement update archsusedebianrockylinux
CVE-2020-28025 high 8.0 Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might le… archdebian
CVE-2020-3123 high 8.0 A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service … archdebian
CVE-2020-6487 high 8.0 multiple issues in chromium archdebian
CVE-2020-16119 high 8.0 Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ub… archsusedebian
CVE-2020-28008 high 8.0 Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input s… archdebian
CVE-2020-15677 high 8.0 By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open red… archsusedebian
CVE-2020-26972 high 8.0 The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check w… archdebian
CVE-2020-6465 high 8.0 multiple issues in chromium archdebian
CVE-2020-6445 high 8.0 multiple issues in chromium archdebian
CVE-2020-6478 high 8.0 multiple issues in chromium archdebian
CVE-2020-6469 high 8.0 multiple issues in chromium archdebian
CVE-2020-6486 high 8.0 multiple issues in chromium archdebian
CVE-2020-15659 high 8.0 Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enoug… archsusedebian
CVE-2020-14387 high 8.0 A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing… archdebian
CVE-2020-6491 high 8.0 multiple issues in chromium archdebian
CVE-2020-6509 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-8696 high 8.0 Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. archsusedebianrockylinux
CVE-2020-6481 high 8.0 multiple issues in chromium archdebian
CVE-2020-6490 high 8.0 multiple issues in chromium archdebian
CVE-2020-6468 high 8.0 multiple issues in chromium archdebian
CVE-2020-25682 high 8.0 A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the n… archsusedebian
CVE-2020-6464 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6485 high 8.0 multiple issues in chromium archdebian
CVE-2020-6471 high 8.0 multiple issues in chromium archdebian
CVE-2020-6462 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-6470 high 8.0 multiple issues in chromium archdebian
CVE-2020-6448 high 8.0 multiple issues in chromium archdebian
CVE-2020-6447 high 8.0 multiple issues in chromium archdebian
CVE-2020-15964 high 8.0 multiple issues in chromium archdebian
CVE-2020-6574 high 8.0 multiple issues in chromium archdebian
CVE-2020-6489 high 8.0 multiple issues in chromium archdebian
CVE-2020-6459 high 8.0 multiple issues in chromium archdebian
CVE-2020-16150 high 8.0 A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode … archdebian
CVE-2020-28023 high 8.0 Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client. archdebian
CVE-2020-28026 high 8.0 Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline … archdebian
CVE-2020-36329 high 8.0 A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and inte… suserockylinuxdebian
CVE-2020-6440 high 8.0 multiple issues in chromium archdebian
CVE-2020-6451 high 8.0 arbitrary code execution in chromium archdebian
CVE-2020-26978 high 8.0 Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerabi… archsusedebian
CVE-2020-26974 high 8.0 When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a poten… archsusedebian
CVE-2020-16020 high 8.0 multiple issues in chromium archdebian
CVE-2020-15676 high 8.0 Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditabl… archdebian
CVE-2020-16021 high 8.0 multiple issues in chromium archdebian
CVE-2020-15889 high 8.0 Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. archdebian
CVE-2020-6446 high 8.0 multiple issues in chromium archdebian
CVE-2020-14386 high 8.0 A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data conf… archsusedebian
CVE-2020-6463 high 8.0 Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebiansuse
CVE-2020-1971 high 8.0 The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares d… archsusedebian
CVE-2020-23171 high 8.0 multiple issues in nim arch
CVE-2020-10745 high 8.0 A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server… archsusedebian
CVE-2020-5260 high 8.0 Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store … archsusedebian
CVE-2020-35176 high 8.0 In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf fo… debianarch
CVE-2020-28022 high 8.0 Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands. archdebian
CVE-2020-15811 high 8.0 An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poi… suserockylinuxdebian
CVE-2020-6466 high 8.0 multiple issues in chromium archdebian
CVE-2020-26555 high 8.0 2y ago Important: kernel security, bug fix, and enhancement update archredhatrockylinuxsuse
CVE-2020-22219 high 8.0 3y ago Important: flac security update redhatsusedebian
CVE-2020-28367 high 8.0 4y ago Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. archsusedebiangolang
CVE-2020-28366 high 8.0 4y ago Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. archsusedebiangolang
CVE-2020-28915 high 8.0 4y ago Important: kernel-rt security and bug fix update suserockylinuxdebian
CVE-2020-27838 high 8.0 4y ago Keycloak discloses information without authentication archjava
CVE-2020-7613 high 8.0 4y ago Clamscan vulnerable to command injection archnpm
CVE-2020-4788 high 8.0 4y ago Important: kernel security, bug fix, and enhancement update suserockylinuxdebian
CVE-2020-0404 high 8.0 4y ago Important: kernel security, bug fix, and enhancement update suserockylinuxdebian
CVE-2020-27820 high 8.0 4y ago Important: kernel security, bug fix, and enhancement update suserockylinuxdebian
CVE-2020-13974 high 8.0 4y ago Important: kernel security, bug fix, and enhancement update suserockylinuxdebian
CVE-2020-10734 high 8.0 4y ago OIDC Logout redirect in keycloak archjava
CVE-2020-13692 high 8.0 4y ago Important: postgresql-jdbc security update susedebianrockylinuxjava
CVE-2020-1717 high 8.0 4y ago Generation of Error Message Containing Sensitive Information in Keycloak archjava
CVE-2020-1725 high 8.0 4y ago Incorrect Authorization in keycloak archjava
CVE-2020-1714 high 8.0 4y ago Improper Input Validation in Keycloak archjava
CVE-2020-14359 high 8.0 4y ago Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers archgolang
CVE-2020-13935 high 8.0 4y ago The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could t… archsusedebianjava
CVE-2020-13934 high 8.0 4y ago Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat archsusedebianjava
CVE-2020-8927 high 8.0 5y ago Important: .NET 5.0 security and bugfix update debianarchsuserockylinux+4
CVE-2020-25717 high 8.0 5y ago Important: samba security update archsuserockylinuxdebian
CVE-2020-36385 high 8.0 5y ago Important: kernel security, bug fix, and enhancement update suserockylinuxdebian
CVE-2020-14765 high 8.0 5y ago Important: mariadb:10.3 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2020-13675 high 8.0 5y ago Unrestricted Upload of File with Dangerous Type in Drupal core archphp
CVE-2020-13673 high 8.0 5y ago The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it i… archphp
CVE-2020-13677 high 8.0 5y ago Drupal core access bypass vulnerability archphp
CVE-2020-13676 high 8.0 5y ago Incorrect Authorization in Drupal core archphp
CVE-2020-13674 high 8.0 5y ago Cross-Site Request Forgery in Drupal core archphp