VIR Vulnerability Intelligence Relay

CVEs from 2020

4,354 normalized CVEs published or assigned in this year.

Total
4,354
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.4%
% with KEV
3.4%
% with exploit
3.4%

Top vendors

Top products

  • banking_digital_experience 30
  • retail_xstore_point_of_service 28
  • primavera_unifier 27
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 10
  • communications_network_charging_and_control 10
  • communications_contacts_server 9
  • agile_plm 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-26265 high 8.0 5y ago Consensus flaw in github.com/ethereum/go-ethereum archgolang
CVE-2020-26541 high 8.0 5y ago The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. archsuserockylinuxdebian
CVE-2020-15257 high 8.0 5y ago containerd-shim API Exposed to Host Network Containers in github.com/containerd/containerd archdebiansusegolang
CVE-2020-10696 high 8.0 5y ago Important: container-tools:2.0 security update susedebianrockylinuxgolang
CVE-2020-25097 high 8.0 5y ago Important: squid:4 security update suserockylinuxdebian
CVE-2020-27835 high 8.0 5y ago A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash… archsusedebianalmalinux
CVE-2020-12464 high 8.0 5y ago usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. susedebian
CVE-2020-12364 high 8.0 5y ago Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a den… susedebianrockylinux
CVE-2020-28974 high 8.0 5y ago A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs … archsusedebianalmalinux
CVE-2020-35508 high 8.0 5y ago A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local… susedebianalmalinux
CVE-2020-36322 high 8.0 5y ago An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a … susedebianalmalinux
CVE-2020-0431 high 8.0 5y ago In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. U… susedebian
CVE-2020-24394 high 8.0 5y ago In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs be… susedebian
CVE-2020-25285 high 8.0 5y ago A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly hav… susedebian
CVE-2020-25212 high 8.0 5y ago A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nf… susedebian
CVE-2020-15437 high 8.0 5y ago The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service… susedebian
CVE-2020-14356 high 8.0 5y ago A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or e… susedebian
CVE-2020-25284 high 8.0 5y ago The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map … susedebian
CVE-2020-14314 high 8.0 5y ago A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to… susedebian
CVE-2020-25643 high 8.0 5y ago A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function wh… susedebian
CVE-2020-25704 high 8.0 5y ago A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denia… archsusedebianalmalinux
CVE-2020-27786 high 8.0 5y ago A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue.… susedebianalmalinux
CVE-2020-12363 high 8.0 5y ago Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial o… susedebianrockylinux
CVE-2020-12114 high 8.0 5y ago A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to … susedebian
CVE-2020-12362 high 8.0 5y ago Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a… susedebianrockylinux
CVE-2020-11608 high 8.0 5y ago An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoin… susedebian
CVE-2020-28052 high 8.0 5y ago Logic error in Legion of the Bouncy Castle BC Java archdebianjava
CVE-2020-28468 high 8.0 5y ago This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code ex… archpython
CVE-2020-28362 high 8.0 5y ago Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. archsusedebiangolang
CVE-2020-27152 high 8.0 5y ago An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge trigg… susedebian
CVE-2020-28374 high 8.0 5y ago In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via direct… archsusedebian
CVE-2020-0466 high 8.0 5y ago In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privilege… susedebian
CVE-2020-35517 high 8.0 5y ago Important: virt:rhel and virt-devel:rhel security update rockylinuxdebian
CVE-2020-25705 high 8.0 5y ago A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Soft… susedebian
CVE-2020-14351 high 8.0 5y ago A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly esca… susedebian
CVE-2020-29661 high 8.0 5y ago A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. archsusedebian
CVE-2020-17525 high 8.0 5y ago Important: subversion:1.10 security update archsuserockylinuxdebian
CVE-2020-1720 high 8.0 6y ago Important: postgresql:12 security update suserockylinux
CVE-2020-14350 high 8.0 6y ago Important: postgresql:12 security update suserockylinux
CVE-2020-25696 high 8.0 6y ago Important: postgresql:12 security update archsuserockylinuxdebian
CVE-2020-25694 high 8.0 6y ago Important: postgresql:12 security update archsuserockylinuxdebian
CVE-2020-25695 high 8.0 6y ago Important: postgresql:12 security update archsuserockylinuxdebian
CVE-2020-14349 high 8.0 6y ago Important: postgresql:12 security update suserockylinux
CVE-2020-13249 high 8.0 6y ago Important: mariadb:10.3 security, bug fix, and enhancement update suserockylinux
CVE-2020-15180 high 8.0 6y ago Important: mariadb:10.3 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2020-0452 high 8.0 6y ago Important: libexif security update archsusedebianrockylinux
CVE-2020-17521 high 8.0 6y ago Information Disclosure in Apache Groovy archsusedebianjava
CVE-2020-26890 high 8.0 6y ago Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service atta… archdebianpython
CVE-2020-26891 high 8.0 6y ago AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Syn… archdebianpython
CVE-2020-6506 high 8.0 6y ago Android WebView Universal Cross-site Scripting archdebiannpm
CVE-2020-36327 high 8.0 6y ago Important: ruby:2.5 security update archsuserockylinuxdebian+1
CVE-2020-14364 high 8.0 6y ago Important: virt:rhel security update suserockylinuxdebian
CVE-2020-2762 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2774 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2893 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14643 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14586 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14697 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14575 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2686 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14576 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14633 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14799 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxdebianalmalinux
CVE-2020-14725 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14702 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2573 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2901 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14678 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2804 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14651 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2761 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14632 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14631 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14656 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14634 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14620 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2759 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2812 high 8.0 6y ago Important: mariadb:10.3 security, bug fix, and enhancement update rockylinuxalmalinux
CVE-2020-2579 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2765 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2584 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2895 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14614 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14624 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14654 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14641 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14663 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-14680 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2570 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2580 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2660 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2896 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2903 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2930 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2926 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2898 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2752 high 8.0 6y ago Important: mariadb:10.3 security, bug fix, and enhancement update rockylinuxalmalinux
CVE-2020-2574 high 8.0 6y ago Important: mariadb:10.3 security, bug fix, and enhancement update suserockylinuxalmalinux
CVE-2020-2904 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2020-2763 high 8.0 6y ago Important: mysql:8.0 security update rockylinuxalmalinux