VIR Vulnerability Intelligence Relay

CVEs from 2020

4,781 normalized CVEs published or assigned in this year.

Total
4,781
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.0%
% with KEV
3.1%
% with exploit
3.1%

Top vendors

Top products

  • banking_digital_experience 30
  • retail_xstore_point_of_service 28
  • primavera_unifier 27
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 10
  • communications_network_charging_and_control 10
  • communications_contacts_server 9
  • agile_plm 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-7247 critical 10.0 4y ago smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session. archdebian
CVE-2020-6819 critical 10.0 5y ago Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free vulnerability, caus… archsusedebian
CVE-2020-6820 critical 10.0 5y ago Mozilla Firefox and Thunderbird contain a race condition vulnerability when handling a ReadableStream under certain conditions. The race condition creates a use-after-free vulnerability, causing unsp… archsusedebian
CVE-2020-16009 critical 10.0 6y ago multiple issues in chromium archdebiannuget
CVE-2020-37239 critical 9.8 9.8 12d ago libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call babl_…
CVE-2020-37228 critical 9.8 9.8 12d ago iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retr…
CVE-2020-37168 critical 9.8 9.8 15d ago Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. A…
CVE-2020-37002 critical 9.8 9.8 4mo ago Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/t…
CVE-2020-28271 critical 9.8 9.8 6y ago Prototype Pollution in deephas npm
CVE-2020-9546 critical 9.8 9.8 6y ago Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update debianrockylinuxjava
CVE-2020-6519 critical 9.5 Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page. archdebian
CVE-2020-12387 critical 9.5 A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Fire… archsusedebian
CVE-2020-6513 critical 9.5 Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. archdebian
CVE-2020-6390 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6457 critical 9.5 arbitrary code execution in chromium archdebian
CVE-2020-6385 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6529 critical 9.5 Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. archdebian
CVE-2020-26967 critical 9.5 When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This w… archsusedebian
CVE-2020-6078 critical 9.5 An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_h… archdebian
CVE-2020-6521 critical 9.5 Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. archdebian
CVE-2020-12390 critical 9.5 Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76. archdebian
CVE-2020-6400 critical 9.5 multiple issues in chromium archdebian
CVE-2020-26962 critical 9.5 Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across … archsusedebian
CVE-2020-26963 critical 9.5 Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox … archsusedebian
CVE-2020-6534 critical 9.5 Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2020-6080 critical 9.5 An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is … archdebian
CVE-2020-6533 critical 9.5 Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2020-15984 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6530 critical 9.5 Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption … archdebian
CVE-2020-6520 critical 9.5 Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2020-15991 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15977 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6394 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6395 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15971 critical 9.5 multiple issues in chromium archdebian
CVE-2020-12392 critical 9.5 The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and past… archdebian
CVE-2020-15967 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15972 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6398 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6379 critical 9.5 multiple issues in chromium archdebian
CVE-2020-8794 critical 9.5 OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTP… archdebian
CVE-2020-6079 critical 9.5 An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is … archdebian
CVE-2020-6516 critical 9.5 Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2020-6378 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6387 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6380 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6405 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6404 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6399 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6389 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6409 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6416 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6415 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6388 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6528 critical 9.5 Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2020-15975 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15982 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6391 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15990 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6382 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15980 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15992 critical 9.5 multiple issues in chromium archdebian
CVE-2020-26951 critical 9.5 A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privilege… archsusedebian
CVE-2020-15986 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6403 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6806 critical 9.5 By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a poten… archsusedebian
CVE-2020-6796 critical 9.5 A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially … archsusedebian
CVE-2020-26950 critical 9.5 In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox … archsusedebian
CVE-2020-6526 critical 9.5 Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. archdebian
CVE-2020-6402 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6393 critical 9.5 multiple issues in chromium archdebian
CVE-2020-12395 critical 9.5 Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enoug… archdebian
CVE-2020-6408 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6401 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6381 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15988 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6412 critical 9.5 multiple issues in chromium archdebian
CVE-2020-16008 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6413 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6396 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15981 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6392 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6808 critical 9.5 When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by… archsusedebian
CVE-2020-26956 critical 9.5 In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbir… archsusedebian
CVE-2020-6397 critical 9.5 multiple issues in chromium archdebian
CVE-2020-26960 critical 9.5 If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerabili… archsusedebian
CVE-2020-14355 critical 9.5 Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affe… archsusedebian
CVE-2020-6414 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15970 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15987 critical 9.5 multiple issues in chromium archdebian
CVE-2020-16005 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15684 critical 9.5 Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2020-16004 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6406 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6410 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15968 critical 9.5 multiple issues in chromium archdebian
CVE-2020-26952 critical 9.5 Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affect… archdebian
CVE-2020-6810 critical 9.5 After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the brow… archsusedebian
CVE-2020-6824 critical 9.5 Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Priv… archsusedebian
CVE-2020-15969 critical 9.5 multiple issues in chromium archdebiansuse