VIR Vulnerability Intelligence Relay

CVEs from 2020

4,781 normalized CVEs published or assigned in this year.

Total
4,781
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.0%
% with KEV
3.1%
% with exploit
3.1%

Top vendors

Top products

  • banking_digital_experience 30
  • retail_xstore_point_of_service 28
  • primavera_unifier 27
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 10
  • communications_network_charging_and_control 10
  • communications_contacts_server 9
  • agile_plm 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-7247 critical 10.0 4y ago smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session. archdebian
CVE-2020-6820 critical 10.0 5y ago Mozilla Firefox and Thunderbird contain a race condition vulnerability when handling a ReadableStream under certain conditions. The race condition creates a use-after-free vulnerability, causing unsp… archsusedebian
CVE-2020-6819 critical 10.0 5y ago Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free vulnerability, caus… archsusedebian
CVE-2020-16009 critical 10.0 6y ago multiple issues in chromium archdebiannuget
CVE-2020-37239 critical 9.8 9.8 12d ago libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call babl_…
CVE-2020-37228 critical 9.8 9.8 12d ago iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retr…
CVE-2020-37168 critical 9.8 9.8 15d ago Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. A…
CVE-2020-37002 critical 9.8 9.8 4mo ago Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/t…
CVE-2020-28271 critical 9.8 9.8 6y ago Prototype Pollution in deephas npm
CVE-2020-9546 critical 9.8 9.8 6y ago Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update debianrockylinuxjava
CVE-2020-26952 critical 9.5 Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affect… archdebian
CVE-2020-6513 critical 9.5 Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. archdebian
CVE-2020-15681 critical 9.5 When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potential… archdebian
CVE-2020-15680 critical 9.5 If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed a… archdebian
CVE-2020-15971 critical 9.5 multiple issues in chromium archdebian
CVE-2020-26963 critical 9.5 Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox … archsusedebian
CVE-2020-26962 critical 9.5 Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across … archsusedebian
CVE-2020-6382 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6390 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6800 critical 9.5 Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enoug… archsusedebian
CVE-2020-6525 critical 9.5 Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2020-26967 critical 9.5 When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This w… archsusedebian
CVE-2020-6530 critical 9.5 Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption … archdebian
CVE-2020-8955 critical 9.5 irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified othe… archdebian
CVE-2020-15972 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6511 critical 9.5 Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2020-6792 critical 9.5 When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5. archdebian
CVE-2020-6400 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15987 critical 9.5 multiple issues in chromium archdebian
CVE-2020-12387 critical 9.5 A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Fire… archsusedebian
CVE-2020-6533 critical 9.5 Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2020-6520 critical 9.5 Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2020-6457 critical 9.5 arbitrary code execution in chromium archdebian
CVE-2020-15990 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6521 critical 9.5 Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. archdebian
CVE-2020-28036 critical 9.5 wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. archdebian
CVE-2020-28033 critical 9.5 WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. archdebian
CVE-2020-15982 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6405 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6073 critical 9.5 An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple… archdebian
CVE-2020-6536 critical 9.5 Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted… archdebian
CVE-2020-15992 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6534 critical 9.5 Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2020-9760 critical 9.5 An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a… archdebian
CVE-2020-15975 critical 9.5 multiple issues in chromium archdebian
CVE-2020-16005 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6518 critical 9.5 Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a craft… archdebian
CVE-2020-6808 critical 9.5 When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by… archsusedebian
CVE-2020-8794 critical 9.5 OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTP… archdebian
CVE-2020-15986 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15979 critical 9.5 multiple issues in chromium archdebian
CVE-2020-11523 critical 9.5 libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. archdebian
CVE-2020-15983 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15988 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6821 critical 9.5 When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memor… archsusedebian
CVE-2020-15977 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6413 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15981 critical 9.5 multiple issues in chromium archdebian
CVE-2020-16004 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6415 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6385 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6409 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15980 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6412 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6519 critical 9.5 Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page. archdebian
CVE-2020-6406 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15984 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6410 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6072 critical 9.5 An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return … archdebian
CVE-2020-16008 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15985 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6408 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6071 critical 9.5 An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression poi… archdebian
CVE-2020-6403 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15973 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6404 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6077 critical 9.5 An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track … archdebian
CVE-2020-6397 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15970 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6401 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6516 critical 9.5 Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2020-6399 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15969 critical 9.5 multiple issues in chromium archdebiansuse
CVE-2020-6396 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6528 critical 9.5 Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2020-6398 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15968 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6395 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6394 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15967 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15991 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6393 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6823 critical 9.5 A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the us… archsusedebian
CVE-2020-6392 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6402 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6391 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6794 critical 9.5 If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was no… archdebian
CVE-2020-6389 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6414 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6388 critical 9.5 multiple issues in chromium archdebian