VIR Vulnerability Intelligence Relay

CVEs from 2020

4,781 normalized CVEs published or assigned in this year.

Total
4,781
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.0%
% with KEV
3.1%
% with exploit
3.1%

Top vendors

Top products

  • banking_digital_experience 30
  • retail_xstore_point_of_service 28
  • primavera_unifier 27
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 10
  • communications_network_charging_and_control 10
  • communications_contacts_server 9
  • agile_plm 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-7247 critical 10.0 4y ago smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session. archdebian
CVE-2020-6819 critical 10.0 5y ago Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free vulnerability, caus… archsusedebian
CVE-2020-6820 critical 10.0 5y ago Mozilla Firefox and Thunderbird contain a race condition vulnerability when handling a ReadableStream under certain conditions. The race condition creates a use-after-free vulnerability, causing unsp… archsusedebian
CVE-2020-16009 critical 10.0 6y ago multiple issues in chromium archdebiannuget
CVE-2020-37239 critical 9.8 9.8 12d ago libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call babl_…
CVE-2020-37228 critical 9.8 9.8 12d ago iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retr…
CVE-2020-37168 critical 9.8 9.8 15d ago Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. A…
CVE-2020-37002 critical 9.8 9.8 4mo ago Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/t…
CVE-2020-28271 critical 9.8 9.8 6y ago Prototype Pollution in deephas npm
CVE-2020-9546 critical 9.8 9.8 6y ago Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update debianrockylinuxjava
CVE-2020-6521 critical 9.5 Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. archdebian
CVE-2020-6413 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15991 critical 9.5 multiple issues in chromium archdebian
CVE-2020-26963 critical 9.5 Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox … archsusedebian
CVE-2020-6385 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6520 critical 9.5 Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2020-6457 critical 9.5 arbitrary code execution in chromium archdebian
CVE-2020-6519 critical 9.5 Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page. archdebian
CVE-2020-15989 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6378 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6516 critical 9.5 Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2020-12395 critical 9.5 Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enoug… archdebian
CVE-2020-6397 critical 9.5 multiple issues in chromium archdebian
CVE-2020-11986 critical 9.5 To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project.… archdebian
CVE-2020-6557 critical 9.5 multiple issues in chromium archdebian
CVE-2020-26962 critical 9.5 Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across … archsusedebian
CVE-2020-6079 critical 9.5 An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is … archdebian
CVE-2020-6821 critical 9.5 When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memor… archsusedebian
CVE-2020-12392 critical 9.5 The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and past… archdebian
CVE-2020-28032 critical 9.5 WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. archdebian
CVE-2020-6390 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6513 critical 9.5 Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. archdebian
CVE-2020-6414 critical 9.5 multiple issues in chromium archdebian
CVE-2020-16007 critical 9.5 multiple issues in chromium archdebian
CVE-2020-12397 critical 9.5 By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0. archdebian
CVE-2020-12396 critical 9.5 Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… archdebian
CVE-2020-6391 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6402 critical 9.5 multiple issues in chromium archdebian
CVE-2020-26953 critical 9.5 It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerabilit… archsusedebian
CVE-2020-6406 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6798 critical 9.5 If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly… archsusedebian
CVE-2020-6408 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6404 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6403 critical 9.5 multiple issues in chromium archdebian
CVE-2020-28034 critical 9.5 WordPress before 5.5.2 allows XSS associated with global variables. archdebian
CVE-2020-6399 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6530 critical 9.5 Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption … archdebian
CVE-2020-6387 critical 9.5 multiple issues in chromium archdebian
CVE-2020-26967 critical 9.5 When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This w… archsusedebian
CVE-2020-15968 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6078 critical 9.5 An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_h… archdebian
CVE-2020-6398 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6415 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6534 critical 9.5 Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2020-6381 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6389 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15986 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6416 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6380 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15977 critical 9.5 multiple issues in chromium archdebian
CVE-2020-28039 critical 9.5 is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. archdebian
CVE-2020-15982 critical 9.5 multiple issues in chromium archdebian
CVE-2020-16008 critical 9.5 multiple issues in chromium archdebian
CVE-2020-16006 critical 9.5 multiple issues in chromium archdebian
CVE-2020-28040 critical 9.5 WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. archdebian
CVE-2020-6523 critical 9.5 Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2020-28033 critical 9.5 WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. archdebian
CVE-2020-12390 critical 9.5 Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76. archdebian
CVE-2020-6808 critical 9.5 When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by… archsusedebian
CVE-2020-6826 critical 9.5 Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with eno… archsusedebian
CVE-2020-6388 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15984 critical 9.5 multiple issues in chromium archdebian
CVE-2020-16005 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6410 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6412 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6409 critical 9.5 multiple issues in chromium archdebian
CVE-2020-26950 critical 9.5 In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox … archsusedebian
CVE-2020-6824 critical 9.5 Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Priv… archsusedebian
CVE-2020-6405 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15973 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15990 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15988 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15992 critical 9.5 multiple issues in chromium archdebian
CVE-2020-26969 critical 9.5 Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archsusedebian
CVE-2020-6392 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6815 critical 9.5 Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with eno… archsusedebian
CVE-2020-15969 critical 9.5 multiple issues in chromium archdebiansuse
CVE-2020-16004 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15967 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15970 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6401 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6411 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6805 critical 9.5 When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbi… archsusedebian
CVE-2020-6812 critical 9.5 The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate de… archsusedebian
CVE-2020-15980 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6810 critical 9.5 After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the brow… archsusedebian
CVE-2020-6395 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6393 critical 9.5 multiple issues in chromium archdebian
CVE-2020-26951 critical 9.5 A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privilege… archsusedebian
CVE-2020-6396 critical 9.5 multiple issues in chromium archdebian