VIR Vulnerability Intelligence Relay

CVEs from 2020

4,634 normalized CVEs published or assigned in this year.

Total
4,634
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.2%
% with KEV
3.2%
% with exploit
3.2%

Top vendors

Top products

  • banking_digital_experience 30
  • retail_xstore_point_of_service 28
  • primavera_unifier 27
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 10
  • communications_network_charging_and_control 10
  • communications_contacts_server 9
  • agile_plm 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-7247 critical 10.0 4y ago smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session. archdebian
CVE-2020-6819 critical 10.0 5y ago Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free vulnerability, caus… archsusedebian
CVE-2020-6820 critical 10.0 5y ago Mozilla Firefox and Thunderbird contain a race condition vulnerability when handling a ReadableStream under certain conditions. The race condition creates a use-after-free vulnerability, causing unsp… archsusedebian
CVE-2020-16009 critical 10.0 6y ago multiple issues in chromium archdebiannuget
CVE-2020-37239 critical 9.8 9.8 12d ago libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call babl_…
CVE-2020-37228 critical 9.8 9.8 12d ago iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retr…
CVE-2020-37168 critical 9.8 9.8 15d ago Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. A…
CVE-2020-37002 critical 9.8 9.8 4mo ago Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/t…
CVE-2020-28271 critical 9.8 9.8 6y ago Prototype Pollution in deephas npm
CVE-2020-9546 critical 9.8 9.8 6y ago jackson-databind mishandles the interaction between serialization gadgets and typing debianrockylinuxjavaoracle
CVE-2020-28040 critical 9.5 WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. archdebian
CVE-2020-6404 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6408 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6813 critical 9.5 When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Co… archsusedebian
CVE-2020-6405 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15984 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6814 critical 9.5 Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these co… archsusedebian
CVE-2020-15980 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15967 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6410 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6524 critical 9.5 Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2020-11524 critical 9.5 libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. archdebian
CVE-2020-16006 critical 9.5 multiple issues in chromium archdebian
CVE-2020-28033 critical 9.5 WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. archdebian
CVE-2020-26951 critical 9.5 A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privilege… archsusedebian
CVE-2020-6403 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15982 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6399 critical 9.5 multiple issues in chromium archdebian
CVE-2020-16008 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15973 critical 9.5 multiple issues in chromium archdebian
CVE-2020-16005 critical 9.5 multiple issues in chromium archdebian
CVE-2020-16004 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15968 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6388 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15990 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15979 critical 9.5 multiple issues in chromium archdebian
CVE-2020-12395 critical 9.5 Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enoug… archdebian
CVE-2020-6557 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6073 critical 9.5 An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple… archdebian
CVE-2020-15988 critical 9.5 multiple issues in chromium archdebian
CVE-2020-11523 critical 9.5 libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. archdebian
CVE-2020-15976 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6533 critical 9.5 Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2020-6801 critical 9.5 Mozilla developers reported memory safety bugs present in Firefox 72. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2020-28036 critical 9.5 wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. archdebian
CVE-2020-15981 critical 9.5 multiple issues in chromium archdebian
CVE-2020-26950 critical 9.5 In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox … archsusedebian
CVE-2020-6414 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6809 critical 9.5 When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firef… archsusedebian
CVE-2020-6825 critical 9.5 Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corrupti… archsusedebian
CVE-2020-6397 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6411 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6401 critical 9.5 multiple issues in chromium archdebian
CVE-2020-16007 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6396 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6398 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6395 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15970 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6393 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6392 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15969 critical 9.5 multiple issues in chromium archdebiansuse
CVE-2020-6391 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6389 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15977 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6381 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6402 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6380 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6387 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6378 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6416 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6071 critical 9.5 An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression poi… archdebian
CVE-2020-6413 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6077 critical 9.5 An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track … archdebian
CVE-2020-15992 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6794 critical 9.5 If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was no… archdebian
CVE-2020-6415 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15991 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6409 critical 9.5 multiple issues in chromium archdebian
CVE-2020-25125 critical 9.5 GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD pre… archdebian
CVE-2020-6412 critical 9.5 multiple issues in chromium archdebian
CVE-2020-15986 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6406 critical 9.5 multiple issues in chromium archdebian
CVE-2020-12394 critical 9.5 A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. This vulne… archdebian
CVE-2020-6078 critical 9.5 An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_h… archdebian
CVE-2020-15683 critical 9.5 Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enoug… archsusedebian
CVE-2020-26965 critical 9.5 Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remember… archsusedebian
CVE-2020-6520 critical 9.5 Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2020-15978 critical 9.5 multiple issues in chromium archdebian
CVE-2020-6457 critical 9.5 arbitrary code execution in chromium archdebian
CVE-2020-26960 critical 9.5 If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerabili… archsusedebian
CVE-2020-6080 critical 9.5 An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is … archdebian
CVE-2020-6805 critical 9.5 When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbi… archsusedebian
CVE-2020-15681 critical 9.5 When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potential… archdebian
CVE-2020-16044 critical 9.5 Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet. archsusedebian
CVE-2020-6529 critical 9.5 Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. archdebian
CVE-2020-14355 critical 9.5 Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affe… archsusedebian
CVE-2020-26958 critical 9.5 Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerabili… archsusedebian
CVE-2020-6798 critical 9.5 If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly… archsusedebian
CVE-2020-11521 critical 9.5 libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. archdebian
CVE-2020-6521 critical 9.5 Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. archdebian