CVEs from 2020

4,811 normalized CVEs published or assigned in this year.

Total

4,811

critical

critical 193

high

high 470

medium

medium 675

low

low 56

% Critical

4.0%

% with KEV

3.0%

% with exploit

3.1%

Top vendors

Top products

banking_digital_experience 30
retail_xstore_point_of_service 28
primavera_unifier 27
retail_service_backbone 15
financial_services_institutional_performance_analytics 10
communications_network_charging_and_control 10
communications_contacts_server 9
agile_plm 8

Top packages

PyPI/tensorflow-cpu 146
PyPI/tensorflow-gpu 146
PyPI/tensorflow 146
Packagist/drupal/core 67
PyPI/salt 64
PyPI/ansible 61
Packagist/magento/community-edition 61
Maven/com.fasterxml.jackson.core:jackson-databind 55

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2020-7247	critical	—	10.0	4y ago	smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.
CVE-2020-6819	critical	—	10.0	5y ago	Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free vulnerability, caus…
CVE-2020-6820	critical	—	10.0	5y ago	Mozilla Firefox and Thunderbird contain a race condition vulnerability when handling a ReadableStream under certain conditions. The race condition creates a use-after-free vulnerability, causing unsp…
CVE-2020-16009	critical	—	10.0	6y ago	Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multipl…