VIR Vulnerability Intelligence Relay

CVEs from 2020

4,811 normalized CVEs published or assigned in this year.

Total
4,811
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.0%
% with KEV
3.0%
% with exploit
3.1%

Top vendors

Top products

  • banking_digital_experience 30
  • retail_xstore_point_of_service 28
  • primavera_unifier 27
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 10
  • communications_network_charging_and_control 10
  • communications_contacts_server 9
  • agile_plm 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-35730 high 9.5 3y ago An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference el… archdebian
CVE-2020-6418 high 9.5 5y ago Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web… archdebian
CVE-2020-16017 high 9.5 6y ago Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. archdebiannuget
CVE-2020-16013 high 9.5 6y ago Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could… archdebiannuget
CVE-2020-15999 high 9.5 6y ago Important: freetype security update archsusedebianrockylinux+1
CVE-2020-1472 medium 7.0 5y ago Moderate: samba security, bug fix, and enhancement update archsuserockylinuxdebian
CVE-2020-36193 medium 7.0 5y ago Moderate: php:7.4 security update archsuserockylinuxdebian+1
CVE-2020-28949 medium 7.0 6y ago Moderate: php:7.4 security update rockylinuxdebianphp
CVE-2020-1938 medium 7.0 6y ago Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploit… suserockylinuxdebianjava
CVE-2020-11023 medium 7.0 6y ago Moderate: doxygen security update redhatrockylinuxsusedebian+5