CVEs from 2020

3,801 normalized CVEs published or assigned in this year.

Total

3,801

critical

critical 206

high

high 563

medium

medium 744

low

low 59

% Critical

5.4%

% with KEV

3.8%

% with exploit

5.4%

Top vendors

Top products

retail_xstore_point_of_service 33
banking_digital_experience 30
primavera_unifier 29
retail_service_backbone 15
financial_services_institutional_performance_analytics 13
insurance_policy_administration_j2ee 11
communications_network_charging_and_control 10
enterprise_manager_base_platform 10

Top packages

PyPI/tensorflow-cpu 146
PyPI/tensorflow-gpu 146
PyPI/tensorflow 146
Packagist/drupal/core 67
PyPI/salt 64
PyPI/ansible 61
Packagist/magento/community-edition 61
Maven/com.fasterxml.jackson.core:jackson-databind 55

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2020-5222	unknown	—	—				6y ago	Hard-Coded Key Used For Remember-me Token in Opencast
CVE-2020-5231	unknown	—	—				6y ago	Users with ROLE_COURSE_ADMIN can create new users in Opencast
CVE-2020-5206	unknown	—	—				6y ago	Authentication Bypass For Endpoints With Anonymous Access in Opencast
CVE-2020-5207	unknown	—	—				6y ago	Request smuggling is possible when both chunked TE and content length specified
CVE-2020-5397	unknown	—	—				7y ago	CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux
CVE-2020-5398	unknown	—	—				7y ago	RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application