CVEs from 2020
Total
3,802
critical
critical 206
high
high 563
medium
medium 745
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-2225 | unknown | — | — | 4y ago | Stored XSS vulnerability in multiple axis builds tooltips in Jenkins Matrix Project Plugin | |||
| CVE-2020-2227 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Deployer Framework Plugin | |||
| CVE-2020-2226 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin | |||
| CVE-2020-2222 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins 'keep forever' badge icon | |||
| CVE-2020-2223 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins console links | |||
| CVE-2020-2221 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins upstream cause | |||
| CVE-2020-2224 | unknown | — | — | 4y ago | Stored XSS vulnerability in single axis builds tooltips in Jenkins Matrix Project Plugin | |||
| CVE-2020-2220 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins job build time trend | |||
| CVE-2020-2218 | unknown | — | — | 4y ago | Password stored in plain text by Jenkins HP ALM Quality Center Plugin | |||
| CVE-2020-2214 | unknown | — | — | 4y ago | Content-Security-Policy protection for user content disabled by Jenkins ZAP Pipeline Plugin | |||
| CVE-2020-2216 | unknown | — | — | 4y ago | Missing permission checks in Zephyr for JIRA Test Management Plugin | |||
| CVE-2020-2215 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Zephyr for JIRA Test Management Plugin | |||
| CVE-2020-2217 | unknown | — | — | 4y ago | Reflected XSS in Jenkins Compatibility Action Storage Plugin | |||
| CVE-2020-2219 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Link Column Plugin | |||
| CVE-2020-2211 | unknown | — | — | 4y ago | RCE vulnerability in ElasticBox Jenkins Kubernetes CI/CD Plugin | |||
| CVE-2020-2207 | unknown | — | — | 4y ago | Reflected XSS vulnerability in Jenkins VncViewer Plugin | |||
| CVE-2020-2209 | unknown | — | — | 4y ago | Password stored in plain text by Jenkins TestComplete support Plugin | |||
| CVE-2020-2213 | unknown | — | — | 4y ago | Credentials stored in plain text by Jenkins White Source Plugin | |||
| CVE-2020-2212 | unknown | — | — | 4y ago | Secret stored in plain text by Jenkins GitHub Coverage Reporter Plugin | |||
| CVE-2020-2208 | unknown | — | — | 4y ago | Secret stored in plain text by Jenkins Slack Upload Plugin | |||
| CVE-2020-2204 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Fortify on Demand Plugin | |||
| CVE-2020-2206 | unknown | — | — | 4y ago | Reflected XSS vulnerability in Jenkins VncRecorder Plugin | |||
| CVE-2020-2210 | unknown | — | — | 4y ago | Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin | |||
| CVE-2020-2201 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Sonargraph Integration Plugin | |||
| CVE-2020-2202 | unknown | — | — | 4y ago | Users with Overall/Read access could enumerate credentials IDs in Jenkins Fortify on Demand Plugin | |||
| CVE-2020-2205 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins VncRecorder Plugin | |||
| CVE-2020-2203 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Fortify on Demand Plugin | |||
| CVE-2020-10727 | unknown | — | — | 4y ago | nsufficiently Protected Credentials in ActiveMQ Artemis | |||
| CVE-2020-10740 | unknown | — | — | 4y ago | Wildfly Unsafe Deserialization Vulnerability | |||
| CVE-2020-5411 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Spring Batch | |||
| CVE-2020-13445 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to Arbitrary Code Execution | |||
| CVE-2020-13444 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Fails to Sanitize API Data | |||
| CVE-2020-2198 | unknown | — | — | 4y ago | Missing permission check in Jenkins Project Inheritance Plugin | |||
| CVE-2020-2200 | unknown | — | — | 4y ago | OS command injection vulnerability in Jenkins Play Framework Plugin | |||
| CVE-2020-2199 | unknown | — | — | 4y ago | XSS vulnerability in Jenkins Subversion Partial Release Manager Plugin | |||
| CVE-2020-2197 | unknown | — | — | 4y ago | Missing permission check in Jenkins Project Inheritance Plugin | |||
| CVE-2020-2192 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Swarm Plugin | |||
| CVE-2020-2190 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins Script Security Plugin | |||
| CVE-2020-2194 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins ECharts API Plugin | |||
| CVE-2020-2196 | unknown | — | — | 4y ago | Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS command injection | |||
| CVE-2020-2191 | unknown | — | — | 4y ago | Improper permission checks in Jenkins Swarm Plugin | |||
| CVE-2020-2193 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins ECharts API Plugin | |||
| CVE-2020-2195 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Compact Columns Plugin | |||
| CVE-2020-13226 | unknown | — | — | 4y ago | WSO2 API Manager vulnerable to SSRF | |||
| CVE-2020-1698 | unknown | — | — | 4y ago | Keycloak leaks sensitive information in logged exceptions | |||
| CVE-2020-1724 | unknown | — | — | 4y ago | Keycloak Insufficient Session Expiry | |||
| CVE-2020-12760 | unknown | — | — | 4y ago | OpenNMS Horizon RCE via Unsafe Deserialization | |||
| CVE-2020-12691 | unknown | — | — | 4y ago | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then … | |||
| CVE-2020-12692 | unknown | — | — | 4y ago | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then … | |||
| CVE-2020-12689 | unknown | — | — | 4y ago | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escala… | |||
| CVE-2020-2187 | unknown | — | — | 4y ago | Lack of SSL/TLS certificate and hostname validation in Amazon EC2 Plugin | |||
| CVE-2020-2189 | unknown | — | — | 4y ago | RCE vulnerability in SCM Filter Jervis Plugin | |||
| CVE-2020-2185 | unknown | — | — | 4y ago | Missing SSH host key validation in Jenkins Amazon EC2 Plugin | |||
| CVE-2020-2183 | unknown | — | — | 4y ago | Improper permission checks in Jenkins Copy Artifact Plugin | |||
| CVE-2020-2188 | unknown | — | — | 4y ago | Users with Overall/Read access can enumerate credentials IDs in Amazon EC2 Plugin | |||
| CVE-2020-2182 | unknown | — | — | 4y ago | Improper masking of some secrets in Jenkins Credentials Binding Plugin | |||
| CVE-2020-2184 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins CVS Plugin | |||
| CVE-2020-2181 | unknown | — | — | 4y ago | Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps | |||
| CVE-2020-2186 | unknown | — | — | 4y ago | CSRF vulnerability in Amazon EC2 Plugin | |||
| CVE-2020-10686 | unknown | — | — | 4y ago | Keycloak users may be able to remove MFA from other users' devices | |||
| CVE-2020-1745 | unknown | — | — | 4y ago | Improper Authorization in Undertoe | |||
| CVE-2020-1757 | unknown | — | — | 4y ago | Improper Input Validation in Undertow | |||
| CVE-2020-2178 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Parasoft Findings Plugin | |||
| CVE-2020-2180 | unknown | — | — | 4y ago | RCE vulnerability in Jenkins AWS SAM Plugin | |||
| CVE-2020-2177 | unknown | — | — | 4y ago | Credentials stored in plain text by Jenkins Copr Plugin | |||
| CVE-2020-2179 | unknown | — | — | 4y ago | RCE vulnerability in Jenkins Yaml Axis Plugin | |||
| CVE-2020-2174 | unknown | — | — | 4y ago | Reflected XSS vulnerability in Jenkins AWSEB Deployment Plugin | |||
| CVE-2020-2176 | unknown | — | — | 4y ago | XSS vulnerability in Jenkins useMango Runner Plugin | |||
| CVE-2020-2175 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins FitNesse Plugin | |||
| CVE-2020-2172 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Code Coverage API Plugin | |||
| CVE-2020-2173 | unknown | — | — | 4y ago | XSS vulnerability in Jenkins Gatling Plugin | |||
| CVE-2020-7009 | unknown | — | — | 4y ago | Improper Privilege Management in Elasticsearch | |||
| CVE-2020-7599 | unknown | — | — | 4y ago | Exposure of Sensitive Information in Gradle publish plugin | |||
| CVE-2020-2168 | unknown | — | — | 4y ago | RCE vulnerability in Jenkins Azure Container Service Plugin | |||
| CVE-2020-2169 | unknown | — | — | 4y ago | Reflected XSS vulnerability in Jenkins Queue cleanup Plugin | |||
| CVE-2020-2171 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins RapidDeploy Plugin | |||
| CVE-2020-2161 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2020-2165 | unknown | — | — | 4y ago | Passwords transmitted in plain text by Jenkins Artifactory Plugin | |||
| CVE-2020-2160 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins | |||
| CVE-2020-2164 | unknown | — | — | 4y ago | Passwords stored in plain text by Jenkins Artifactory Plugin | |||
| CVE-2020-2170 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins RapidDeploy Plugin | |||
| CVE-2020-2162 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2020-2163 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2020-2166 | unknown | — | — | 4y ago | RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin | |||
| CVE-2020-2159 | unknown | — | — | 4y ago | OS command injection in CryptoMove Plugin | |||
| CVE-2020-2157 | unknown | — | — | 4y ago | Credentials transmitted in plain text by Skytap Cloud CI Plugin | |||
| CVE-2020-2158 | unknown | — | — | 4y ago | Remote Code Execution vulnerability in Jenkins Literate Plugin | |||
| CVE-2020-2146 | unknown | — | — | 4y ago | Missing SSH host key validation in Mac Plugin | |||
| CVE-2020-2153 | unknown | — | — | 4y ago | Credentials transmitted in plain text by Backlog Plugin | |||
| CVE-2020-2156 | unknown | — | — | 4y ago | Credentials transmitted in plain text by Jenkins DeployHub Plugin | |||
| CVE-2020-2152 | unknown | — | — | 4y ago | Jenkins Subversion Release Manager Plugin vulnerable to cross-site scripting (XSS) | |||
| CVE-2020-2155 | unknown | — | — | 4y ago | Credentials transmitted in plain text by OpenShift Deployer Plugin | |||
| CVE-2020-2154 | unknown | — | — | 4y ago | Jenkins Zephyr for JIRA Test Management Plugin stores credentials in plain text | |||
| CVE-2020-2148 | unknown | — | — | 4y ago | Missing permission checks in Mac Plugin | |||
| CVE-2020-2142 | unknown | — | — | 4y ago | Missing permission checks in Jenkins P4 Plugin | |||
| CVE-2020-2149 | unknown | — | — | 4y ago | Credentials transmitted in plain text by Repository Connector Plugin | |||
| CVE-2020-2150 | unknown | — | — | 4y ago | Jenkins Sonar Quality Gates Plugin transmits credentials in plain text during configuration | |||
| CVE-2020-2144 | unknown | — | — | 4y ago | XXE vulnerability in Rundeck Plugin | |||
| CVE-2020-2143 | unknown | — | — | 4y ago | Credentials transmitted in plain text by Jenkins Logstash Plugin | |||
| CVE-2020-2141 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins P4 Plugin |