CVEs from 2020
Total
3,799
critical
critical 206
high
high 563
medium
medium 745
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-14396 | unknown | — | — | — | An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. | |||
| CVE-2020-12389 | unknown | — | — | — | The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerab… | |||
| CVE-2020-15663 | unknown | — | — | — | If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Serv… | |||
| CVE-2020-6797 | unknown | — | — | — | By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download … | |||
| CVE-2020-13659 | unknown | — | — | — | address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. | |||
| CVE-2020-14415 | unknown | — | — | — | oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. | |||
| CVE-2020-10704 | unknown | — | — | — | A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user ca… | |||
| CVE-2020-6545 | unknown | — | — | — | Use after free in audio in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-35502 | unknown | — | — | — | A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash. | |||
| CVE-2020-10030 | unknown | — | — | — | An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memor… | |||
| CVE-2020-15694 | unknown | — | — | — | In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a n… | |||
| CVE-2020-13977 | unknown | — | — | — | Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of t… | |||
| CVE-2020-15996 | unknown | — | — | — | Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2020-16001 | unknown | — | — | — | Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-6386 | unknown | — | — | — | Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2020-12413 | unknown | — | — | — | The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites. | |||
| CVE-2020-36843 | unknown | — | — | 1y ago | Ed25519 Signature Malleability in ed25519-java Due to Missing Scalar Range Check | |||
| CVE-2020-27534 | unknown | — | — | 2y ago | util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.T… | |||
| CVE-2020-15136 | unknown | — | — | 2y ago | In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on e… | |||
| CVE-2020-15114 | unknown | — | — | 2y ago | In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoin… | |||
| CVE-2020-15113 | unknown | — | — | 2y ago | In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS con… | |||
| CVE-2020-24922 | unknown | — | — | 3y ago | xuxueli xxl-job Cross-Site Request Forgery Vulnerability | |||
| CVE-2020-21485 | unknown | — | — | 3y ago | Alluxio Cross Site Scripting vulnerability | |||
| CVE-2020-22755 | unknown | — | — | 3y ago | MCMS vulnerable to arbitrary code execution via crafted thumbnail | |||
| CVE-2020-20913 | unknown | — | — | 3y ago | Ming-Soft MCMS vulnerable to SQL injection | |||
| CVE-2020-36640 | unknown | — | — | 4y ago | bonita-connector-webservice XML External Entity vulnerability | |||
| CVE-2020-36641 | unknown | — | — | 4y ago | aXMLRPC XML External Entity vulnerability | |||
| CVE-2020-15115 | unknown | — | — | 4y ago | etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess … | |||
| CVE-2020-15112 | unknown | — | — | 4y ago | In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are b… | |||
| CVE-2020-15106 | unknown | — | — | 4y ago | In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on … | |||
| CVE-2020-23622 | unknown | — | — | 4y ago | 4thline cling uPnP protocol issue can lead to denial of service | |||
| CVE-2020-7677 | unknown | — | — | 4y ago | thenify before 3.3.1 made use of unsafe calls to `eval`. | |||
| CVE-2020-28191 | unknown | — | — | 4y ago | Togglz console missing cross-site request forgery (CSRF) protection | |||
| CVE-2020-10650 | unknown | — | — | 4y ago | jackson-databind vulnerable to unsafe deserialization | |||
| CVE-2020-28865 | unknown | — | — | 4y ago | Insufficiently Protected Credentials in PowerJob | |||
| CVE-2020-28088 | unknown | — | — | 4y ago | Jeecg-Boot CMS arbitrary file upload vulnerability | |||
| CVE-2020-7021 | unknown | — | — | 4y ago | Insertion of Sensitive Information into Log File in Elasticsearch | |||
| CVE-2020-29582 | unknown | — | — | 4y ago | Incorrect Default Permissions in JetBrains Kotlin | |||
| CVE-2020-25476 | unknown | — | — | 4y ago | Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via User Name Parameter | |||
| CVE-2020-8920 | unknown | — | — | 4y ago | Information leak in Gerrit | |||
| CVE-2020-16971 | unknown | — | — | 4y ago | Azure SDK for Java Security Feature Bypass Vulnerability | |||
| CVE-2020-27822 | unknown | — | — | 4y ago | Wildfly has a memory leak vulnerability | |||
| CVE-2020-2320 | unknown | — | — | 4y ago | Jenkins Plugin Installation Manager Tool did not verify plugin downloads | |||
| CVE-2020-2324 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins CVS Plugin | |||
| CVE-2020-2323 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Chaos Monkey Plugin | |||
| CVE-2020-2322 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Chaos Monkey Plugin | |||
| CVE-2020-2321 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Shelve Project Plugin | |||
| CVE-2020-2318 | unknown | — | — | 4y ago | Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin | |||
| CVE-2020-2319 | unknown | — | — | 4y ago | Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin | |||
| CVE-2020-2309 | unknown | — | — | 4y ago | Missing authorization in Jenkins Kubernetes Plugin | |||
| CVE-2020-2310 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Ansible Plugin allow enumerating credentials IDs | |||
| CVE-2020-2313 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Azure Key Vault Plugin allow enumerating credentials IDs | |||
| CVE-2020-2314 | unknown | — | — | 4y ago | Password stored in plain text by Jenkins AppSpider Plugin | |||
| CVE-2020-2316 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Static Analysis Utilities Plugin | |||
| CVE-2020-2315 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Visualworks Store Plugin | |||
| CVE-2020-2308 | unknown | — | — | 4y ago | Missing Authorization in Jenkins Kubernetes Plugin | |||
| CVE-2020-2312 | unknown | — | — | 4y ago | Password written to the build log by Jenkins SQLPlus Script Runner Plugin | |||
| CVE-2020-2311 | unknown | — | — | 4y ago | Missing permission check in Jenkins AWS Global Configuration Plugin allows replacing plugin configuration | |||
| CVE-2020-2303 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Active Directory Plugin | |||
| CVE-2020-2301 | unknown | — | — | 4y ago | Authentication cache in Active Directory Jenkins Plugin allows logging in with any password | |||
| CVE-2020-2307 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Kubernetes Plugin | |||
| CVE-2020-2299 | unknown | — | — | 4y ago | Improper Authentication in Jenkins Active Directory Plugin | |||
| CVE-2020-2306 | unknown | — | — | 4y ago | Missing Authorization in Jenkins Mercurial Plugin | |||
| CVE-2020-2305 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Mercurial Plugin | |||
| CVE-2020-2300 | unknown | — | — | 4y ago | Improper Authentication (empty password) in Jenkins Active Directory Plugin | |||
| CVE-2020-2302 | unknown | — | — | 4y ago | Missing permission check in Jenkins Active Directory Plugin allows accessing domain health check page | |||
| CVE-2020-2304 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Subversion Plugin | |||
| CVE-2020-25689 | unknown | — | — | 4y ago | Uncontrolled Resource Consumption in WildFly | |||
| CVE-2020-10721 | unknown | — | — | 4y ago | fabric8-maven-plugin: insecure way to construct Yaml Object leading to remote code execution | |||
| CVE-2020-2297 | unknown | — | — | 4y ago | Access token stored in plain text by Jenkins SMS Notification Plugin | |||
| CVE-2020-2294 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Maven Cascade Release Plugin | |||
| CVE-2020-2298 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Nerrvana Plugin | |||
| CVE-2020-2295 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Maven Cascade Release Plugin | |||
| CVE-2020-2293 | unknown | — | — | 4y ago | Arbitrary file read vulnerability in Jenkins Persona Plugin | |||
| CVE-2020-2296 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Shared Objects Plugin | |||
| CVE-2020-2290 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Active Choices Plugin | |||
| CVE-2020-2292 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Release Plugin | |||
| CVE-2020-2288 | unknown | — | — | 4y ago | Incorrect default pattern in Jenkins Audit Trail Plugin | |||
| CVE-2020-2289 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Active Choices Plugin | |||
| CVE-2020-2291 | unknown | — | — | 4y ago | Password stored in plain text by Jenkins couchdb-statistics Plugin | |||
| CVE-2020-25644 | unknown | — | — | 4y ago | Wildfly-OpenSSL memory leak flaw | |||
| CVE-2020-15840 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Bypass via Double Encoded URL | |||
| CVE-2020-2284 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Liquibase Runner Plugin | |||
| CVE-2020-2279 | unknown | — | — | 4y ago | Sandbox bypass vulnerability in Jenkins Script Security Plugin | |||
| CVE-2020-2283 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Liquibase Runner Plugin | |||
| CVE-2020-2281 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Lockable Resources Plugin | |||
| CVE-2020-2280 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins warnings Plugin allows remote code execution | |||
| CVE-2020-2285 | unknown | — | — | 4y ago | Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs | |||
| CVE-2020-2282 | unknown | — | — | 4y ago | Missing permission check in Jenkins Implied Labels Plugin allows reconfiguring the plugin | |||
| CVE-2020-2274 | unknown | — | — | 4y ago | Passwords stored in plain text by ElasTest Plugin | |||
| CVE-2020-2275 | unknown | — | — | 4y ago | Arbitrary file read vulnerability in Copy data to workspace Jenkins Plugin | |||
| CVE-2020-2272 | unknown | — | — | 4y ago | Missing permission checks in Jenkins ElasTest Plugin | |||
| CVE-2020-2278 | unknown | — | — | 4y ago | Arbitrary file write vulnerability in Jenkins Storable Configs Plugin | |||
| CVE-2020-2273 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins ElasTest Plugin | |||
| CVE-2020-2276 | unknown | — | — | 4y ago | System command execution vulnerability in Selection tasks Jenkins Plugin | |||
| CVE-2020-2277 | unknown | — | — | 4y ago | Arbitrary file read vulnerability in Jenkins Storable Configs Plugin | |||
| CVE-2020-2260 | unknown | — | — | 4y ago | Missing permission check in Perfecto Plugin | |||
| CVE-2020-2266 | unknown | — | — | 4y ago | Stored XSS vulnerability in Description Column Plugin | |||
| CVE-2020-2271 | unknown | — | — | 4y ago | Stored XSS vulnerability in Locked Files Report Plugin | |||
| CVE-2020-2261 | unknown | — | — | 4y ago | OS command execution vulnerability in Perfecto Plugin |