CVEs from 2020
Total
3,798
critical
critical 206
high
high 563
medium
medium 745
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-5274 | unknown | — | — | 6y ago | In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even … | |||
| CVE-2020-5255 | unknown | — | — | 6y ago | In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the r… | |||
| CVE-2020-5280 | unknown | — | — | 6y ago | Local file inclusion vulnerability in http4s | |||
| CVE-2020-6858 | unknown | — | — | 6y ago | HTTP Response Splitting in Styx | |||
| CVE-2020-5245 | unknown | — | — | 6y ago | Remote Code Execution (RCE) vulnerability in dropwizard-validation | |||
| CVE-2020-7238 | unknown | — | — | 6y ago | HTTP Request Smuggling in Netty | |||
| CVE-2020-1925 | unknown | — | — | 6y ago | Server-Side Request Forgery (SSRF) in Apache Olingo | |||
| CVE-2020-5228 | unknown | — | — | 6y ago | Unauthenticated Access Via OAI-PMH | |||
| CVE-2020-5229 | unknown | — | — | 6y ago | Password Hashing: Do not use MD5 | |||
| CVE-2020-5230 | unknown | — | — | 6y ago | Unsafe Identifiers in Opencast | |||
| CVE-2020-5222 | unknown | — | — | 6y ago | Hard-Coded Key Used For Remember-me Token in Opencast | |||
| CVE-2020-5231 | unknown | — | — | 6y ago | Users with ROLE_COURSE_ADMIN can create new users in Opencast | |||
| CVE-2020-5206 | unknown | — | — | 6y ago | Authentication Bypass For Endpoints With Anonymous Access in Opencast | |||
| CVE-2020-5207 | unknown | — | — | 6y ago | Request smuggling is possible when both chunked TE and content length specified | |||
| CVE-2020-5397 | unknown | — | — | 7y ago | CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux | |||
| CVE-2020-5398 | unknown | — | — | 7y ago | RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application |