VIR Vulnerability Intelligence Relay

CVEs from 2020

3,794 normalized CVEs published or assigned in this year.

Total
3,794
critical
critical 206
high
high 563
medium
medium 744
low
low 60
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%

Top vendors

Top products

  • retail_xstore_point_of_service 33
  • banking_digital_experience 30
  • primavera_unifier 29
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 13
  • insurance_policy_administration_j2ee 11
  • communications_network_charging_and_control 10
  • enterprise_manager_base_platform 10

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2020-15106 unknown 4y ago In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on …
CVE-2020-15112 unknown 4y ago In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are b…
CVE-2020-23622 unknown 4y ago 4thline cling uPnP protocol issue can lead to denial of service
CVE-2020-7677 unknown 4y ago thenify before 3.3.1 made use of unsafe calls to `eval`.
CVE-2020-28191 unknown 4y ago Togglz console missing cross-site request forgery (CSRF) protection
CVE-2020-10650 unknown 4y ago A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta…
CVE-2020-28865 unknown 4y ago Insufficiently Protected Credentials in PowerJob
CVE-2020-28088 unknown 4y ago Jeecg-Boot CMS arbitrary file upload vulnerability
CVE-2020-7021 unknown 4y ago Insertion of Sensitive Information into Log File in Elasticsearch
CVE-2020-29582 unknown 4y ago Incorrect Default Permissions in JetBrains Kotlin
CVE-2020-25476 unknown 4y ago Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via User Name Parameter
CVE-2020-8920 unknown 4y ago Information leak in Gerrit
CVE-2020-16971 unknown 4y ago Azure SDK for Java Security Feature Bypass Vulnerability
CVE-2020-27822 unknown 4y ago Wildfly has a memory leak vulnerability
CVE-2020-2322 unknown 4y ago Missing permission checks in Jenkins Chaos Monkey Plugin
CVE-2020-2320 unknown 4y ago Jenkins Plugin Installation Manager Tool did not verify plugin downloads
CVE-2020-2324 unknown 4y ago XXE vulnerability in Jenkins CVS Plugin
CVE-2020-2323 unknown 4y ago Missing permission checks in Jenkins Chaos Monkey Plugin
CVE-2020-2321 unknown 4y ago CSRF vulnerability in Jenkins Shelve Project Plugin
CVE-2020-2318 unknown 4y ago Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin
CVE-2020-2319 unknown 4y ago Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin
CVE-2020-2316 unknown 4y ago Stored XSS vulnerability in Jenkins Static Analysis Utilities Plugin
CVE-2020-2311 unknown 4y ago Missing permission check in Jenkins AWS Global Configuration Plugin allows replacing plugin configuration
CVE-2020-2309 unknown 4y ago Missing authorization in Jenkins Kubernetes Plugin
CVE-2020-2315 unknown 4y ago XXE vulnerability in Jenkins Visualworks Store Plugin
CVE-2020-2314 unknown 4y ago Password stored in plain text by Jenkins AppSpider Plugin
CVE-2020-2312 unknown 4y ago Password written to the build log by Jenkins SQLPlus Script Runner Plugin
CVE-2020-2310 unknown 4y ago Missing permission checks in Jenkins Ansible Plugin allow enumerating credentials IDs
CVE-2020-2313 unknown 4y ago Missing permission checks in Jenkins Azure Key Vault Plugin allow enumerating credentials IDs
CVE-2020-2308 unknown 4y ago Missing Authorization in Jenkins Kubernetes Plugin
CVE-2020-2306 unknown 4y ago Missing Authorization in Jenkins Mercurial Plugin
CVE-2020-2301 unknown 4y ago Authentication cache in Active Directory Jenkins Plugin allows logging in with any password
CVE-2020-2302 unknown 4y ago Missing permission check in Jenkins Active Directory Plugin allows accessing domain health check page
CVE-2020-2303 unknown 4y ago CSRF vulnerability in Jenkins Active Directory Plugin
CVE-2020-2300 unknown 4y ago Improper Authentication (empty password) in Jenkins Active Directory Plugin
CVE-2020-2307 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Kubernetes Plugin
CVE-2020-2299 unknown 4y ago Improper Authentication in Jenkins Active Directory Plugin
CVE-2020-2304 unknown 4y ago XXE vulnerability in Jenkins Subversion Plugin
CVE-2020-2305 unknown 4y ago XXE vulnerability in Jenkins Mercurial Plugin
CVE-2020-25689 unknown 4y ago Uncontrolled Resource Consumption in WildFly
CVE-2020-10721 unknown 4y ago fabric8-maven-plugin: insecure way to construct Yaml Object leading to remote code execution
CVE-2020-2297 unknown 4y ago Access token stored in plain text by Jenkins SMS Notification Plugin
CVE-2020-2298 unknown 4y ago XXE vulnerability in Jenkins Nerrvana Plugin
CVE-2020-2294 unknown 4y ago Missing permission checks in Jenkins Maven Cascade Release Plugin
CVE-2020-2295 unknown 4y ago CSRF vulnerability in Jenkins Maven Cascade Release Plugin
CVE-2020-2288 unknown 4y ago Incorrect default pattern in Jenkins Audit Trail Plugin
CVE-2020-2293 unknown 4y ago Arbitrary file read vulnerability in Jenkins Persona Plugin
CVE-2020-2289 unknown 4y ago Stored XSS vulnerability in Jenkins Active Choices Plugin
CVE-2020-2290 unknown 4y ago Stored XSS vulnerability in Jenkins Active Choices Plugin
CVE-2020-2296 unknown 4y ago CSRF vulnerability in Jenkins Shared Objects Plugin
CVE-2020-2292 unknown 4y ago Stored XSS vulnerability in Jenkins Release Plugin
CVE-2020-2291 unknown 4y ago Password stored in plain text by Jenkins couchdb-statistics Plugin
CVE-2020-25644 unknown 4y ago Wildfly-OpenSSL memory leak flaw
CVE-2020-15840 unknown 4y ago Liferay Portal and Liferay DXP Bypass via Double Encoded URL
CVE-2020-2284 unknown 4y ago XXE vulnerability in Jenkins Liquibase Runner Plugin
CVE-2020-2283 unknown 4y ago Stored XSS vulnerability in Jenkins Liquibase Runner Plugin
CVE-2020-2281 unknown 4y ago CSRF vulnerability in Jenkins Lockable Resources Plugin
CVE-2020-2280 unknown 4y ago CSRF vulnerability in Jenkins warnings Plugin allows remote code execution
CVE-2020-2285 unknown 4y ago Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs
CVE-2020-2279 unknown 4y ago Sandbox bypass vulnerability in Jenkins Script Security Plugin
CVE-2020-2282 unknown 4y ago Missing permission check in Jenkins Implied Labels Plugin allows reconfiguring the plugin
CVE-2020-2273 unknown 4y ago CSRF vulnerability in Jenkins ElasTest Plugin
CVE-2020-2276 unknown 4y ago System command execution vulnerability in Selection tasks Jenkins Plugin
CVE-2020-2275 unknown 4y ago Arbitrary file read vulnerability in Copy data to workspace Jenkins Plugin
CVE-2020-2277 unknown 4y ago Arbitrary file read vulnerability in Jenkins Storable Configs Plugin
CVE-2020-2272 unknown 4y ago Missing permission checks in Jenkins ElasTest Plugin
CVE-2020-2274 unknown 4y ago Passwords stored in plain text by ElasTest Plugin
CVE-2020-2278 unknown 4y ago Arbitrary file write vulnerability in Jenkins Storable Configs Plugin
CVE-2020-2268 unknown 4y ago CSRF vulnerability in MongoDB Plugin
CVE-2020-2271 unknown 4y ago Stored XSS vulnerability in Locked Files Report Plugin
CVE-2020-2267 unknown 4y ago Missing permission checks in MongoDB Plugin
CVE-2020-2265 unknown 4y ago Stored XSS vulnerability in Coverage/Complexity Scatter Plot Plugin
CVE-2020-2266 unknown 4y ago Stored XSS vulnerability in Description Column Plugin
CVE-2020-2260 unknown 4y ago Missing permission check in Perfecto Plugin
CVE-2020-2261 unknown 4y ago OS command execution vulnerability in Perfecto Plugin
CVE-2020-2270 unknown 4y ago Stored XSS vulnerability in ClearCase Release Plugin
CVE-2020-2264 unknown 4y ago Stored XSS vulnerability in Custom Job Icon Plugin
CVE-2020-2262 unknown 4y ago Stored XSS vulnerability in android-lint Plugin
CVE-2020-2255 unknown 4y ago Missing permission check in Blue Ocean Plugin
CVE-2020-2263 unknown 4y ago Stored XSS vulnerability in Radiator View Plugin
CVE-2020-2259 unknown 4y ago Stored XSS vulnerability in computer-queue-plugin Plugin
CVE-2020-2257 unknown 4y ago Stored XSS vulnerability in Validating String Parameter Plugin
CVE-2020-2258 unknown 4y ago Incorrect permission check in Health Advisor by CloudBees Plugin
CVE-2020-2256 unknown 4y ago Stored XSS vulnerability in Pipeline Maven Integration Plugin via unescaped display name
CVE-2020-2252 unknown 4y ago Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin
CVE-2020-2254 unknown 4y ago Path traversal vulnerability in Blue Ocean Plugin
CVE-2020-2253 unknown 4y ago Missing hostname validation in Email Extension Plugin
CVE-2020-23811 unknown 4y ago xxl-job sensitive data exposure
CVE-2020-23814 unknown 4y ago xxl-job Multiple cross-site scripting (XSS) vulnerabilities
CVE-2020-2243 unknown 4y ago Stored XSS vulnerability in Jenkins Cadence vManager Plugin
CVE-2020-2248 unknown 4y ago Reflected XSS vulnerability in Jenkins JSGames Plugin
CVE-2020-2244 unknown 4y ago XSS vulnerability in Jenkins Build Failure Analyzer Plugin
CVE-2020-2247 unknown 4y ago XXE vulnerability in Jenkins Klocwork Analysis Plugin
CVE-2020-2251 unknown 4y ago Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin
CVE-2020-2250 unknown 4y ago Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin
CVE-2020-2241 unknown 4y ago CSRF vulnerability in Jenkins Database Plugin
CVE-2020-2238 unknown 4y ago Stored XSS vulnerability in Jenkins Git Parameter Plugin
CVE-2020-2239 unknown 4y ago Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin
CVE-2020-2245 unknown 4y ago XXE vulnerability in Jenkins Valgrind Plugin
CVE-2020-2242 unknown 4y ago Missing permission checks in Jenkins Database Plugin