CVEs from 2020
Total
3,795
critical
critical 206
high
high 563
medium
medium 745
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-23811 | unknown | — | — | 4y ago | xxl-job sensitive data exposure | |||
| CVE-2020-2248 | unknown | — | — | 4y ago | Reflected XSS vulnerability in Jenkins JSGames Plugin | |||
| CVE-2020-2250 | unknown | — | — | 4y ago | Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin | |||
| CVE-2020-2251 | unknown | — | — | 4y ago | Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin | |||
| CVE-2020-2243 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Cadence vManager Plugin | |||
| CVE-2020-2247 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Klocwork Analysis Plugin | |||
| CVE-2020-2244 | unknown | — | — | 4y ago | XSS vulnerability in Jenkins Build Failure Analyzer Plugin | |||
| CVE-2020-2238 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Git Parameter Plugin | |||
| CVE-2020-2240 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Database Plugin | |||
| CVE-2020-2242 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Database Plugin | |||
| CVE-2020-2239 | unknown | — | — | 4y ago | Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin | |||
| CVE-2020-2245 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Valgrind Plugin | |||
| CVE-2020-2246 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Valgrind Plugin | |||
| CVE-2020-2249 | unknown | — | — | 4y ago | Credentials stored in plain text by Jenkins tfs Plugin | |||
| CVE-2020-2241 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Database Plugin | |||
| CVE-2020-13828 | unknown | — | — | 4y ago | Dolibarr stored Cross-Site Scripting (XSS) vulnerability | |||
| CVE-2020-24714 | unknown | — | — | 4y ago | The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option. | |||
| CVE-2020-24715 | unknown | — | — | 4y ago | The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltNa… | |||
| CVE-2020-24653 | unknown | — | — | 4y ago | Expo on iOS is insecure due incorrect security attribute application | |||
| CVE-2020-17376 | unknown | — | — | 4y ago | An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously under… | |||
| CVE-2020-15777 | unknown | — | — | 4y ago | Maven Extension plugin for Gradle Enterprise vulnerable to Deserialization of Untrusted Data | |||
| CVE-2020-14042 | unknown | — | — | 4y ago | Codiad Cross-site Scripting Vulnerability | |||
| CVE-2020-14044 | unknown | — | — | 4y ago | Codiad SSRF Vulnerability | |||
| CVE-2020-14043 | unknown | — | — | 4y ago | Codiad CSRF Vulnerability | |||
| CVE-2020-14201 | unknown | — | — | 4y ago | Dolibarr CRM allows Privilege Escalation | |||
| CVE-2020-7019 | unknown | — | — | 4y ago | Improper privilege management in elasticsearch | |||
| CVE-2020-8226 | unknown | — | — | 4y ago | phpBB Server-Side Request Forgery Vulnerability | |||
| CVE-2020-7704 | unknown | — | — | 4y ago | linux-cmdline is vulnerable to Prototype Pollution via the constructor | |||
| CVE-2020-2235 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin allow capturing credentials | |||
| CVE-2020-2237 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Flaky Test Handler Plugin | |||
| CVE-2020-2234 | unknown | — | — | 4y ago | Missing permission check in Jenkins Pipeline Maven Integration Plugin allow capturing credentials | |||
| CVE-2020-2232 | unknown | — | — | 4y ago | Jenkins Email Extension Plugin SMTP password transmitted and displayed in plain text | |||
| CVE-2020-2233 | unknown | — | — | 4y ago | Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs | |||
| CVE-2020-2236 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin | |||
| CVE-2020-16266 | unknown | — | — | 4y ago | MantisBT XSS issue on the view_all_bug_page.php | |||
| CVE-2020-9692 | unknown | — | — | 4y ago | Magento security mitigation bypass vulnerability | |||
| CVE-2020-9691 | unknown | — | — | 4y ago | Magento DOM-based Cross-site scripting vulnerability | |||
| CVE-2020-9690 | unknown | — | — | 4y ago | Magento observable timing discrepancy vulnerability | |||
| CVE-2020-9689 | unknown | — | — | 4y ago | Magento path traversal vulnerability | |||
| CVE-2020-8553 | unknown | — | — | 4y ago | ingress-nginx component for Kubernetes allows file overwrite | |||
| CVE-2020-15899 | unknown | — | — | 4y ago | Grin insufficient data validation | |||
| CVE-2020-13970 | unknown | — | — | 4y ago | Shopware vulnerable to SSRF | |||
| CVE-2020-13971 | unknown | — | — | 4y ago | Shopware vulnerable to Cross-site Scripting | |||
| CVE-2020-13997 | unknown | — | — | 4y ago | Shopware database password is leaked to an unauthenticated users | |||
| CVE-2020-14297 | unknown | — | — | 4y ago | Wildfly EJB Client causes DoS | |||
| CVE-2020-15904 | unknown | — | — | 4y ago | A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file. | |||
| CVE-2020-15883 | unknown | — | — | 4y ago | MunkiReport Managed Installs module Reflected Cross-Site Scripting (XSS) vulnerability | |||
| CVE-2020-15885 | unknown | — | — | 4y ago | MunkiReport Cross-Site Scripting (XSS) Filter Bypass On Comment | |||
| CVE-2020-15881 | unknown | — | — | 4y ago | MunkiReport munki_facts module Cross-Site Scripting (XSS) vulnerability | |||
| CVE-2020-15887 | unknown | — | — | 4y ago | MunkiReport Software Update module is vulnerable to SQL injection | |||
| CVE-2020-15886 | unknown | — | — | 4y ago | MunkiReport reportdata module SQL injection vulnerability | |||
| CVE-2020-15391 | unknown | — | — | 4y ago | DevSpace vulnerable to remote code execution | |||
| CVE-2020-9664 | unknown | — | — | 4y ago | Magento php object injection vulnerability | |||
| CVE-2020-9665 | unknown | — | — | 4y ago | Magento stored cross-site scripting vulnerability | |||
| CVE-2020-15873 | unknown | — | — | 4y ago | LibreNMS SQL Injection vulnerability | |||
| CVE-2020-15842 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP have Insecure Deserialization Vulnerability | |||
| CVE-2020-15841 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Potentially Reveal LDAP Server Password via Unsafe Connection | |||
| CVE-2020-13405 | unknown | — | — | 4y ago | Microweber Discloses Sensitive Information | |||
| CVE-2020-9309 | unknown | — | — | 4y ago | Silverstripe CMS malicious file upload enables script execution | |||
| CVE-2020-9311 | unknown | — | — | 4y ago | Silverstripe CMS XSS Vulnerability | |||
| CVE-2020-6165 | unknown | — | — | 4y ago | Silverstripe has Incorrect Default Permissions | |||
| CVE-2020-6164 | unknown | — | — | 4y ago | Silverstripe CMS information disclosure | |||
| CVE-2020-2222 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins 'keep forever' badge icon | |||
| CVE-2020-2225 | unknown | — | — | 4y ago | Stored XSS vulnerability in multiple axis builds tooltips in Jenkins Matrix Project Plugin | |||
| CVE-2020-2227 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Deployer Framework Plugin | |||
| CVE-2020-2226 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin | |||
| CVE-2020-2228 | unknown | — | — | 4y ago | Improper authorization of users and groups with the same base name in Jenkins GitLab Authentication Plugin | |||
| CVE-2020-2220 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins job build time trend | |||
| CVE-2020-2221 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins upstream cause | |||
| CVE-2020-2223 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins console links | |||
| CVE-2020-2224 | unknown | — | — | 4y ago | Stored XSS vulnerability in single axis builds tooltips in Jenkins Matrix Project Plugin | |||
| CVE-2020-15517 | unknown | — | — | 4y ago | ke_search for Typo3 XSS Vulnerability | |||
| CVE-2020-15514 | unknown | — | — | 4y ago | jh_captcha for Typo3 XSS Vulnerability | |||
| CVE-2020-2217 | unknown | — | — | 4y ago | Reflected XSS in Jenkins Compatibility Action Storage Plugin | |||
| CVE-2020-2219 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Link Column Plugin | |||
| CVE-2020-2216 | unknown | — | — | 4y ago | Missing permission checks in Zephyr for JIRA Test Management Plugin | |||
| CVE-2020-2218 | unknown | — | — | 4y ago | Password stored in plain text by Jenkins HP ALM Quality Center Plugin | |||
| CVE-2020-2215 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Zephyr for JIRA Test Management Plugin | |||
| CVE-2020-2214 | unknown | — | — | 4y ago | Content-Security-Policy protection for user content disabled by Jenkins ZAP Pipeline Plugin | |||
| CVE-2020-2207 | unknown | — | — | 4y ago | Reflected XSS vulnerability in Jenkins VncViewer Plugin | |||
| CVE-2020-2204 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Fortify on Demand Plugin | |||
| CVE-2020-2206 | unknown | — | — | 4y ago | Reflected XSS vulnerability in Jenkins VncRecorder Plugin | |||
| CVE-2020-2211 | unknown | — | — | 4y ago | RCE vulnerability in ElasticBox Jenkins Kubernetes CI/CD Plugin | |||
| CVE-2020-2209 | unknown | — | — | 4y ago | Password stored in plain text by Jenkins TestComplete support Plugin | |||
| CVE-2020-2213 | unknown | — | — | 4y ago | Credentials stored in plain text by Jenkins White Source Plugin | |||
| CVE-2020-2210 | unknown | — | — | 4y ago | Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin | |||
| CVE-2020-2212 | unknown | — | — | 4y ago | Secret stored in plain text by Jenkins GitHub Coverage Reporter Plugin | |||
| CVE-2020-2208 | unknown | — | — | 4y ago | Secret stored in plain text by Jenkins Slack Upload Plugin | |||
| CVE-2020-2203 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Fortify on Demand Plugin | |||
| CVE-2020-2205 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins VncRecorder Plugin | |||
| CVE-2020-2201 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Sonargraph Integration Plugin | |||
| CVE-2020-2202 | unknown | — | — | 4y ago | Users with Overall/Read access could enumerate credentials IDs in Jenkins Fortify on Demand Plugin | |||
| CVE-2020-9630 | unknown | — | — | 4y ago | Magento business logic error vulnerability | |||
| CVE-2020-9632 | unknown | — | — | 4y ago | Magento security mitigation bypass vulnerability | |||
| CVE-2020-9631 | unknown | — | — | 4y ago | Magento security mitigation bypass vulnerability | |||
| CVE-2020-9591 | unknown | — | — | 4y ago | Magento defense-in-depth security mitigation vulnerability | |||
| CVE-2020-9584 | unknown | — | — | 4y ago | Magento Stored cross-site scripting | |||
| CVE-2020-9588 | unknown | — | — | 4y ago | Magento Signature verification bypass | |||
| CVE-2020-9582 | unknown | — | — | 4y ago | Magento command injection vulnerability | |||
| CVE-2020-9585 | unknown | — | — | 4y ago | Magento Defense-in-depth security mitigation vulnerability |