CVEs from 2020
Total
3,802
critical
critical 206
high
high 563
medium
medium 743
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-2136 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins Git Plugin | |||
| CVE-2020-2135 | unknown | — | — | 4y ago | Sandbox bypass vulnerability in Script Security Plugin | |||
| CVE-2020-2134 | unknown | — | — | 4y ago | Sandbox bypass vulnerability in Script Security Plugin | |||
| CVE-2020-2139 | unknown | — | — | 4y ago | Arbitrary file write vulnerability in Jenkins Cobertura Plugin | |||
| CVE-2020-8441 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in JYaml | |||
| CVE-2020-2130 | unknown | — | — | 4y ago | Passwords stored in plain text by Harvest SCM Plugin | |||
| CVE-2020-2131 | unknown | — | — | 4y ago | Passwords stored in plain text by Harvest SCM Plugin | |||
| CVE-2020-2133 | unknown | — | — | 4y ago | Password stored in plain text by Applatix Plugin | |||
| CVE-2020-2129 | unknown | — | — | 4y ago | Plaintext Storage of a Password in Jenkins Eagle Tester Plugin | |||
| CVE-2020-2132 | unknown | — | — | 4y ago | Password stored in plain text by Parasoft Environment Manager Plugin | |||
| CVE-2020-2123 | unknown | — | — | 4y ago | RCE vulnerability in RadarGun Plugin | |||
| CVE-2020-2120 | unknown | — | — | 4y ago | XXE vulnerability in FitNesse Plugin | |||
| CVE-2020-2121 | unknown | — | — | 4y ago | RCE vulnerability in Google Kubernetes Engine Plugin | |||
| CVE-2020-2125 | unknown | — | — | 4y ago | Credentials stored in plain text by debian-package-builder Plugin | |||
| CVE-2020-2128 | unknown | — | — | 4y ago | Password stored in plain text by ECX Copy Data Management Plugin | |||
| CVE-2020-2122 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins brakeman Plugin | |||
| CVE-2020-2126 | unknown | — | — | 4y ago | Token stored in plain text by DigitalOcean Plugin | |||
| CVE-2020-2127 | unknown | — | — | 4y ago | Credential stored in plain text by BMC Release Package and Deployment Plugin | |||
| CVE-2020-2124 | unknown | — | — | 4y ago | Password stored in plain text by Dynamic Extended Choice Parameter Plugin | |||
| CVE-2020-2115 | unknown | — | — | 4y ago | XXE vulnerability in NUnit Plugin | |||
| CVE-2020-2119 | unknown | — | — | 4y ago | Client secret transmitted in plain text by Azure AD Plugin | |||
| CVE-2020-2111 | unknown | — | — | 4y ago | Subversion Plugin stored XSS vulnerability | |||
| CVE-2020-2117 | unknown | — | — | 4y ago | Missing permission checks in Pipeline GitHub Notify Step Plugin allows capturing credentials | |||
| CVE-2020-2116 | unknown | — | — | 4y ago | CSRF vulnerability in Pipeline GitHub Notify Step Plugin allows capturing credentials | |||
| CVE-2020-2109 | unknown | — | — | 4y ago | Improper Input Validation in Jenkins Pipeline: Groovy Plugin | |||
| CVE-2020-2118 | unknown | — | — | 4y ago | Users with Overall/Read access can enumerate credential IDs in Pipeline GitHub Notify Step Plugin | |||
| CVE-2020-2114 | unknown | — | — | 4y ago | Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration | |||
| CVE-2020-2113 | unknown | — | — | 4y ago | Jenkins Git Parameter Plugin vulnerable to stored cross-site scripting (XSS) | |||
| CVE-2020-2112 | unknown | — | — | 4y ago | Jenkins Git Parameter Plugin vulnerable to Stored cross-site scripting (XSS) | |||
| CVE-2020-2110 | unknown | — | — | 4y ago | Improper Input Validation in Jenkins Script Security Plugin | |||
| CVE-2020-2105 | unknown | — | — | 4y ago | Jenkins REST APIs vulnerable to clickjacking | |||
| CVE-2020-2108 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins WebSphere Deployer Plugin | |||
| CVE-2020-2106 | unknown | — | — | 4y ago | Stored XSS vulnerability in Code Coverage API Plugin | |||
| CVE-2020-2107 | unknown | — | — | 4y ago | Fortify Plugin stored credentials in plain text | |||
| CVE-2020-2100 | unknown | — | — | 4y ago | Jenkins vulnerable to UDP amplification reflection attack | |||
| CVE-2020-2102 | unknown | — | — | 4y ago | Non-constant time HMAC comparison | |||
| CVE-2020-2099 | unknown | — | — | 4y ago | Inbound TCP Agent Protocol/3 authentication bypass in Jenkins | |||
| CVE-2020-2101 | unknown | — | — | 4y ago | Non-constant time comparison of inbound TCP agent connection secret | |||
| CVE-2020-2104 | unknown | — | — | 4y ago | Memory usage graphs accessible to anyone with Overall/Read | |||
| CVE-2020-2103 | unknown | — | — | 4y ago | Jenkins Diagnostic page exposed session cookies | |||
| CVE-2020-2097 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Sounds Plugin allow OS command execution | |||
| CVE-2020-2094 | unknown | — | — | 4y ago | Missing permission checks in Health Advisor by CloudBees Plugin | |||
| CVE-2020-2095 | unknown | — | — | 4y ago | Redgate SQL Change Automation Plugin stored credentials in plain text | |||
| CVE-2020-2092 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Robot Framework Plugin | |||
| CVE-2020-2098 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Sounds Plugin allow OS command execution | |||
| CVE-2020-2093 | unknown | — | — | 4y ago | CSRF vulnerability in Health Advisor by CloudBees Plugin | |||
| CVE-2020-2091 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Amazon EC2 Plugin | |||
| CVE-2020-2090 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Amazon EC2 Plugin | |||
| CVE-2020-14326 | unknown | — | — | 4y ago | RESTEasy 4.5.5.Final in hash flooding | |||
| CVE-2020-35510 | unknown | — | — | 4y ago | Uncontrolled Resource Consumption in jboss-remoting | |||
| CVE-2020-1729 | unknown | — | — | 4y ago | Permissions bypass in SmallRye | |||
| CVE-2020-13401 | unknown | — | — | 4y ago | An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts… | |||
| CVE-2020-28466 | unknown | — | — | 4y ago | This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer fro… | |||
| CVE-2020-10714 | unknown | — | — | 4y ago | Session Fixation in WildFly Elytron | |||
| CVE-2020-1748 | unknown | — | — | 4y ago | Incorrect Authorization in WildFly Elytron | |||
| CVE-2020-25640 | unknown | — | — | 4y ago | Wildfly logs plaintext passwords | |||
| CVE-2020-14338 | unknown | — | — | 4y ago | Improper Input Validation in Xerces | |||
| CVE-2020-15157 | unknown | — | — | 4y ago | In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Sche… | |||
| CVE-2020-11969 | unknown | — | — | 4y ago | Missing Authentication for Critical Function in Apache TomEE | |||
| CVE-2020-9296 | unknown | — | — | 4y ago | Expression Language Injection in Netflix Conductor | |||
| CVE-2020-9495 | unknown | — | — | 4y ago | Injection in Apache Archiva | |||
| CVE-2020-9480 | unknown | — | — | 4y ago | Improper Authentication in Apache Spark | |||
| CVE-2020-11980 | unknown | — | — | 4y ago | Server-Side Request Forgery in Karaf | |||
| CVE-2020-13973 | unknown | — | — | 4y ago | Cross-site scripting in json-sanitizer | |||
| CVE-2020-15813 | unknown | — | — | 4y ago | Improper Certificate Validation in Graylog | |||
| CVE-2020-1948 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Apache Dubbo | |||
| CVE-2020-1954 | unknown | — | — | 4y ago | Apache CXF JMX Integration is vulnerable to a MITM attack | |||
| CVE-2020-24164 | unknown | — | — | 4y ago | Gadget chain attack in Nippy | |||
| CVE-2020-13928 | unknown | — | — | 4y ago | Cross-site scripting in Apache Atlas | |||
| CVE-2020-10591 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Concord | |||
| CVE-2020-15839 | unknown | — | — | 4y ago | Unrestricted Upload of File with Dangerous Type in Liferay Portal and Liferay DXP | |||
| CVE-2020-1947 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Apache ShardingSphere | |||
| CVE-2020-13953 | unknown | — | — | 4y ago | Improper file downloads in Apache Tapestry | |||
| CVE-2020-2287 | unknown | — | — | 4y ago | Request logging bypass in Jenkins Audit Trail Plugin | |||
| CVE-2020-13937 | unknown | — | — | 4y ago | Authentication bypass in Apache Kylin | |||
| CVE-2020-5403 | unknown | — | — | 4y ago | Improper Handling of Exceptional Conditions and Improper Input Validation in Reactor Netty | |||
| CVE-2020-5404 | unknown | — | — | 4y ago | Insufficiently Protected Credentials in Reactor Netty | |||
| CVE-2020-26882 | unknown | — | — | 4y ago | Data Amplification in Play Framework | |||
| CVE-2020-27196 | unknown | — | — | 4y ago | Out-of-bounds Write in Play Framework | |||
| CVE-2020-26883 | unknown | — | — | 4y ago | Uncontrolled Recursion in Play Framework | |||
| CVE-2020-27217 | unknown | — | — | 4y ago | Improper Validation of Specified Quantity in Input in Eclipse Hono | |||
| CVE-2020-13957 | unknown | — | — | 4y ago | Incorrect Authorization in Apache Solr | |||
| CVE-2020-13942 | unknown | — | — | 4y ago | Injection and Improper Input Validation in Apache Unomi | |||
| CVE-2020-11975 | unknown | — | — | 4y ago | Improper Input Validation in Apache Unomi | |||
| CVE-2020-7778 | unknown | — | — | 4y ago | This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands. | |||
| CVE-2020-25802 | unknown | — | — | 4y ago | Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio | |||
| CVE-2020-25803 | unknown | — | — | 4y ago | Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio | |||
| CVE-2020-7780 | unknown | — | — | 4y ago | Cross-Site Request Forgery | |||
| CVE-2020-13943 | unknown | — | — | 4y ago | If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation o… | |||
| CVE-2020-8022 | unknown | — | — | 4y ago | Incorrect Default Permissions in Apache Tomcat | |||
| CVE-2020-25638 | unknown | — | — | 4y ago | SQL injection in hibernate-core | |||
| CVE-2020-25711 | unknown | — | — | 4y ago | Improper Access Control in infinispan-server-runtime | |||
| CVE-2020-28923 | unknown | — | — | 4y ago | Data Amplification in Play Framework | |||
| CVE-2020-17531 | unknown | — | — | 4y ago | Serialization vulnerability in Apache Tapestry | |||
| CVE-2020-11974 | unknown | — | — | 4y ago | Remote code execution in DolphinScheduler | |||
| CVE-2020-13931 | unknown | — | — | 4y ago | Remote code execution in Apache TomEE | |||
| CVE-2020-17533 | unknown | — | — | 4y ago | Improper privilege handling in Apache Accumulo | |||
| CVE-2020-35774 | unknown | — | — | 4y ago | TwitterServer Cross-site Scripting via /histograms endpoint | |||
| CVE-2020-13654 | unknown | — | — | 4y ago | Improper escaping in XWiki Platform | |||
| CVE-2020-17518 | unknown | — | — | 4y ago | Upload of file to arbitrary path in Apache Flink |