CVEs from 2020
Total
3,802
critical
critical 206
high
high 563
medium
medium 743
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-11995 | unknown | — | — | 4y ago | Deserialization exploitation in Apache Dubbo | |||
| CVE-2020-17534 | unknown | — | — | 4y ago | Improper synchronization in Apache Netbeans HTML/Java API | |||
| CVE-2020-27219 | unknown | — | — | 4y ago | Cross-site Scripting in Eclipse Hawkbit | |||
| CVE-2020-17532 | unknown | — | — | 4y ago | Arbitrary code execution in Apache ServiceComb java-chassis | |||
| CVE-2020-23262 | unknown | — | — | 4y ago | SQL injection without credentials in ming-soft MCMS | |||
| CVE-2020-9492 | unknown | — | — | 4y ago | Improper Privilege Management in Apache Hadoop | |||
| CVE-2020-5428 | unknown | — | — | 4y ago | SQL Injection in Spring Cloud Task | |||
| CVE-2020-13920 | unknown | — | — | 4y ago | Improper Authentication in Apache ActiveMQ | |||
| CVE-2020-11998 | unknown | — | — | 4y ago | Remote code execution in Apache ActiveMQ | |||
| CVE-2020-13932 | unknown | — | — | 4y ago | Cross-site Scripting (XSS) in Apache ActiveMQ Artemis | |||
| CVE-2020-1958 | unknown | — | — | 4y ago | Credentials bypass in Apache Druid | |||
| CVE-2020-17523 | unknown | — | — | 4y ago | Authentication bypass in Apache Shiro | |||
| CVE-2020-13947 | unknown | — | — | 4y ago | Cross-site scripting (XSS) in Apache ActiveMQ | |||
| CVE-2020-17516 | unknown | — | — | 4y ago | Authentication Bypass in Apache Cassandra | |||
| CVE-2020-1718 | unknown | — | — | 4y ago | Improper Authentication for Keycloak | |||
| CVE-2020-10776 | unknown | — | — | 4y ago | Cross-site Scripting in keycloak | |||
| CVE-2020-1694 | unknown | — | — | 4y ago | Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak | |||
| CVE-2020-10758 | unknown | — | — | 4y ago | Allocation of Resources Without Limits or Throttling in Keycloak | |||
| CVE-2020-10748 | unknown | — | — | 4y ago | Cross-site Scripting in Keycloak | |||
| CVE-2020-1758 | unknown | — | — | 4y ago | Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak | |||
| CVE-2020-27782 | unknown | — | — | 4y ago | Denial of service in Undertow | |||
| CVE-2020-1926 | unknown | — | — | 4y ago | Apache Hive Information Exposure and Observable Timing Discrepancy | |||
| CVE-2020-12668 | unknown | — | — | 4y ago | Unauthorized access to Class instance in Jinjava | |||
| CVE-2020-9482 | unknown | — | — | 4y ago | Insufficient Session Expiration in Apache NiFi Registry | |||
| CVE-2020-9491 | unknown | — | — | 5y ago | Inadequate Encryption Strength in Apache NiFi | |||
| CVE-2020-9487 | unknown | — | — | 5y ago | Missing Authentication for Critical Function in Apache NiFi | |||
| CVE-2020-9486 | unknown | — | — | 5y ago | Insertion of Sensitive Information into Log File in Apache NiFi Stateless | |||
| CVE-2020-13940 | unknown | — | — | 5y ago | Improper Restriction of XML External Entity Reference in Apache NiFi | |||
| CVE-2020-1942 | unknown | — | — | 5y ago | Insertion of Sensitive Information into Log File in Apache NiFi | |||
| CVE-2020-1928 | unknown | — | — | 5y ago | Apache NiFi Insertion of Sensitive Information into Log File | |||
| CVE-2020-1933 | unknown | — | — | 5y ago | Cross-site scripting in Apache NiFi | |||
| CVE-2020-1936 | unknown | — | — | 5y ago | Cross-site Scripting (XSS) in Apache Ambari Views | |||
| CVE-2020-13936 | unknown | — | — | 5y ago | Sandbox Bypass in Apache Velocity Engine | |||
| CVE-2020-28452 | unknown | — | — | 5y ago | Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12 | |||
| CVE-2020-1952 | unknown | — | — | 5y ago | Improper Certificate Validation in Apache IoTDB | |||
| CVE-2020-1964 | unknown | — | — | 5y ago | Deserialization of Untrusted Data in Apache Heron | |||
| CVE-2020-35215 | unknown | — | — | 5y ago | Malicious Atomix node queries expose sensitive information | |||
| CVE-2020-35209 | unknown | — | — | 5y ago | An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information. | |||
| CVE-2020-35214 | unknown | — | — | 5y ago | An issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via abuse of primitive operations. | |||
| CVE-2020-35210 | unknown | — | — | 5y ago | A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages. | |||
| CVE-2020-35216 | unknown | — | — | 5y ago | An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false member down event messages. | |||
| CVE-2020-35213 | unknown | — | — | 5y ago | An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node. | |||
| CVE-2020-35211 | unknown | — | — | 5y ago | An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node. | |||
| CVE-2020-1940 | unknown | — | — | 5y ago | Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak | |||
| CVE-2020-36282 | unknown | — | — | 5y ago | Unsafe Deserialization that can Result in Code Execution | |||
| CVE-2020-28491 | unknown | — | — | 5y ago | Denial of Service (DoS) in Jackson Dataformat CBOR | |||
| CVE-2020-36189 | unknown | — | — | 5y ago | Unsafe Deserialization in jackson-databind | |||
| CVE-2020-36187 | unknown | — | — | 5y ago | Unsafe Deserialization in jackson-databind | |||
| CVE-2020-36188 | unknown | — | — | 5y ago | Unsafe Deserialization in jackson-databind | |||
| CVE-2020-36184 | unknown | — | — | 5y ago | Unsafe Deserialization in jackson-databind | |||
| CVE-2020-36180 | unknown | — | — | 5y ago | Unsafe Deserialization in jackson-databind | |||
| CVE-2020-36181 | unknown | — | — | 5y ago | Unsafe Deserialization in jackson-databind | |||
| CVE-2020-36185 | unknown | — | — | 5y ago | Unsafe Deserialization in jackson-databind | |||
| CVE-2020-36179 | unknown | — | — | 5y ago | Unsafe Deserialization in jackson-databind | |||
| CVE-2020-36182 | unknown | — | — | 5y ago | Unsafe Deserialization in jackson-databind | |||
| CVE-2020-24750 | unknown | — | — | 5y ago | Unsafe Deserialization in jackson-databind | |||
| CVE-2020-35491 | unknown | — | — | 5y ago | Serialization gadgets exploit in jackson-databind | |||
| CVE-2020-35490 | unknown | — | — | 5y ago | Serialization gadgets exploit in jackson-databind | |||
| CVE-2020-24616 | unknown | — | — | 5y ago | Code Injection in jackson-databind | |||
| CVE-2020-36186 | unknown | — | — | 5y ago | Unsafe Deserialization in jackson-databind | |||
| CVE-2020-14389 | unknown | — | — | 5y ago | Improper privilege management in Keycloak | |||
| CVE-2020-29204 | unknown | — | — | 5y ago | Cross-site Scripting in XXL-JOB | |||
| CVE-2020-8897 | unknown | — | — | 5y ago | Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness | |||
| CVE-2020-7692 | unknown | — | — | 5y ago | Improper Authorization in Google OAuth Client | |||
| CVE-2020-21122 | unknown | — | — | 5y ago | Server-Side Request Forgery in UReport | |||
| CVE-2020-21125 | unknown | — | — | 5y ago | Remote code execution in UReport | |||
| CVE-2020-1744 | unknown | — | — | 5y ago | Exposure of Sensitive Information in keycloak | |||
| CVE-2020-13929 | unknown | — | — | 5y ago | Authentication bypass in Apache Zeppelin | |||
| CVE-2020-6950 | unknown | — | — | 5y ago | Directory traversal in Eclipse Mojarra | |||
| CVE-2020-15522 | unknown | — | — | 5y ago | Timing based private key exposure in Bouncy Castle | |||
| CVE-2020-27178 | unknown | — | — | 5y ago | Improper Authentication in Apereo CAS | |||
| CVE-2020-19676 | unknown | — | — | 5y ago | Incorrect Access Control in Nacos | |||
| CVE-2020-12642 | unknown | — | — | 5y ago | XXE vulnerability in Launch import | |||
| CVE-2020-11977 | unknown | — | — | 5y ago | Shell command injection in Apache Syncope | |||
| CVE-2020-1959 | unknown | — | — | 5y ago | Expression Language Injection in Apache Syncope | |||
| CVE-2020-1961 | unknown | — | — | 5y ago | Injection in Apache Syncope | |||
| CVE-2020-10688 | unknown | — | — | 5y ago | Cross-site scripting in RESTEasy | |||
| CVE-2020-12690 | unknown | — | — | 5y ago | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a key… | |||
| CVE-2020-25724 | unknown | — | — | 5y ago | Unsynchronized Access to Shared Data in a Multithreaded Context in RESTEasy | |||
| CVE-2020-14340 | unknown | — | — | 5y ago | Uncontrolled Resource Consumption in XNIO | |||
| CVE-2020-1719 | unknown | — | — | 5y ago | Privilege Context Switching Error in wildlfy | |||
| CVE-2020-10693 | unknown | — | — | 5y ago | Improper Input Validation in Hibernate Validator | |||
| CVE-2020-25633 | unknown | — | — | 5y ago | Generation of Error Message Containing Sensitive Information in RESTEasy client | |||
| CVE-2020-11972 | unknown | — | — | 5y ago | Deserialization of Untrusted Data in Apache Camel RabbitMQ | |||
| CVE-2020-1960 | unknown | — | — | 5y ago | Command injection in Apache Flink | |||
| CVE-2020-11971 | unknown | — | — | 5y ago | Improper Input Validation in Apache Camel | |||
| CVE-2020-7709 | unknown | — | — | 5y ago | Prototype pollution in json-pointer | |||
| CVE-2020-10544 | unknown | — | — | 5y ago | Cross-site Scripting in PrimeFaces | |||
| CVE-2020-24554 | unknown | — | — | 5y ago | Open Redirect in Liferay Portal | |||
| CVE-2020-25020 | unknown | — | — | 5y ago | Improper Restriction of XML External Entity Reference in MPXJ | |||
| CVE-2020-9298 | unknown | — | — | 5y ago | Server-Side Request Forgery in Spinnaker Orca | |||
| CVE-2020-13933 | unknown | — | — | 5y ago | Authentication bypass in Apache Shiro | |||
| CVE-2020-11976 | unknown | — | — | 5y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket | |||
| CVE-2020-1951 | unknown | — | — | 5y ago | Infinite Loop in Apache Tika | |||
| CVE-2020-1950 | unknown | — | — | 5y ago | Uncontrolled Resource Consumption in Apache Tika | |||
| CVE-2020-9489 | unknown | — | — | 5y ago | Missing Release of Memory after Effective Lifetime in Apache Tika | |||
| CVE-2020-1957 | unknown | — | — | 5y ago | Improper Authentication in Apache Shiro | |||
| CVE-2020-11989 | unknown | — | — | 5y ago | Improper Authentication in Apache Shiro | |||
| CVE-2020-7712 | unknown | — | — | 5y ago | trentm/json vulnerable to command injection | |||
| CVE-2020-5421 | unknown | — | — | 5y ago | Improper Input Validation in Spring Framework |