CVEs from 2020
Total
3,992
critical
critical 169
high
high 590
medium
medium 739
low
low 59
% Critical
4.2%
% with KEV
3.7%
% with exploit
4.0%
Top vendors
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-2256 | unknown | — | — | 4y ago | Stored XSS vulnerability in Pipeline Maven Integration Plugin via unescaped display name | |||
| CVE-2020-2252 | unknown | — | — | 4y ago | Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin | |||
| CVE-2020-2263 | unknown | — | — | 4y ago | Stored XSS vulnerability in Radiator View Plugin | |||
| CVE-2020-2258 | unknown | — | — | 4y ago | Incorrect permission check in Health Advisor by CloudBees Plugin | |||
| CVE-2020-2254 | unknown | — | — | 4y ago | Path traversal vulnerability in Blue Ocean Plugin | |||
| CVE-2020-2253 | unknown | — | — | 4y ago | Missing hostname validation in Email Extension Plugin | |||
| CVE-2020-23811 | unknown | — | — | 4y ago | xxl-job sensitive data exposure | |||
| CVE-2020-23814 | unknown | — | — | 4y ago | xxl-job Multiple cross-site scripting (XSS) vulnerabilities | |||
| CVE-2020-2250 | unknown | — | — | 4y ago | Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin | |||
| CVE-2020-2244 | unknown | — | — | 4y ago | XSS vulnerability in Jenkins Build Failure Analyzer Plugin | |||
| CVE-2020-2251 | unknown | — | — | 4y ago | Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin | |||
| CVE-2020-2248 | unknown | — | — | 4y ago | Reflected XSS vulnerability in Jenkins JSGames Plugin | |||
| CVE-2020-2243 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Cadence vManager Plugin | |||
| CVE-2020-2247 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Klocwork Analysis Plugin | |||
| CVE-2020-2242 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Database Plugin | |||
| CVE-2020-2241 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Database Plugin | |||
| CVE-2020-2246 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Valgrind Plugin | |||
| CVE-2020-2239 | unknown | — | — | 4y ago | Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin | |||
| CVE-2020-2238 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Git Parameter Plugin | |||
| CVE-2020-2249 | unknown | — | — | 4y ago | Credentials stored in plain text by Jenkins tfs Plugin | |||
| CVE-2020-2245 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Valgrind Plugin | |||
| CVE-2020-2240 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Database Plugin | |||
| CVE-2020-17376 | unknown | — | — | 4y ago | An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously under… | |||
| CVE-2020-15777 | unknown | — | — | 4y ago | Maven Extension plugin for Gradle Enterprise vulnerable to Deserialization of Untrusted Data | |||
| CVE-2020-7019 | unknown | — | — | 4y ago | Improper privilege management in elasticsearch | |||
| CVE-2020-2237 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Flaky Test Handler Plugin | |||
| CVE-2020-2235 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin allow capturing credentials | |||
| CVE-2020-2231 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2020-2233 | unknown | — | — | 4y ago | Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs | |||
| CVE-2020-2229 | unknown | — | — | 4y ago | Jenkins Cross-Site Scripting vulnerability in help icons | |||
| CVE-2020-2234 | unknown | — | — | 4y ago | Missing permission check in Jenkins Pipeline Maven Integration Plugin allow capturing credentials | |||
| CVE-2020-2230 | unknown | — | — | 4y ago | Jenkins Cross-site Scripting vulnerability in project naming strategy | |||
| CVE-2020-2236 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin | |||
| CVE-2020-2232 | unknown | — | — | 4y ago | Jenkins Email Extension Plugin SMTP password transmitted and displayed in plain text | |||
| CVE-2020-14297 | unknown | — | — | 4y ago | Wildfly EJB Client causes DoS | |||
| CVE-2020-15842 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP have Insecure Deserialization Vulnerability | |||
| CVE-2020-15841 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Potentially Reveal LDAP Server Password via Unsafe Connection | |||
| CVE-2020-2227 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Deployer Framework Plugin | |||
| CVE-2020-2226 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin | |||
| CVE-2020-2222 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins 'keep forever' badge icon | |||
| CVE-2020-2228 | unknown | — | — | 4y ago | Improper authorization of users and groups with the same base name in Jenkins GitLab Authentication Plugin | |||
| CVE-2020-2225 | unknown | — | — | 4y ago | Stored XSS vulnerability in multiple axis builds tooltips in Jenkins Matrix Project Plugin | |||
| CVE-2020-2220 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins job build time trend | |||
| CVE-2020-2221 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins upstream cause | |||
| CVE-2020-2224 | unknown | — | — | 4y ago | Stored XSS vulnerability in single axis builds tooltips in Jenkins Matrix Project Plugin | |||
| CVE-2020-2223 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins console links | |||
| CVE-2020-2215 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Zephyr for JIRA Test Management Plugin | |||
| CVE-2020-2217 | unknown | — | — | 4y ago | Reflected XSS in Jenkins Compatibility Action Storage Plugin | |||
| CVE-2020-2214 | unknown | — | — | 4y ago | Content-Security-Policy protection for user content disabled by Jenkins ZAP Pipeline Plugin | |||
| CVE-2020-2218 | unknown | — | — | 4y ago | Password stored in plain text by Jenkins HP ALM Quality Center Plugin | |||
| CVE-2020-2216 | unknown | — | — | 4y ago | Missing permission checks in Zephyr for JIRA Test Management Plugin | |||
| CVE-2020-2219 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Link Column Plugin | |||
| CVE-2020-2211 | unknown | — | — | 4y ago | RCE vulnerability in ElasticBox Jenkins Kubernetes CI/CD Plugin | |||
| CVE-2020-2208 | unknown | — | — | 4y ago | Secret stored in plain text by Jenkins Slack Upload Plugin | |||
| CVE-2020-2210 | unknown | — | — | 4y ago | Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin | |||
| CVE-2020-2204 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Fortify on Demand Plugin | |||
| CVE-2020-2213 | unknown | — | — | 4y ago | Credentials stored in plain text by Jenkins White Source Plugin | |||
| CVE-2020-2209 | unknown | — | — | 4y ago | Password stored in plain text by Jenkins TestComplete support Plugin | |||
| CVE-2020-2207 | unknown | — | — | 4y ago | Reflected XSS vulnerability in Jenkins VncViewer Plugin | |||
| CVE-2020-2212 | unknown | — | — | 4y ago | Secret stored in plain text by Jenkins GitHub Coverage Reporter Plugin | |||
| CVE-2020-2206 | unknown | — | — | 4y ago | Reflected XSS vulnerability in Jenkins VncRecorder Plugin | |||
| CVE-2020-2202 | unknown | — | — | 4y ago | Users with Overall/Read access could enumerate credentials IDs in Jenkins Fortify on Demand Plugin | |||
| CVE-2020-2201 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Sonargraph Integration Plugin | |||
| CVE-2020-2203 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Fortify on Demand Plugin | |||
| CVE-2020-2205 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins VncRecorder Plugin | |||
| CVE-2020-10727 | unknown | — | — | 4y ago | nsufficiently Protected Credentials in ActiveMQ Artemis | |||
| CVE-2020-10740 | unknown | — | — | 4y ago | Wildfly Unsafe Deserialization Vulnerability | |||
| CVE-2020-5411 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Spring Batch | |||
| CVE-2020-13445 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to Arbitrary Code Execution | |||
| CVE-2020-13444 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Fails to Sanitize API Data | |||
| CVE-2020-2198 | unknown | — | — | 4y ago | Missing permission check in Jenkins Project Inheritance Plugin | |||
| CVE-2020-2200 | unknown | — | — | 4y ago | OS command injection vulnerability in Jenkins Play Framework Plugin | |||
| CVE-2020-2199 | unknown | — | — | 4y ago | XSS vulnerability in Jenkins Subversion Partial Release Manager Plugin | |||
| CVE-2020-2197 | unknown | — | — | 4y ago | Missing permission check in Jenkins Project Inheritance Plugin | |||
| CVE-2020-2192 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Swarm Plugin | |||
| CVE-2020-2191 | unknown | — | — | 4y ago | Improper permission checks in Jenkins Swarm Plugin | |||
| CVE-2020-2196 | unknown | — | — | 4y ago | Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS command injection | |||
| CVE-2020-2193 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins ECharts API Plugin | |||
| CVE-2020-2194 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins ECharts API Plugin | |||
| CVE-2020-2190 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins Script Security Plugin | |||
| CVE-2020-2195 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Compact Columns Plugin | |||
| CVE-2020-13226 | unknown | — | — | 4y ago | WSO2 API Manager vulnerable to SSRF | |||
| CVE-2020-1724 | unknown | — | — | 4y ago | Keycloak Insufficient Session Expiry | |||
| CVE-2020-1698 | unknown | — | — | 4y ago | Keycloak leaks sensitive information in logged exceptions | |||
| CVE-2020-12760 | unknown | — | — | 4y ago | OpenNMS Horizon RCE via Unsafe Deserialization | |||
| CVE-2020-12692 | unknown | — | — | 4y ago | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then … | |||
| CVE-2020-12691 | unknown | — | — | 4y ago | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then … | |||
| CVE-2020-12689 | unknown | — | — | 4y ago | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escala… | |||
| CVE-2020-2187 | unknown | — | — | 4y ago | Lack of SSL/TLS certificate and hostname validation in Amazon EC2 Plugin | |||
| CVE-2020-2182 | unknown | — | — | 4y ago | Improper masking of some secrets in Jenkins Credentials Binding Plugin | |||
| CVE-2020-2186 | unknown | — | — | 4y ago | CSRF vulnerability in Amazon EC2 Plugin | |||
| CVE-2020-2185 | unknown | — | — | 4y ago | Missing SSH host key validation in Jenkins Amazon EC2 Plugin | |||
| CVE-2020-2188 | unknown | — | — | 4y ago | Users with Overall/Read access can enumerate credentials IDs in Amazon EC2 Plugin | |||
| CVE-2020-2189 | unknown | — | — | 4y ago | RCE vulnerability in SCM Filter Jervis Plugin | |||
| CVE-2020-2181 | unknown | — | — | 4y ago | Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps | |||
| CVE-2020-2184 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins CVS Plugin | |||
| CVE-2020-2183 | unknown | — | — | 4y ago | Improper permission checks in Jenkins Copy Artifact Plugin | |||
| CVE-2020-10686 | unknown | — | — | 4y ago | Keycloak users may be able to remove MFA from other users' devices | |||
| CVE-2020-1745 | unknown | — | — | 4y ago | Improper Authorization in Undertoe | |||
| CVE-2020-1757 | unknown | — | — | 4y ago | Improper Input Validation in Undertow |