VIR Vulnerability Intelligence Relay

CVEs from 2020

3,976 normalized CVEs published or assigned in this year.

Total
3,976
critical
critical 169
high
high 590
medium
medium 739
low
low 59
% Critical
4.3%
% with KEV
3.7%
% with exploit
4.0%

Top vendors

Top products

  • retail_xstore_point_of_service 33
  • banking_digital_experience 30
  • primavera_unifier 29
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 13
  • insurance_policy_administration_j2ee 11
  • communications_network_charging_and_control 10
  • enterprise_manager_base_platform 10

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2020-2265 unknown 4y ago Stored XSS vulnerability in Coverage/Complexity Scatter Plot Plugin
CVE-2020-2261 unknown 4y ago OS command execution vulnerability in Perfecto Plugin
CVE-2020-2260 unknown 4y ago Missing permission check in Perfecto Plugin
CVE-2020-2268 unknown 4y ago CSRF vulnerability in MongoDB Plugin
CVE-2020-2270 unknown 4y ago Stored XSS vulnerability in ClearCase Release Plugin
CVE-2020-2264 unknown 4y ago Stored XSS vulnerability in Custom Job Icon Plugin
CVE-2020-2259 unknown 4y ago Stored XSS vulnerability in computer-queue-plugin Plugin
CVE-2020-2252 unknown 4y ago Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin
CVE-2020-2263 unknown 4y ago Stored XSS vulnerability in Radiator View Plugin
CVE-2020-2257 unknown 4y ago Stored XSS vulnerability in Validating String Parameter Plugin
CVE-2020-2256 unknown 4y ago Stored XSS vulnerability in Pipeline Maven Integration Plugin via unescaped display name
CVE-2020-2255 unknown 4y ago Missing permission check in Blue Ocean Plugin
CVE-2020-2262 unknown 4y ago Stored XSS vulnerability in android-lint Plugin
CVE-2020-2258 unknown 4y ago Incorrect permission check in Health Advisor by CloudBees Plugin
CVE-2020-2253 unknown 4y ago Missing hostname validation in Email Extension Plugin
CVE-2020-2254 unknown 4y ago Path traversal vulnerability in Blue Ocean Plugin
CVE-2020-23814 unknown 4y ago xxl-job Multiple cross-site scripting (XSS) vulnerabilities
CVE-2020-23811 unknown 4y ago xxl-job sensitive data exposure
CVE-2020-2243 unknown 4y ago Stored XSS vulnerability in Jenkins Cadence vManager Plugin
CVE-2020-2248 unknown 4y ago Reflected XSS vulnerability in Jenkins JSGames Plugin
CVE-2020-2244 unknown 4y ago XSS vulnerability in Jenkins Build Failure Analyzer Plugin
CVE-2020-2247 unknown 4y ago XXE vulnerability in Jenkins Klocwork Analysis Plugin
CVE-2020-2250 unknown 4y ago Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin
CVE-2020-2251 unknown 4y ago Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin
CVE-2020-2249 unknown 4y ago Credentials stored in plain text by Jenkins tfs Plugin
CVE-2020-2245 unknown 4y ago XXE vulnerability in Jenkins Valgrind Plugin
CVE-2020-2242 unknown 4y ago Missing permission checks in Jenkins Database Plugin
CVE-2020-2241 unknown 4y ago CSRF vulnerability in Jenkins Database Plugin
CVE-2020-2246 unknown 4y ago Stored XSS vulnerability in Jenkins Valgrind Plugin
CVE-2020-2240 unknown 4y ago CSRF vulnerability in Jenkins Database Plugin
CVE-2020-2238 unknown 4y ago Stored XSS vulnerability in Jenkins Git Parameter Plugin
CVE-2020-2239 unknown 4y ago Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin
CVE-2020-17376 unknown 4y ago An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously under…
CVE-2020-15777 unknown 4y ago Maven Extension plugin for Gradle Enterprise vulnerable to Deserialization of Untrusted Data
CVE-2020-7019 unknown 4y ago Improper privilege management in elasticsearch
CVE-2020-2235 unknown 4y ago CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin allow capturing credentials
CVE-2020-2237 unknown 4y ago CSRF vulnerability in Jenkins Flaky Test Handler Plugin
CVE-2020-2233 unknown 4y ago Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs
CVE-2020-2234 unknown 4y ago Missing permission check in Jenkins Pipeline Maven Integration Plugin allow capturing credentials
CVE-2020-2231 unknown 4y ago Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2020-2236 unknown 4y ago Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin
CVE-2020-2232 unknown 4y ago Jenkins Email Extension Plugin SMTP password transmitted and displayed in plain text
CVE-2020-2230 unknown 4y ago Jenkins Cross-site Scripting vulnerability in project naming strategy
CVE-2020-2229 unknown 4y ago Jenkins Cross-Site Scripting vulnerability in help icons
CVE-2020-14297 unknown 4y ago Wildfly EJB Client causes DoS
CVE-2020-15842 unknown 4y ago Liferay Portal and Liferay DXP have Insecure Deserialization Vulnerability
CVE-2020-15841 unknown 4y ago Liferay Portal and Liferay DXP Potentially Reveal LDAP Server Password via Unsafe Connection
CVE-2020-2226 unknown 4y ago Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin
CVE-2020-2225 unknown 4y ago Stored XSS vulnerability in multiple axis builds tooltips in Jenkins Matrix Project Plugin
CVE-2020-2222 unknown 4y ago Stored XSS vulnerability in Jenkins 'keep forever' badge icon
CVE-2020-2227 unknown 4y ago Stored XSS vulnerability in Jenkins Deployer Framework Plugin
CVE-2020-2228 unknown 4y ago Improper authorization of users and groups with the same base name in Jenkins GitLab Authentication Plugin
CVE-2020-2223 unknown 4y ago Stored XSS vulnerability in Jenkins console links
CVE-2020-2224 unknown 4y ago Stored XSS vulnerability in single axis builds tooltips in Jenkins Matrix Project Plugin
CVE-2020-2220 unknown 4y ago Stored XSS vulnerability in Jenkins job build time trend
CVE-2020-2221 unknown 4y ago Stored XSS vulnerability in Jenkins upstream cause
CVE-2020-2216 unknown 4y ago Missing permission checks in Zephyr for JIRA Test Management Plugin
CVE-2020-2219 unknown 4y ago Stored XSS vulnerability in Jenkins Link Column Plugin
CVE-2020-2214 unknown 4y ago Content-Security-Policy protection for user content disabled by Jenkins ZAP Pipeline Plugin
CVE-2020-2218 unknown 4y ago Password stored in plain text by Jenkins HP ALM Quality Center Plugin
CVE-2020-2217 unknown 4y ago Reflected XSS in Jenkins Compatibility Action Storage Plugin
CVE-2020-2215 unknown 4y ago CSRF vulnerability in Jenkins Zephyr for JIRA Test Management Plugin
CVE-2020-2204 unknown 4y ago Missing permission checks in Jenkins Fortify on Demand Plugin
CVE-2020-2206 unknown 4y ago Reflected XSS vulnerability in Jenkins VncRecorder Plugin
CVE-2020-2207 unknown 4y ago Reflected XSS vulnerability in Jenkins VncViewer Plugin
CVE-2020-2213 unknown 4y ago Credentials stored in plain text by Jenkins White Source Plugin
CVE-2020-2210 unknown 4y ago Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin
CVE-2020-2211 unknown 4y ago RCE vulnerability in ElasticBox Jenkins Kubernetes CI/CD Plugin
CVE-2020-2209 unknown 4y ago Password stored in plain text by Jenkins TestComplete support Plugin
CVE-2020-2208 unknown 4y ago Secret stored in plain text by Jenkins Slack Upload Plugin
CVE-2020-2212 unknown 4y ago Secret stored in plain text by Jenkins GitHub Coverage Reporter Plugin
CVE-2020-2205 unknown 4y ago Stored XSS vulnerability in Jenkins VncRecorder Plugin
CVE-2020-2203 unknown 4y ago CSRF vulnerability in Jenkins Fortify on Demand Plugin
CVE-2020-2201 unknown 4y ago Stored XSS vulnerability in Jenkins Sonargraph Integration Plugin
CVE-2020-2202 unknown 4y ago Users with Overall/Read access could enumerate credentials IDs in Jenkins Fortify on Demand Plugin
CVE-2020-10727 unknown 4y ago nsufficiently Protected Credentials in ActiveMQ Artemis
CVE-2020-10740 unknown 4y ago Wildfly Unsafe Deserialization Vulnerability
CVE-2020-5411 unknown 4y ago Deserialization of Untrusted Data in Spring Batch
CVE-2020-13445 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to Arbitrary Code Execution
CVE-2020-13444 unknown 4y ago Liferay Portal and Liferay DXP Fails to Sanitize API Data
CVE-2020-2199 unknown 4y ago XSS vulnerability in Jenkins Subversion Partial Release Manager Plugin
CVE-2020-2197 unknown 4y ago Missing permission check in Jenkins Project Inheritance Plugin
CVE-2020-2192 unknown 4y ago CSRF vulnerability in Jenkins Swarm Plugin
CVE-2020-2200 unknown 4y ago OS command injection vulnerability in Jenkins Play Framework Plugin
CVE-2020-2198 unknown 4y ago Missing permission check in Jenkins Project Inheritance Plugin
CVE-2020-2191 unknown 4y ago Improper permission checks in Jenkins Swarm Plugin
CVE-2020-2194 unknown 4y ago Stored XSS vulnerability in Jenkins ECharts API Plugin
CVE-2020-2195 unknown 4y ago Stored XSS vulnerability in Jenkins Compact Columns Plugin
CVE-2020-2196 unknown 4y ago Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS command injection
CVE-2020-2190 unknown 4y ago Improper Neutralization of Input During Web Page Generation in Jenkins Script Security Plugin
CVE-2020-2193 unknown 4y ago Stored XSS vulnerability in Jenkins ECharts API Plugin
CVE-2020-13226 unknown 4y ago WSO2 API Manager vulnerable to SSRF
CVE-2020-1698 unknown 4y ago Keycloak leaks sensitive information in logged exceptions
CVE-2020-1724 unknown 4y ago Keycloak Insufficient Session Expiry
CVE-2020-12760 unknown 4y ago OpenNMS Horizon RCE via Unsafe Deserialization
CVE-2020-12692 unknown 4y ago An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then …
CVE-2020-12691 unknown 4y ago An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then …
CVE-2020-12689 unknown 4y ago An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escala…
CVE-2020-2187 unknown 4y ago Lack of SSL/TLS certificate and hostname validation in Amazon EC2 Plugin
CVE-2020-2189 unknown 4y ago RCE vulnerability in SCM Filter Jervis Plugin