CVEs from 2020
Total
3,974
critical
critical 184
high
high 576
medium
medium 738
low
low 59
% Critical
4.6%
% with KEV
3.7%
% with exploit
5.1%
Top vendors
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-2098 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Sounds Plugin allow OS command execution | |||
| CVE-2020-2094 | unknown | — | — | 4y ago | Missing permission checks in Health Advisor by CloudBees Plugin | |||
| CVE-2020-2092 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Robot Framework Plugin | |||
| CVE-2020-2090 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Amazon EC2 Plugin | |||
| CVE-2020-2091 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Amazon EC2 Plugin | |||
| CVE-2020-2093 | unknown | — | — | 4y ago | CSRF vulnerability in Health Advisor by CloudBees Plugin | |||
| CVE-2020-14326 | unknown | — | — | 4y ago | RESTEasy 4.5.5.Final in hash flooding | |||
| CVE-2020-35510 | unknown | — | — | 4y ago | Uncontrolled Resource Consumption in jboss-remoting | |||
| CVE-2020-1729 | unknown | — | — | 4y ago | Permissions bypass in SmallRye | |||
| CVE-2020-28466 | unknown | — | — | 4y ago | This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer fro… | |||
| CVE-2020-13401 | unknown | — | — | 4y ago | An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts… | |||
| CVE-2020-10714 | unknown | — | — | 4y ago | Session Fixation in WildFly Elytron | |||
| CVE-2020-1748 | unknown | — | — | 4y ago | Incorrect Authorization in WildFly Elytron | |||
| CVE-2020-25640 | unknown | — | — | 4y ago | Wildfly logs plaintext passwords | |||
| CVE-2020-14338 | unknown | — | — | 4y ago | Improper Input Validation in Xerces | |||
| CVE-2020-15157 | unknown | — | — | 4y ago | In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Sche… | |||
| CVE-2020-11969 | unknown | — | — | 4y ago | Missing Authentication for Critical Function in Apache TomEE | |||
| CVE-2020-9296 | unknown | — | — | 4y ago | Expression Language Injection in Netflix Conductor | |||
| CVE-2020-9495 | unknown | — | — | 4y ago | Injection in Apache Archiva | |||
| CVE-2020-9480 | unknown | — | — | 4y ago | Improper Authentication in Apache Spark | |||
| CVE-2020-11980 | unknown | — | — | 4y ago | Server-Side Request Forgery in Karaf | |||
| CVE-2020-13973 | unknown | — | — | 4y ago | Cross-site scripting in json-sanitizer | |||
| CVE-2020-15813 | unknown | — | — | 4y ago | Improper Certificate Validation in Graylog | |||
| CVE-2020-1948 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Apache Dubbo | |||
| CVE-2020-1954 | unknown | — | — | 4y ago | Apache CXF JMX Integration is vulnerable to a MITM attack | |||
| CVE-2020-24164 | unknown | — | — | 4y ago | Gadget chain attack in Nippy | |||
| CVE-2020-13928 | unknown | — | — | 4y ago | Cross-site scripting in Apache Atlas | |||
| CVE-2020-10591 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Concord | |||
| CVE-2020-15839 | unknown | — | — | 4y ago | Unrestricted Upload of File with Dangerous Type in Liferay Portal and Liferay DXP | |||
| CVE-2020-1947 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Apache ShardingSphere | |||
| CVE-2020-13953 | unknown | — | — | 4y ago | Improper file downloads in Apache Tapestry | |||
| CVE-2020-2287 | unknown | — | — | 4y ago | Request logging bypass in Jenkins Audit Trail Plugin | |||
| CVE-2020-13937 | unknown | — | — | 4y ago | Authentication bypass in Apache Kylin | |||
| CVE-2020-5403 | unknown | — | — | 4y ago | Improper Handling of Exceptional Conditions and Improper Input Validation in Reactor Netty | |||
| CVE-2020-5404 | unknown | — | — | 4y ago | Insufficiently Protected Credentials in Reactor Netty | |||
| CVE-2020-26882 | unknown | — | — | 4y ago | Data Amplification in Play Framework | |||
| CVE-2020-27196 | unknown | — | — | 4y ago | Out-of-bounds Write in Play Framework | |||
| CVE-2020-26883 | unknown | — | — | 4y ago | Uncontrolled Recursion in Play Framework | |||
| CVE-2020-27217 | unknown | — | — | 4y ago | Improper Validation of Specified Quantity in Input in Eclipse Hono | |||
| CVE-2020-13957 | unknown | — | — | 4y ago | Incorrect Authorization in Apache Solr | |||
| CVE-2020-13942 | unknown | — | — | 4y ago | Injection and Improper Input Validation in Apache Unomi | |||
| CVE-2020-11975 | unknown | — | — | 4y ago | Improper Input Validation in Apache Unomi | |||
| CVE-2020-25802 | unknown | — | — | 4y ago | Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio | |||
| CVE-2020-25803 | unknown | — | — | 4y ago | Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio | |||
| CVE-2020-7780 | unknown | — | — | 4y ago | Cross-Site Request Forgery | |||
| CVE-2020-13943 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | |||
| CVE-2020-8022 | unknown | — | — | 4y ago | Incorrect Default Permissions in Apache Tomcat | |||
| CVE-2020-25638 | unknown | — | — | 4y ago | SQL injection in hibernate-core | |||
| CVE-2020-25711 | unknown | — | — | 4y ago | Improper Access Control in infinispan-server-runtime | |||
| CVE-2020-28923 | unknown | — | — | 4y ago | Data Amplification in Play Framework | |||
| CVE-2020-17531 | unknown | — | — | 4y ago | Serialization vulnerability in Apache Tapestry | |||
| CVE-2020-11974 | unknown | — | — | 4y ago | Remote code execution in DolphinScheduler | |||
| CVE-2020-13931 | unknown | — | — | 4y ago | Remote code execution in Apache TomEE | |||
| CVE-2020-17533 | unknown | — | — | 4y ago | Improper privilege handling in Apache Accumulo | |||
| CVE-2020-35774 | unknown | — | — | 4y ago | TwitterServer Cross-site Scripting via /histograms endpoint | |||
| CVE-2020-13654 | unknown | — | — | 4y ago | Improper escaping in XWiki Platform | |||
| CVE-2020-17518 | unknown | — | — | 4y ago | Upload of file to arbitrary path in Apache Flink | |||
| CVE-2020-11995 | unknown | — | — | 4y ago | Deserialization exploitation in Apache Dubbo | |||
| CVE-2020-17534 | unknown | — | — | 4y ago | Improper synchronization in Apache Netbeans HTML/Java API | |||
| CVE-2020-27219 | unknown | — | — | 4y ago | Cross-site Scripting in Eclipse Hawkbit | |||
| CVE-2020-17532 | unknown | — | — | 4y ago | Arbitrary code execution in Apache ServiceComb java-chassis | |||
| CVE-2020-23262 | unknown | — | — | 4y ago | SQL injection without credentials in ming-soft MCMS | |||
| CVE-2020-9492 | unknown | — | — | 4y ago | Improper Privilege Management in Apache Hadoop | |||
| CVE-2020-5428 | unknown | — | — | 4y ago | SQL Injection in Spring Cloud Task | |||
| CVE-2020-13920 | unknown | — | — | 4y ago | Improper Authentication in Apache ActiveMQ | |||
| CVE-2020-11998 | unknown | — | — | 4y ago | Remote code execution in Apache ActiveMQ | |||
| CVE-2020-13932 | unknown | — | — | 4y ago | Cross-site Scripting (XSS) in Apache ActiveMQ Artemis | |||
| CVE-2020-1958 | unknown | — | — | 4y ago | Credentials bypass in Apache Druid | |||
| CVE-2020-17523 | unknown | — | — | 4y ago | Authentication bypass in Apache Shiro | |||
| CVE-2020-13947 | unknown | — | — | 4y ago | Cross-site scripting (XSS) in Apache ActiveMQ | |||
| CVE-2020-17516 | unknown | — | — | 4y ago | Authentication Bypass in Apache Cassandra | |||
| CVE-2020-1718 | unknown | — | — | 4y ago | Improper Authentication for Keycloak | |||
| CVE-2020-10776 | unknown | — | — | 4y ago | Cross-site Scripting in keycloak | |||
| CVE-2020-1694 | unknown | — | — | 4y ago | Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak | |||
| CVE-2020-10758 | unknown | — | — | 4y ago | Allocation of Resources Without Limits or Throttling in Keycloak | |||
| CVE-2020-10748 | unknown | — | — | 4y ago | Cross-site Scripting in Keycloak | |||
| CVE-2020-1758 | unknown | — | — | 4y ago | Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak | |||
| CVE-2020-27782 | unknown | — | — | 4y ago | Denial of service in Undertow | |||
| CVE-2020-1926 | unknown | — | — | 4y ago | Apache Hive Information Exposure and Observable Timing Discrepancy | |||
| CVE-2020-12668 | unknown | — | — | 4y ago | Unauthorized access to Class instance in Jinjava | |||
| CVE-2020-9482 | unknown | — | — | 4y ago | Insufficient Session Expiration in Apache NiFi Registry | |||
| CVE-2020-9491 | unknown | — | — | 5y ago | Inadequate Encryption Strength in Apache NiFi | |||
| CVE-2020-9487 | unknown | — | — | 5y ago | Missing Authentication for Critical Function in Apache NiFi | |||
| CVE-2020-9486 | unknown | — | — | 5y ago | Insertion of Sensitive Information into Log File in Apache NiFi Stateless | |||
| CVE-2020-13940 | unknown | — | — | 5y ago | Improper Restriction of XML External Entity Reference in Apache NiFi | |||
| CVE-2020-1942 | unknown | — | — | 5y ago | Insertion of Sensitive Information into Log File in Apache NiFi | |||
| CVE-2020-1928 | unknown | — | — | 5y ago | Apache NiFi Insertion of Sensitive Information into Log File | |||
| CVE-2020-1933 | unknown | — | — | 5y ago | Cross-site scripting in Apache NiFi | |||
| CVE-2020-1936 | unknown | — | — | 5y ago | Cross-site Scripting (XSS) in Apache Ambari Views | |||
| CVE-2020-13936 | unknown | — | — | 5y ago | Sandbox Bypass in Apache Velocity Engine | |||
| CVE-2020-28452 | unknown | — | — | 5y ago | Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12 | |||
| CVE-2020-1952 | unknown | — | — | 5y ago | Improper Certificate Validation in Apache IoTDB | |||
| CVE-2020-1964 | unknown | — | — | 5y ago | Deserialization of Untrusted Data in Apache Heron | |||
| CVE-2020-35215 | unknown | — | — | 5y ago | Malicious Atomix node queries expose sensitive information | |||
| CVE-2020-35209 | unknown | — | — | 5y ago | An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information. | |||
| CVE-2020-35214 | unknown | — | — | 5y ago | An issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via abuse of primitive operations. | |||
| CVE-2020-35210 | unknown | — | — | 5y ago | A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages. | |||
| CVE-2020-35216 | unknown | — | — | 5y ago | An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false member down event messages. | |||
| CVE-2020-35213 | unknown | — | — | 5y ago | An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node. | |||
| CVE-2020-35211 | unknown | — | — | 5y ago | An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node. |