CVEs from 2020
Total
3,896
critical
critical 184
high
high 576
medium
medium 738
low
low 59
% Critical
4.7%
% with KEV
3.7%
% with exploit
5.2%
Top vendors
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-11111 | unknown | — | — | 6y ago | jackson-databind mishandles the interaction between serialization gadgets and typing | |||
| CVE-2020-7647 | unknown | — | — | 6y ago | path traversal in Jooby | |||
| CVE-2020-11050 | unknown | — | — | 6y ago | Improper Validation of Certificate with Host Mismatch in Java-WebSocket | |||
| CVE-2020-1929 | unknown | — | — | 6y ago | Improper Certificate Validation in Apache Beam | |||
| CVE-2020-11009 | unknown | — | — | 6y ago | IDOR can reveal execution data and logs to unauthorized user in Rundeck | |||
| CVE-2020-10969 | unknown | — | — | 6y ago | jackson-databind mishandles the interaction between serialization gadgets and typing | |||
| CVE-2020-11620 | unknown | — | — | 6y ago | jackson-databind mishandles the interaction between serialization gadgets and typing | |||
| CVE-2020-11007 | unknown | — | — | 6y ago | Negative charge in shopping cart in Shopizer | |||
| CVE-2020-1728 | unknown | — | — | 6y ago | Improper Restriction of Rendered UI Layers or Frames in Keycloak | |||
| CVE-2020-1731 | unknown | — | — | 6y ago | Predictable password in Keycloak | |||
| CVE-2020-1697 | unknown | — | — | 6y ago | XSS in Keycloak | |||
| CVE-2020-10203 | unknown | — | — | 6y ago | Persistent Cross-Site scripting in Nexus Repository Manager | |||
| CVE-2020-10204 | unknown | — | — | 6y ago | Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager | |||
| CVE-2020-11002 | unknown | — | — | 6y ago | Remote Code Execution (RCE) vulnerability in dropwizard-validation | |||
| CVE-2020-7622 | unknown | — | — | 6y ago | Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting) | |||
| CVE-2020-5497 | unknown | — | — | 6y ago | XSS in MITREid Connect | |||
| CVE-2020-7611 | unknown | — | — | 6y ago | Micronaut's HTTP client is vulnerable to HTTP Request Header Injection | |||
| CVE-2020-5289 | unknown | — | — | 6y ago | Read permissions not enforced for client provided filter expressions in Elide. | |||
| CVE-2020-5275 | unknown | — | — | 6y ago | In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides … | |||
| CVE-2020-5274 | unknown | — | — | 6y ago | In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even … | |||
| CVE-2020-5255 | unknown | — | — | 6y ago | In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the r… | |||
| CVE-2020-5280 | unknown | — | — | 6y ago | Local file inclusion vulnerability in http4s | |||
| CVE-2020-6858 | unknown | — | — | 6y ago | HTTP Response Splitting in Styx | |||
| CVE-2020-5245 | unknown | — | — | 6y ago | Remote Code Execution (RCE) vulnerability in dropwizard-validation | |||
| CVE-2020-7238 | unknown | — | — | 6y ago | HTTP Request Smuggling in Netty | |||
| CVE-2020-1925 | unknown | — | — | 6y ago | Server-Side Request Forgery (SSRF) in Apache Olingo | |||
| CVE-2020-5228 | unknown | — | — | 6y ago | Unauthenticated Access Via OAI-PMH | |||
| CVE-2020-5229 | unknown | — | — | 6y ago | Password Hashing: Do not use MD5 | |||
| CVE-2020-5230 | unknown | — | — | 6y ago | Unsafe Identifiers in Opencast | |||
| CVE-2020-5222 | unknown | — | — | 6y ago | Hard-Coded Key Used For Remember-me Token in Opencast | |||
| CVE-2020-5231 | unknown | — | — | 6y ago | Users with ROLE_COURSE_ADMIN can create new users in Opencast | |||
| CVE-2020-5206 | unknown | — | — | 6y ago | Authentication Bypass For Endpoints With Anonymous Access in Opencast | |||
| CVE-2020-5207 | unknown | — | — | 6y ago | Request smuggling is possible when both chunked TE and content length specified | |||
| CVE-2020-5397 | unknown | — | — | 6y ago | CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux | |||
| CVE-2020-5398 | unknown | — | — | 6y ago | RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application |