CVEs from 2020
Total
4,156
critical
critical 193
high
high 470
medium
medium 674
low
low 57
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-12640 | unknown | — | — | — | Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. | |
| CVE-2020-12626 | unknown | — | — | — | An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered. | |
| CVE-2020-11725 | unknown | — | — | — | snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effe… | |
| CVE-2020-36387 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35. | |
| CVE-2020-36781 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: i2c: imx: fix reference leak when pm_runtime_get_sync fails In i2c_imx_xfer() and i2c_imx_remove(), the pm reference count is not… | |
| CVE-2020-36786 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: [next] staging: media: atomisp: fix memory leak of object flash In the case where the call to lm3554_platform_data_func re… | |
| CVE-2020-12625 | unknown | — | — | — | An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message. | |
| CVE-2020-25672 | unknown | — | — | — | A memory leak vulnerability was found in Linux kernel in llcp_sock_connect | |
| CVE-2020-18671 | unknown | — | — | — | Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php. | |
| CVE-2020-36790 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a memory leak We forgot to free new_model_number | |
| CVE-2020-0347 | unknown | — | — | — | In iptables, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no… | |
| CVE-2020-13964 | unknown | — | — | — | An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object. | |
| CVE-2020-11609 | unknown | — | — | — | An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid des… | |
| CVE-2020-15562 | unknown | — | — | — | An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in th… | |
| CVE-2020-36766 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning lo… | |
| CVE-2020-15780 | unknown | — | — | — | An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot… | |
| CVE-2020-0432 | unknown | — | — | — | In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. U… | |
| CVE-2020-12653 | unknown | — | — | — | An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of s… | |
| CVE-2020-25645 | unknown | — | — | — | A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by … | |
| CVE-2020-10742 | unknown | — | — | — | A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmallo… | |
| CVE-2020-14304 | unknown | — | — | — | A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the k… | |
| CVE-2020-29369 | unknown | — | — | — | An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations… | |
| CVE-2020-11494 | unknown | — | — | — | An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive infor… | |
| CVE-2020-27068 | unknown | — | — | — | Product: AndroidVersions: Android kernelAndroid ID: A-127973231References: Upstream kernel | |
| CVE-2020-36843 | unknown | — | — | 1y ago | Ed25519 Signature Malleability in ed25519-java Due to Missing Scalar Range Check | |
| CVE-2020-24922 | unknown | — | — | 3y ago | xuxueli xxl-job Cross-Site Request Forgery Vulnerability | |
| CVE-2020-21485 | unknown | — | — | 3y ago | Alluxio Cross Site Scripting vulnerability | |
| CVE-2020-22755 | unknown | — | — | 3y ago | MCMS vulnerable to arbitrary code execution via crafted thumbnail | |
| CVE-2020-20913 | unknown | — | — | 3y ago | Ming-Soft MCMS vulnerable to SQL injection | |
| CVE-2020-36640 | unknown | — | — | 3y ago | bonita-connector-webservice XML External Entity vulnerability | |
| CVE-2020-36641 | unknown | — | — | 3y ago | aXMLRPC XML External Entity vulnerability | |
| CVE-2020-23622 | unknown | — | — | 4y ago | 4thline cling uPnP protocol issue can lead to denial of service | |
| CVE-2020-7677 | unknown | — | — | 4y ago | thenify before 3.3.1 made use of unsafe calls to `eval`. | |
| CVE-2020-28191 | unknown | — | — | 4y ago | Togglz console missing cross-site request forgery (CSRF) protection | |
| CVE-2020-10650 | unknown | — | — | 4y ago | jackson-databind vulnerable to unsafe deserialization | |
| CVE-2020-28865 | unknown | — | — | 4y ago | Insufficiently Protected Credentials in PowerJob | |
| CVE-2020-28088 | unknown | — | — | 4y ago | Jeecg-Boot CMS arbitrary file upload vulnerability | |
| CVE-2020-7021 | unknown | — | — | 4y ago | Insertion of Sensitive Information into Log File in Elasticsearch | |
| CVE-2020-29582 | unknown | — | — | 4y ago | Incorrect Default Permissions in JetBrains Kotlin | |
| CVE-2020-25476 | unknown | — | — | 4y ago | Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via User Name Parameter | |
| CVE-2020-8920 | unknown | — | — | 4y ago | Information leak in Gerrit | |
| CVE-2020-16971 | unknown | — | — | 4y ago | Azure SDK for Java Security Feature Bypass Vulnerability | |
| CVE-2020-27822 | unknown | — | — | 4y ago | Wildfly has a memory leak vulnerability | |
| CVE-2020-2323 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Chaos Monkey Plugin | |
| CVE-2020-2324 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins CVS Plugin | |
| CVE-2020-2320 | unknown | — | — | 4y ago | Jenkins Plugin Installation Manager Tool did not verify plugin downloads | |
| CVE-2020-2322 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Chaos Monkey Plugin | |
| CVE-2020-2321 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Shelve Project Plugin | |
| CVE-2020-2318 | unknown | — | — | 4y ago | Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin | |
| CVE-2020-2319 | unknown | — | — | 4y ago | Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin | |
| CVE-2020-2308 | unknown | — | — | 4y ago | Missing Authorization in Jenkins Kubernetes Plugin | |
| CVE-2020-2311 | unknown | — | — | 4y ago | Missing permission check in Jenkins AWS Global Configuration Plugin allows replacing plugin configuration | |
| CVE-2020-2310 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Ansible Plugin allow enumerating credentials IDs | |
| CVE-2020-2313 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Azure Key Vault Plugin allow enumerating credentials IDs | |
| CVE-2020-2309 | unknown | — | — | 4y ago | Missing authorization in Jenkins Kubernetes Plugin | |
| CVE-2020-2316 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Static Analysis Utilities Plugin | |
| CVE-2020-2315 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Visualworks Store Plugin | |
| CVE-2020-2314 | unknown | — | — | 4y ago | Password stored in plain text by Jenkins AppSpider Plugin | |
| CVE-2020-2312 | unknown | — | — | 4y ago | Password written to the build log by Jenkins SQLPlus Script Runner Plugin | |
| CVE-2020-2300 | unknown | — | — | 4y ago | Improper Authentication (empty password) in Jenkins Active Directory Plugin | |
| CVE-2020-2301 | unknown | — | — | 4y ago | Authentication cache in Active Directory Jenkins Plugin allows logging in with any password | |
| CVE-2020-2305 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Mercurial Plugin | |
| CVE-2020-2306 | unknown | — | — | 4y ago | Missing Authorization in Jenkins Mercurial Plugin | |
| CVE-2020-2303 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Active Directory Plugin | |
| CVE-2020-2299 | unknown | — | — | 4y ago | Improper Authentication in Jenkins Active Directory Plugin | |
| CVE-2020-2307 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Kubernetes Plugin | |
| CVE-2020-2302 | unknown | — | — | 4y ago | Missing permission check in Jenkins Active Directory Plugin allows accessing domain health check page | |
| CVE-2020-2304 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Subversion Plugin | |
| CVE-2020-25689 | unknown | — | — | 4y ago | Uncontrolled Resource Consumption in WildFly | |
| CVE-2020-10721 | unknown | — | — | 4y ago | fabric8-maven-plugin: insecure way to construct Yaml Object leading to remote code execution | |
| CVE-2020-2297 | unknown | — | — | 4y ago | Access token stored in plain text by Jenkins SMS Notification Plugin | |
| CVE-2020-2295 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Maven Cascade Release Plugin | |
| CVE-2020-2298 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Nerrvana Plugin | |
| CVE-2020-2294 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Maven Cascade Release Plugin | |
| CVE-2020-2288 | unknown | — | — | 4y ago | Incorrect default pattern in Jenkins Audit Trail Plugin | |
| CVE-2020-2291 | unknown | — | — | 4y ago | Password stored in plain text by Jenkins couchdb-statistics Plugin | |
| CVE-2020-2293 | unknown | — | — | 4y ago | Arbitrary file read vulnerability in Jenkins Persona Plugin | |
| CVE-2020-2296 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Shared Objects Plugin | |
| CVE-2020-2292 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Release Plugin | |
| CVE-2020-2289 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Active Choices Plugin | |
| CVE-2020-2290 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Active Choices Plugin | |
| CVE-2020-25644 | unknown | — | — | 4y ago | Wildfly-OpenSSL memory leak flaw | |
| CVE-2020-15840 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Bypass via Double Encoded URL | |
| CVE-2020-2285 | unknown | — | — | 4y ago | Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs | |
| CVE-2020-2282 | unknown | — | — | 4y ago | Missing permission check in Jenkins Implied Labels Plugin allows reconfiguring the plugin | |
| CVE-2020-2281 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Lockable Resources Plugin | |
| CVE-2020-2279 | unknown | — | — | 4y ago | Sandbox bypass vulnerability in Jenkins Script Security Plugin | |
| CVE-2020-2280 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins warnings Plugin allows remote code execution | |
| CVE-2020-2284 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Liquibase Runner Plugin | |
| CVE-2020-2283 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Liquibase Runner Plugin | |
| CVE-2020-2277 | unknown | — | — | 4y ago | Arbitrary file read vulnerability in Jenkins Storable Configs Plugin | |
| CVE-2020-2276 | unknown | — | — | 4y ago | System command execution vulnerability in Selection tasks Jenkins Plugin | |
| CVE-2020-2278 | unknown | — | — | 4y ago | Arbitrary file write vulnerability in Jenkins Storable Configs Plugin | |
| CVE-2020-2272 | unknown | — | — | 4y ago | Missing permission checks in Jenkins ElasTest Plugin | |
| CVE-2020-2273 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins ElasTest Plugin | |
| CVE-2020-2274 | unknown | — | — | 4y ago | Passwords stored in plain text by ElasTest Plugin | |
| CVE-2020-2275 | unknown | — | — | 4y ago | Arbitrary file read vulnerability in Copy data to workspace Jenkins Plugin | |
| CVE-2020-2266 | unknown | — | — | 4y ago | Stored XSS vulnerability in Description Column Plugin | |
| CVE-2020-2260 | unknown | — | — | 4y ago | Missing permission check in Perfecto Plugin | |
| CVE-2020-2265 | unknown | — | — | 4y ago | Stored XSS vulnerability in Coverage/Complexity Scatter Plot Plugin |