CVEs from 2019
Total
3,162
critical
critical 238
high
high 485
medium
medium 485
low
low 94
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-5874 | unknown | — | — | — | Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||
| CVE-2019-3466 | unknown | — | — | — | The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation. | |||
| CVE-2019-9847 | unknown | — | — | — | A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the h… | |||
| CVE-2019-7285 | unknown | — | — | — | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing malicious… | |||
| CVE-2019-12435 | unknown | — | — | — | Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process. | |||
| CVE-2019-3826 | unknown | — | — | 3y ago | A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prome… | |||
| CVE-2019-19040 | unknown | — | — | 4y ago | Reflected Cross site scripting (XSS) in kairosdb | |||
| CVE-2019-25075 | unknown | — | — | 4y ago | Path Traversal in Gravitee API Management | |||
| CVE-2019-17352 | unknown | — | — | 4y ago | JFinal file validation vulnerability | |||
| CVE-2019-10169 | unknown | — | — | 4y ago | Keycloak code execution via UMA policy abuse | |||
| CVE-2019-17560 | unknown | — | — | 4y ago | Improper Certificate Validation in Apache Netbeans | |||
| CVE-2019-19899 | unknown | — | — | 4y ago | Pebble Templates Improper Input Validation vulnerability | |||
| CVE-2019-20366 | unknown | — | — | 4y ago | XSS in Ignite Realtime Openfire via isTrustStore | |||
| CVE-2019-17598 | unknown | — | — | 4y ago | Play Framework Inadequate Encryption Strength vulnerability | |||
| CVE-2019-10430 | unknown | — | — | 4y ago | Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text | |||
| CVE-2019-10406 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2019-10426 | unknown | — | — | 4y ago | Jenkins Gem Publisher Plugin stores credentials as plaintext | |||
| CVE-2019-10407 | unknown | — | — | 4y ago | Project Inheritance Plugin showed secret environment variables defined in Mask Passwords Plugin | |||
| CVE-2019-10428 | unknown | — | — | 4y ago | Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form | |||
| CVE-2019-10427 | unknown | — | — | 4y ago | Jenkins Aqua MicroScanner Plugin showed plain text credential in configuration form | |||
| CVE-2019-10404 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2019-10401 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2019-10402 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2019-10405 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2019-10403 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2019-0195 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Apache Tapestry | |||
| CVE-2019-12401 | unknown | — | — | 4y ago | Apache Solr vulnerable to XML Bomb | |||
| CVE-2019-1010206 | unknown | — | — | 4y ago | kevinsawicki/http-request Missing certificate validation | |||
| CVE-2019-10326 | unknown | — | — | 4y ago | Jenkins Warnings NG Plugin cross-site request forgery vulnerability | |||
| CVE-2019-10328 | unknown | — | — | 4y ago | Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin | |||
| CVE-2019-10325 | unknown | — | — | 4y ago | Jenkins Warnings NG Plugin Cross-site scripting vulnerability | |||
| CVE-2019-10324 | unknown | — | — | 4y ago | Cross-site request forgery vulnerability in Jenkins Artifactory Plugin | |||
| CVE-2019-10327 | unknown | — | — | 4y ago | XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin | |||
| CVE-2019-10330 | unknown | — | — | 4y ago | Improper handling of untrusted branches in Gitea Jenkins Plugin | |||
| CVE-2019-10329 | unknown | — | — | 4y ago | Plaintext password storage in Jenkins InfluxDB Plugin | |||
| CVE-2019-10321 | unknown | — | — | 4y ago | Jenkins Artifactory Plugin cross-site request forgery vulnerability | |||
| CVE-2019-10322 | unknown | — | — | 4y ago | Jenkins Artifactory Plugin missing permission check | |||
| CVE-2019-10323 | unknown | — | — | 4y ago | Jenkins Artifactory Plugin missing permission check | |||
| CVE-2019-11818 | unknown | — | — | 4y ago | Alkacon OpenCMS XSS via New User module | |||
| CVE-2019-0233 | unknown | — | — | 4y ago | Improper Preservation of Permissions in Apache Struts | |||
| CVE-2019-17564 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Apache Dubbo | |||
| CVE-2019-17561 | unknown | — | — | 4y ago | Improper Verification of Cryptographic Signature in Apache Netbeans | |||
| CVE-2019-20526 | unknown | — | — | 4y ago | Ignite Realtime Openfire allows Cross-site Scripting | |||
| CVE-2019-20525 | unknown | — | — | 4y ago | Ignite Realtime Openfire allows Cross-site Scripting | |||
| CVE-2019-20528 | unknown | — | — | 4y ago | Ignite Realtime Openfire allows Cross-site Scripting | |||
| CVE-2019-14888 | unknown | — | — | 4y ago | Undertow vulnerable to Uncontrolled Resource Consumption | |||
| CVE-2019-14837 | unknown | — | — | 4y ago | keycloak vulnerable to unauthorized login via mail server setup | |||
| CVE-2019-6035 | unknown | — | — | 4y ago | Athenz vulnerable to Open Redirect | |||
| CVE-2019-16574 | unknown | — | — | 4y ago | Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to capture credentials stored in Jenkins | |||
| CVE-2019-16575 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Alauda Kubernetes Suport Plugin | |||
| CVE-2019-16576 | unknown | — | — | 4y ago | Improper Authorization in Jenkins Alauda Kubernetes Suport Plugin | |||
| CVE-2019-16572 | unknown | — | — | 4y ago | Jenkins Weibo Plugin stores credentials unencrypted in its global configuration file | |||
| CVE-2019-16570 | unknown | — | — | 4y ago | Jenkins RapidDeploy Plugin Cross-Site Request Forgery plugin | |||
| CVE-2019-16563 | unknown | — | — | 4y ago | Cross site scripting in Jenkins Mission Control Plugin | |||
| CVE-2019-16568 | unknown | — | — | 4y ago | Jenkins SCTMExecutor Plugin stores credentials in plain text | |||
| CVE-2019-16567 | unknown | — | — | 4y ago | Jenkins Team Concert Plugin missing permission check | |||
| CVE-2019-16564 | unknown | — | — | 4y ago | Jenkins Pipeline Aggregator View Plugin stored XSS vulnerability | |||
| CVE-2019-16571 | unknown | — | — | 4y ago | Jenkins RapidDeploy Plugin missing permission check | |||
| CVE-2019-16566 | unknown | — | — | 4y ago | Jenkins Team Concert Plugin missing permission check | |||
| CVE-2019-16573 | unknown | — | — | 4y ago | Jenkins Alauda DevOps Pipeline Plugin vulnerable to cross-site request forgery | |||
| CVE-2019-16569 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Mantis Plugin | |||
| CVE-2019-16559 | unknown | — | — | 4y ago | Jenkins WebSphere Deployer Plugin missing permission check | |||
| CVE-2019-16555 | unknown | — | — | 4y ago | Inefficient Regular Expression Complexity in Jenkins Build Failure Analyzer Plugin | |||
| CVE-2019-16562 | unknown | — | — | 4y ago | Jenkins buildgraph-view Plugin vulnerable to stored Cross-site Scripting | |||
| CVE-2019-16561 | unknown | — | — | 4y ago | SSL/TLS certificate validation globally and unconditionally disabled by Jenkins WebSphere Deployer Plugin | |||
| CVE-2019-16554 | unknown | — | — | 4y ago | Missing permission check in Jenkins Build Failure Analyzer Plugin | |||
| CVE-2019-16558 | unknown | — | — | 4y ago | Improper Certificate Validation in Jenkins Spira Importer Plugin | |||
| CVE-2019-16556 | unknown | — | — | 4y ago | Jenkins Rundeck Plugin stored credentials in plain text | |||
| CVE-2019-16557 | unknown | — | — | 4y ago | Jenkins Redgate SQL Change Automation Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-16565 | unknown | — | — | 4y ago | Jenkins Team Concert Plugin cross-site request forgery vulnerability | |||
| CVE-2019-16560 | unknown | — | — | 4y ago | Cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin | |||
| CVE-2019-16553 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Build Failure Analyzer Plugin | |||
| CVE-2019-16549 | unknown | — | — | 4y ago | Jenkins Maven Release Plug-in Plugin XXE vulnerability | |||
| CVE-2019-16551 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Gerrit Trigger Plugin | |||
| CVE-2019-16552 | unknown | — | — | 4y ago | Missing permission check in Jenkins Gerrit Trigger Plugin | |||
| CVE-2019-16550 | unknown | — | — | 4y ago | Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin | |||
| CVE-2019-19687 | unknown | — | — | 4y ago | OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enfor… | |||
| CVE-2019-14910 | unknown | — | — | 4y ago | Keycloak Authentication Error | |||
| CVE-2019-14909 | unknown | — | — | 4y ago | Keycloak Authentication Error | |||
| CVE-2019-10174 | unknown | — | — | 4y ago | Use of Externally-Controlled Input to Select Classes or Code in Infinispan | |||
| CVE-2019-16547 | unknown | — | — | 4y ago | Jenkins Google Compute Engine Plugin Missing Authorization vulnerability | |||
| CVE-2019-16540 | unknown | — | — | 4y ago | Jenkins Support Core Plugin allowed users with Overall/Read permission to delete arbitrary files | |||
| CVE-2019-16546 | unknown | — | — | 4y ago | Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin | |||
| CVE-2019-16545 | unknown | — | — | 4y ago | Jenkins QMetry for JIRA Plugin shows plain text password in configuration form | |||
| CVE-2019-16544 | unknown | — | — | 4y ago | Jenkins QMetry for JIRA Plugin stored credentials in plain text | |||
| CVE-2019-16548 | unknown | — | — | 4y ago | Jenkins Google Compute Engine Plugin Cross-Site Request Forgery vulnerability | |||
| CVE-2019-16543 | unknown | — | — | 4y ago | Plaintext Storage in Jenkins Spira Importer Plugin | |||
| CVE-2019-16541 | unknown | — | — | 4y ago | Jenkins JIRA Plugin allows users to select and use credentials with System scope | |||
| CVE-2019-16538 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Script Security Plugin | |||
| CVE-2019-16539 | unknown | — | — | 4y ago | Missing permission check in Jenkins Support Core Plugin | |||
| CVE-2019-16542 | unknown | — | — | 4y ago | Jenkins Anchore Container Scanner Plugin vulnerable to Insufficiently Protected Credentials | |||
| CVE-2019-7619 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | |||
| CVE-2019-0205 | unknown | — | — | 4y ago | Loop with Unreachable Exit Condition in Apache Thrift | |||
| CVE-2019-18394 | unknown | — | — | 4y ago | Ignite Realtime Openfire vulnerable to Server Side Request Forgery | |||
| CVE-2019-18393 | unknown | — | — | 4y ago | Ignite Realtime Openfire directory traversal vulnerability | |||
| CVE-2019-12415 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in Apache POI | |||
| CVE-2019-10472 | unknown | — | — | 4y ago | Jenkins Libvirt Slaves Plugin vlnerable to Incorrect Default Permissions | |||
| CVE-2019-10476 | unknown | — | — | 4y ago | Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials | |||
| CVE-2019-10461 | unknown | — | — | 4y ago | Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials | |||
| CVE-2019-10463 | unknown | — | — | 4y ago | Jenkins Dynatrace Plugin contains Incorrect Default Permissions |