VIR Vulnerability Intelligence Relay

CVEs from 2019

3,162 normalized CVEs published or assigned in this year.

Total
3,162
critical
critical 238
high
high 485
medium
medium 485
low
low 94
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%

Top vendors

Top products

  • u-boot 20
  • crimson 8
  • active_iq_unified_manager 7
  • weblogic_server 5
  • jdk 5
  • oncommand_workflow_automation 5
  • codeready_linux_builder_eus 4
  • oncommand_insight 4

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2019-5892 unknown bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used fo…
CVE-2019-3901 unknown A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_acce…
CVE-2019-13661 unknown UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.
CVE-2019-19536 unknown In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.
CVE-2019-19535 unknown In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.
CVE-2019-3826 unknown 3y ago A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prome…
CVE-2019-19040 unknown 4y ago Reflected Cross site scripting (XSS) in kairosdb
CVE-2019-25075 unknown 4y ago Path Traversal in Gravitee API Management
CVE-2019-17352 unknown 4y ago JFinal file validation vulnerability
CVE-2019-10169 unknown 4y ago Keycloak code execution via UMA policy abuse
CVE-2019-17560 unknown 4y ago Improper Certificate Validation in Apache Netbeans
CVE-2019-19899 unknown 4y ago Pebble Templates Improper Input Validation vulnerability
CVE-2019-20366 unknown 4y ago XSS in Ignite Realtime Openfire via isTrustStore
CVE-2019-17598 unknown 4y ago Play Framework Inadequate Encryption Strength vulnerability
CVE-2019-10427 unknown 4y ago Jenkins Aqua MicroScanner Plugin showed plain text credential in configuration form
CVE-2019-10430 unknown 4y ago Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text
CVE-2019-10428 unknown 4y ago Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form
CVE-2019-10426 unknown 4y ago Jenkins Gem Publisher Plugin stores credentials as plaintext
CVE-2019-10407 unknown 4y ago Project Inheritance Plugin showed secret environment variables defined in Mask Passwords Plugin
CVE-2019-10406 unknown 4y ago Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2019-10403 unknown 4y ago Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2019-10404 unknown 4y ago Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2019-10402 unknown 4y ago Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2019-10405 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2019-10401 unknown 4y ago Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2019-0195 unknown 4y ago Deserialization of Untrusted Data in Apache Tapestry
CVE-2019-12401 unknown 4y ago Apache Solr vulnerable to XML Bomb
CVE-2019-1010206 unknown 4y ago kevinsawicki/http-request Missing certificate validation
CVE-2019-10327 unknown 4y ago XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin
CVE-2019-10328 unknown 4y ago Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin
CVE-2019-10325 unknown 4y ago Jenkins Warnings NG Plugin Cross-site scripting vulnerability
CVE-2019-10330 unknown 4y ago Improper handling of untrusted branches in Gitea Jenkins Plugin
CVE-2019-10326 unknown 4y ago Jenkins Warnings NG Plugin cross-site request forgery vulnerability
CVE-2019-10329 unknown 4y ago Plaintext password storage in Jenkins InfluxDB Plugin
CVE-2019-10324 unknown 4y ago Cross-site request forgery vulnerability in Jenkins Artifactory Plugin
CVE-2019-10322 unknown 4y ago Jenkins Artifactory Plugin missing permission check
CVE-2019-10323 unknown 4y ago Jenkins Artifactory Plugin missing permission check
CVE-2019-10321 unknown 4y ago Jenkins Artifactory Plugin cross-site request forgery vulnerability
CVE-2019-11818 unknown 4y ago Alkacon OpenCMS XSS via New User module
CVE-2019-0233 unknown 4y ago Improper Preservation of Permissions in Apache Struts
CVE-2019-17564 unknown 4y ago Deserialization of Untrusted Data in Apache Dubbo
CVE-2019-17561 unknown 4y ago Improper Verification of Cryptographic Signature in Apache Netbeans
CVE-2019-20526 unknown 4y ago Ignite Realtime Openfire allows Cross-site Scripting
CVE-2019-20525 unknown 4y ago Ignite Realtime Openfire allows Cross-site Scripting
CVE-2019-20528 unknown 4y ago Ignite Realtime Openfire allows Cross-site Scripting
CVE-2019-14888 unknown 4y ago Undertow vulnerable to Uncontrolled Resource Consumption
CVE-2019-14837 unknown 4y ago keycloak vulnerable to unauthorized login via mail server setup
CVE-2019-6035 unknown 4y ago Athenz vulnerable to Open Redirect
CVE-2019-16572 unknown 4y ago Jenkins Weibo Plugin stores credentials unencrypted in its global configuration file
CVE-2019-16575 unknown 4y ago Cross-Site Request Forgery in Jenkins Alauda Kubernetes Suport Plugin
CVE-2019-16574 unknown 4y ago Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to capture credentials stored in Jenkins
CVE-2019-16576 unknown 4y ago Improper Authorization in Jenkins Alauda Kubernetes Suport Plugin
CVE-2019-16563 unknown 4y ago Cross site scripting in Jenkins Mission Control Plugin
CVE-2019-16564 unknown 4y ago Jenkins Pipeline Aggregator View Plugin stored XSS vulnerability
CVE-2019-16567 unknown 4y ago Jenkins Team Concert Plugin missing permission check
CVE-2019-16566 unknown 4y ago Jenkins Team Concert Plugin missing permission check
CVE-2019-16569 unknown 4y ago CSRF vulnerability in Jenkins Mantis Plugin
CVE-2019-16568 unknown 4y ago Jenkins SCTMExecutor Plugin stores credentials in plain text
CVE-2019-16573 unknown 4y ago Jenkins Alauda DevOps Pipeline Plugin vulnerable to cross-site request forgery
CVE-2019-16570 unknown 4y ago Jenkins RapidDeploy Plugin Cross-Site Request Forgery plugin
CVE-2019-16571 unknown 4y ago Jenkins RapidDeploy Plugin missing permission check
CVE-2019-16565 unknown 4y ago Jenkins Team Concert Plugin cross-site request forgery vulnerability
CVE-2019-16554 unknown 4y ago Missing permission check in Jenkins Build Failure Analyzer Plugin
CVE-2019-16558 unknown 4y ago Improper Certificate Validation in Jenkins Spira Importer Plugin
CVE-2019-16560 unknown 4y ago Cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin
CVE-2019-16557 unknown 4y ago Jenkins Redgate SQL Change Automation Plugin has Insufficiently Protected Credentials
CVE-2019-16559 unknown 4y ago Jenkins WebSphere Deployer Plugin missing permission check
CVE-2019-16555 unknown 4y ago Inefficient Regular Expression Complexity in Jenkins Build Failure Analyzer Plugin
CVE-2019-16562 unknown 4y ago Jenkins buildgraph-view Plugin vulnerable to stored Cross-site Scripting
CVE-2019-16561 unknown 4y ago SSL/TLS certificate validation globally and unconditionally disabled by Jenkins WebSphere Deployer Plugin
CVE-2019-16556 unknown 4y ago Jenkins Rundeck Plugin stored credentials in plain text
CVE-2019-16551 unknown 4y ago Cross-Site Request Forgery in Jenkins Gerrit Trigger Plugin
CVE-2019-16552 unknown 4y ago Missing permission check in Jenkins Gerrit Trigger Plugin
CVE-2019-16553 unknown 4y ago Cross-Site Request Forgery in Jenkins Build Failure Analyzer Plugin
CVE-2019-16550 unknown 4y ago Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin
CVE-2019-16549 unknown 4y ago Jenkins Maven Release Plug-in Plugin XXE vulnerability
CVE-2019-19687 unknown 4y ago OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enfor…
CVE-2019-14910 unknown 4y ago Keycloak Authentication Error
CVE-2019-14909 unknown 4y ago Keycloak Authentication Error
CVE-2019-10174 unknown 4y ago Use of Externally-Controlled Input to Select Classes or Code in Infinispan
CVE-2019-16543 unknown 4y ago Plaintext Storage in Jenkins Spira Importer Plugin
CVE-2019-16548 unknown 4y ago Jenkins Google Compute Engine Plugin Cross-Site Request Forgery vulnerability
CVE-2019-16545 unknown 4y ago Jenkins QMetry for JIRA Plugin shows plain text password in configuration form
CVE-2019-16546 unknown 4y ago Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin
CVE-2019-16540 unknown 4y ago Jenkins Support Core Plugin allowed users with Overall/Read permission to delete arbitrary files
CVE-2019-16544 unknown 4y ago Jenkins QMetry for JIRA Plugin stored credentials in plain text
CVE-2019-16547 unknown 4y ago Jenkins Google Compute Engine Plugin Missing Authorization vulnerability
CVE-2019-16542 unknown 4y ago Jenkins Anchore Container Scanner Plugin vulnerable to Insufficiently Protected Credentials
CVE-2019-16538 unknown 4y ago Incorrect Authorization in Jenkins Script Security Plugin
CVE-2019-16541 unknown 4y ago Jenkins JIRA Plugin allows users to select and use credentials with System scope
CVE-2019-16539 unknown 4y ago Missing permission check in Jenkins Support Core Plugin
CVE-2019-7619 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
CVE-2019-0205 unknown 4y ago Loop with Unreachable Exit Condition in Apache Thrift
CVE-2019-18393 unknown 4y ago Ignite Realtime Openfire directory traversal vulnerability
CVE-2019-18394 unknown 4y ago Ignite Realtime Openfire vulnerable to Server Side Request Forgery
CVE-2019-12415 unknown 4y ago Improper Restriction of XML External Entity Reference in Apache POI
CVE-2019-10461 unknown 4y ago Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials
CVE-2019-10472 unknown 4y ago Jenkins Libvirt Slaves Plugin vlnerable to Incorrect Default Permissions
CVE-2019-10476 unknown 4y ago Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials
CVE-2019-10473 unknown 4y ago Jenkins Libvirt Slaves Plugin vlnerable to Credential Enumeration