CVEs from 2019
Total
3,162
critical
critical 238
high
high 485
medium
medium 485
low
low 94
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-10470 | unknown | — | — | 4y ago | Jenkins Kubernetes CI/CD Plugin vulnerable to Credential Enumeration | |||
| CVE-2019-10467 | unknown | — | — | 4y ago | Jenkins Sonar Gerrit Plugin stores credentials unencrypted | |||
| CVE-2019-10468 | unknown | — | — | 4y ago | Jenkins Kubernetes CI/CD Plugin vulnerable to Cross-Site Request Forgery | |||
| CVE-2019-10463 | unknown | — | — | 4y ago | Jenkins Dynatrace Plugin contains Incorrect Default Permissions | |||
| CVE-2019-10471 | unknown | — | — | 4y ago | Jenkins Libvirt Slaves Plugin vlnerable to Cross-Site Request Forgery | |||
| CVE-2019-10462 | unknown | — | — | 4y ago | Jenkins Dynatrace Plugin vulnerable to Cross-Site Request Forgery | |||
| CVE-2019-10473 | unknown | — | — | 4y ago | Jenkins Libvirt Slaves Plugin vlnerable to Credential Enumeration | |||
| CVE-2019-10460 | unknown | — | — | 4y ago | Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials | |||
| CVE-2019-10465 | unknown | — | — | 4y ago | Jenkins Deploy WebLogic Plugin missing permission check | |||
| CVE-2019-10459 | unknown | — | — | 4y ago | Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token | |||
| CVE-2019-10469 | unknown | — | — | 4y ago | Jenkins Kubernetes CI/CD Plugin vulnerable to Improper Authorization | |||
| CVE-2019-10466 | unknown | — | — | 4y ago | Jenkins 360 FireLine Plugin vulnerable to XML External Entity Reference | |||
| CVE-2019-16530 | unknown | — | — | 4y ago | Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager | |||
| CVE-2019-13116 | unknown | — | — | 4y ago | Mulesoft Mule Unsafe Deserialization | |||
| CVE-2019-10458 | unknown | — | — | 4y ago | Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin | |||
| CVE-2019-10455 | unknown | — | — | 4y ago | Missing permission check in Jenkins Rundeck Plugin | |||
| CVE-2019-10450 | unknown | — | — | 4y ago | Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin | |||
| CVE-2019-10449 | unknown | — | — | 4y ago | Jenkins Fortify on Demand Plugin stores credentials in plain text | |||
| CVE-2019-10453 | unknown | — | — | 4y ago | Jenkins Delphix Plugin vulnerable to Cleartext credential storage | |||
| CVE-2019-10456 | unknown | — | — | 4y ago | Jenkins Oracle Cloud Infrastructure Compute Classic Plugin cross-site request forgery vulnerability | |||
| CVE-2019-10454 | unknown | — | — | 4y ago | Jenkins Rundeck Plugin CSRF vulnerability | |||
| CVE-2019-10452 | unknown | — | — | 4y ago | Jenkins View26 Test-Reporting Plugin stores access token in plain text | |||
| CVE-2019-10451 | unknown | — | — | 4y ago | Jenkins SOASTA CloudTest Plugin stores API token in plain text | |||
| CVE-2019-10457 | unknown | — | — | 4y ago | Missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin | |||
| CVE-2019-10448 | unknown | — | — | 4y ago | Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin | |||
| CVE-2019-10441 | unknown | — | — | 4y ago | Jenkins iceScrum Plugin vulnerable to Cross-site Request Forgery | |||
| CVE-2019-10443 | unknown | — | — | 4y ago | Jenkins iceScrum Plugin stores credentials in Cleartext | |||
| CVE-2019-10447 | unknown | — | — | 4y ago | Jenkins Sofy.AI Plugin stores API token in plain text | |||
| CVE-2019-10442 | unknown | — | — | 4y ago | Jenkins iceScrum Plugin vulnerable to Missing Authorization | |||
| CVE-2019-10439 | unknown | — | — | 4y ago | Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization | |||
| CVE-2019-10444 | unknown | — | — | 4y ago | Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation | |||
| CVE-2019-10446 | unknown | — | — | 4y ago | Jenkins Cadence vManager Plugin disables SSL/TLS and hostname verification | |||
| CVE-2019-10440 | unknown | — | — | 4y ago | Jenkins NeoLoad Plugin stores credentials in cleartext | |||
| CVE-2019-10436 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins Google OAuth Credentials Plugin | |||
| CVE-2019-10445 | unknown | — | — | 4y ago | Missing permission checks in Google Kubernetes Engine Jenkins Plugin | |||
| CVE-2019-10438 | unknown | — | — | 4y ago | Jenkins CRX Content Package Deployer Plugin subject to Missing Authorization | |||
| CVE-2019-10437 | unknown | — | — | 4y ago | Jenkins CRX Content Package Deployer Plugin subject to Cross-Site Request Forgery | |||
| CVE-2019-14832 | unknown | — | — | 4y ago | Keycloak Unauthenticated Access | |||
| CVE-2019-14838 | unknown | — | — | 4y ago | Wildfly Authorization Misconfiguration | |||
| CVE-2019-16891 | unknown | — | — | 4y ago | Liferay Portal Allows RCE via Deserialization of a JSON Payload | |||
| CVE-2019-17091 | unknown | — | — | 4y ago | Cross-site Scripting in Eclipse Mojarra | |||
| CVE-2019-10433 | unknown | — | — | 4y ago | DingTalk Plugin stores credentials in plain text | |||
| CVE-2019-10434 | unknown | — | — | 4y ago | Jenkins LDAP Email Plugin shows plain text password in configuration form | |||
| CVE-2019-10202 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl | |||
| CVE-2019-10431 | unknown | — | — | 4y ago | Improper Control of Generation of Code in Jenkins Script Security Plugin | |||
| CVE-2019-0231 | unknown | — | — | 4y ago | Cleartext Transmission of Sensitive Information in Apache MINA | |||
| CVE-2019-10435 | unknown | — | — | 4y ago | Jenkins SourceGear Vault plugin transmits credentials in plain text | |||
| CVE-2019-10432 | unknown | — | — | 4y ago | Jenkins HTML Publisher Plugin vulnerable to Cross-site Scripting | |||
| CVE-2019-10424 | unknown | — | — | 4y ago | Jenkins elOyente Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-10425 | unknown | — | — | 4y ago | Jenkins Google Calendar Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-10420 | unknown | — | — | 4y ago | Jenkins Assembla Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-10418 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin | |||
| CVE-2019-10416 | unknown | — | — | 4y ago | Violation Comments to GitLab Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-10419 | unknown | — | — | 4y ago | Jenkins vFabric Application Director Plugin Insufficiently Protected Credentials | |||
| CVE-2019-10417 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin | |||
| CVE-2019-10421 | unknown | — | — | 4y ago | Jenkins Azure Event Grid Build Notifier Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-10415 | unknown | — | — | 4y ago | Jenkins Violation Comments to GitLab Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-10423 | unknown | — | — | 4y ago | Jenkins CodeScan Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-10414 | unknown | — | — | 4y ago | Jenkins Git Changelog Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-10422 | unknown | — | — | 4y ago | Jenkins Call Remote Job Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-10409 | unknown | — | — | 4y ago | Missing permission check in Jenkins Project Inheritance Plugin | |||
| CVE-2019-10410 | unknown | — | — | 4y ago | Jenkins Log Parser Plugin vulnerable to Cross-site Scripting | |||
| CVE-2019-10413 | unknown | — | — | 4y ago | Jenkins Data Theorem Mobile Security: CI/CD Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-10412 | unknown | — | — | 4y ago | Jenkins Inedo ProGet Plugin Plugin has Cleartext Transmission of Sensitive Information | |||
| CVE-2019-10411 | unknown | — | — | 4y ago | Jenkins Inedo BuildMaster Plugin showed plain text password in configuration form | |||
| CVE-2019-10408 | unknown | — | — | 4y ago | Jenkins Project Inheritance Plugin vulnerable to Cross-Site Request Forgery | |||
| CVE-2019-10754 | unknown | — | — | 4y ago | Use of Insufficiently Random Values in Apereo CAS | |||
| CVE-2019-12407 | unknown | — | — | 4y ago | Cross-site Scripting in Apache JSPWiki | |||
| CVE-2019-16370 | unknown | — | — | 4y ago | Use of a weak cryptographic algorithm in Gradle | |||
| CVE-2019-10396 | unknown | — | — | 4y ago | Jenkins Dashboard View Plugin vulnerable to Cross-site Scripting | |||
| CVE-2019-10395 | unknown | — | — | 4y ago | Jenkins Build Environment Plugin vulnerable to Cross-site Scripting | |||
| CVE-2019-10397 | unknown | — | — | 4y ago | Jenkins Aqua Security Serverless Scanner Plugin showed plain text password in job configuration form fields | |||
| CVE-2019-10394 | unknown | — | — | 4y ago | Sandbox bypass vulnerability in Jenkins Script Security Plugin | |||
| CVE-2019-10398 | unknown | — | — | 4y ago | Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-10400 | unknown | — | — | 4y ago | Sandbox bypass vulnerability in Jenkins Script Security Plugin | |||
| CVE-2019-10399 | unknown | — | — | 4y ago | Sandbox bypass vulnerability in Jenkins Script Security Plugin | |||
| CVE-2019-10392 | unknown | — | — | 4y ago | Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin | |||
| CVE-2019-10393 | unknown | — | — | 4y ago | Sandbox bypass vulnerability in Script Security Plugin | |||
| CVE-2019-16147 | unknown | — | — | 4y ago | Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via a Journal Article Title | |||
| CVE-2019-15630 | unknown | — | — | 4y ago | Mule modules contain Directory Traversal | |||
| CVE-2019-10390 | unknown | — | — | 4y ago | Jenkins Splunk Plugin Sandbox Bypass | |||
| CVE-2019-10391 | unknown | — | — | 4y ago | Jenkins IBM AppScan Plugin showed plain text password in job configuration form fields | |||
| CVE-2019-15563 | unknown | — | — | 4y ago | OHDSI WebAPI vulnerable to SQL Injection | |||
| CVE-2019-14433 | unknown | — | — | 4y ago | An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external excepti… | |||
| CVE-2019-10388 | unknown | — | — | 4y ago | Relution Enterprise Appstore Publisher Jenkins Plugin contains Cross-Site Request Forgery | |||
| CVE-2019-10385 | unknown | — | — | 4y ago | Jenkins eggplant-plugin Plugin stores credentials in plain text | |||
| CVE-2019-10387 | unknown | — | — | 4y ago | Missing permission check in Jenkins XL TestView Plugin | |||
| CVE-2019-10378 | unknown | — | — | 4y ago | Jenkins TestLink Plugin stores credentials in plain text | |||
| CVE-2019-10382 | unknown | — | — | 4y ago | Jenkins VMware Lab Manager Slaves Plugin vulnerable to Improper Certificate Validation | |||
| CVE-2019-10373 | unknown | — | — | 4y ago | Jenkins Build Pipeline Plugin vulnerable to Cross-site Scripting | |||
| CVE-2019-10380 | unknown | — | — | 4y ago | Jenkins Simple Travis Pipeline Runner Plugin script sandbox bypass vulnerability | |||
| CVE-2019-10386 | unknown | — | — | 4y ago | Cross-site request forgery vulnerability in Jenkins XL TestView Plugin | |||
| CVE-2019-10379 | unknown | — | — | 4y ago | Jenkins Google Cloud Messaging Notification Plugin stores credentials in plain text | |||
| CVE-2019-10389 | unknown | — | — | 4y ago | Missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin | |||
| CVE-2019-10376 | unknown | — | — | 4y ago | Jenkins Wall Display Plugin Cross-site Scripting vulnerability | |||
| CVE-2019-10368 | unknown | — | — | 4y ago | Jenkins JClouds Plugin cross-site request forgery vulnerability | |||
| CVE-2019-10371 | unknown | — | — | 4y ago | Jenkins Gitlab Authentication Plugin vulnerable to Session Fixation | |||
| CVE-2019-10381 | unknown | — | — | 4y ago | Jenkins Codefresh Integration Plugin Improper Certificate Validation vulnerability | |||
| CVE-2019-10375 | unknown | — | — | 4y ago | Arbitrary file read vulnerability in Jenkins File System SCM Plugin | |||
| CVE-2019-10377 | unknown | — | — | 4y ago | Missing permission check in Jenkins Avatar Plugin |