VIR Vulnerability Intelligence Relay

CVEs from 2019

3,162 normalized CVEs published or assigned in this year.

Total
3,162
critical
critical 238
high
high 485
medium
medium 485
low
low 94
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%

Top vendors

Top products

  • u-boot 20
  • crimson 8
  • active_iq_unified_manager 7
  • weblogic_server 5
  • jdk 5
  • oncommand_workflow_automation 5
  • codeready_linux_builder_eus 4
  • oncommand_insight 4

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2019-3888 unknown 7y ago Credential exposure through log files in Undertow
CVE-2019-12741 unknown 7y ago Cross-site Scripting in HAPI FHIR
CVE-2019-10078 unknown 7y ago Cross-site Scriptin in JSPWiki
CVE-2019-10077 unknown 7y ago Cross-site Scripting in JSPWiki
CVE-2019-10076 unknown 7y ago Cross-Site Scripting in JSPWiki
CVE-2019-3802 unknown 7y ago Improper Neutralization of Wildcards or Matching Symbols
CVE-2019-0201 unknown 7y ago Access control bypass in Apache ZooKeeper
CVE-2019-0188 unknown 7y ago XML External Entity injection in Apache Camel
CVE-2019-3797 unknown 7y ago Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA
CVE-2019-11808 unknown 7y ago Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Ratpack
CVE-2019-0213 unknown 7y ago Cross-site scripting in Apache Archiva
CVE-2019-0214 unknown 7y ago Improper Input Validation in Apache Archiva
CVE-2019-0194 unknown 7y ago Path Traversal in Apache Camel
CVE-2019-3868 unknown 7y ago Exposure of Sensitive Information to an Unauthorized Actor in Keycloak
CVE-2019-15542 unknown 7y ago An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization.
CVE-2019-10246 unknown 7y ago Information Exposure vulnerability in Eclipse Jetty
CVE-2019-10247 unknown 7y ago Installation information leak in Eclipse Jetty
CVE-2019-10241 unknown 7y ago Cross-site Scripting in Eclipse Jetty
CVE-2019-5427 unknown 7y ago Billion laughs attack in c3p0
CVE-2019-11404 unknown 7y ago Missing Encryption of Sensitive Data in arrow-kt Arrow
CVE-2019-10686 unknown 7y ago Server-Side Request Forgery (SSRF) in com.ctrip.framework.apollo:apollo
CVE-2019-3795 unknown 7y ago Spring Security uses insufficiently random values
CVE-2019-10240 unknown 7y ago Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit
CVE-2019-0225 unknown 7y ago Improper Limitation of a Pathname ('Path Traversal') in org.apache.jspwiki:jspwiki-war
CVE-2019-1010260 unknown 7y ago High severity vulnerability that affects com.github.shyiko.ktlint:ktlint-core
CVE-2019-0212 unknown 7y ago Improper Authorization in org.apache.hbase:hbase
CVE-2019-0224 unknown 7y ago Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main
CVE-2019-0222 unknown 7y ago Improper Control of Generation of Code ('Code Injection') in org.apache.activemq:activemq-client
CVE-2019-10648 unknown 7y ago Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of…
CVE-2019-0191 unknown 7y ago Moderate severity vulnerability that affects org.apache.karaf:apache-karaf and org.apache.karaf:karaf
CVE-2019-0192 unknown 7y ago Critical severity vulnerability that affects org.apache.solr:solr-core
CVE-2019-9658 unknown 7y ago Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle
CVE-2019-0200 unknown 7y ago Improper Input Validation in Apache Qpid Broker-J
CVE-2019-0187 unknown 7y ago Unauthenticated Remote Code Execution in Apache JMeter
CVE-2019-9212 unknown 7y ago Incomplete List of Disallowed Inputs in SOFA-Hessian
CVE-2019-9142 unknown 7y ago Moderate severity vulnerability that affects org.b3log:symphony
CVE-2019-3774 unknown 8y ago Low severity vulnerability that affects org.springframework.batch:spring-batch-core
CVE-2019-3773 unknown 8y ago Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml
CVE-2019-3772 unknown 8y ago Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml