VIR Vulnerability Intelligence Relay

CVEs from 2019

3,162 normalized CVEs published or assigned in this year.

Total
3,162
critical
critical 238
high
high 485
medium
medium 485
low
low 94
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%

Top vendors

Top products

  • u-boot 20
  • crimson 8
  • active_iq_unified_manager 7
  • weblogic_server 5
  • jdk 5
  • oncommand_workflow_automation 5
  • codeready_linux_builder_eus 4
  • oncommand_insight 4

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2019-19040 unknown 4y ago Reflected Cross site scripting (XSS) in kairosdb
CVE-2019-25075 unknown 4y ago Path Traversal in Gravitee API Management
CVE-2019-17352 unknown 4y ago JFinal file validation vulnerability
CVE-2019-10169 unknown 4y ago Keycloak code execution via UMA policy abuse
CVE-2019-17560 unknown 4y ago Improper Certificate Validation in Apache Netbeans
CVE-2019-19899 unknown 4y ago Pebble Templates Improper Input Validation vulnerability
CVE-2019-20366 unknown 4y ago XSS in Ignite Realtime Openfire via isTrustStore
CVE-2019-17598 unknown 4y ago Play Framework Inadequate Encryption Strength vulnerability
CVE-2019-10426 unknown 4y ago Jenkins Gem Publisher Plugin stores credentials as plaintext
CVE-2019-10407 unknown 4y ago Project Inheritance Plugin showed secret environment variables defined in Mask Passwords Plugin
CVE-2019-10406 unknown 4y ago Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2019-10428 unknown 4y ago Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form
CVE-2019-10430 unknown 4y ago Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text
CVE-2019-10427 unknown 4y ago Jenkins Aqua MicroScanner Plugin showed plain text credential in configuration form
CVE-2019-10403 unknown 4y ago Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2019-10401 unknown 4y ago Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2019-10405 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2019-10404 unknown 4y ago Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2019-10402 unknown 4y ago Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2019-0195 unknown 4y ago Deserialization of Untrusted Data in Apache Tapestry
CVE-2019-12401 unknown 4y ago Apache Solr vulnerable to XML Bomb
CVE-2019-1010206 unknown 4y ago kevinsawicki/http-request Missing certificate validation
CVE-2019-10329 unknown 4y ago Plaintext password storage in Jenkins InfluxDB Plugin
CVE-2019-10328 unknown 4y ago Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin
CVE-2019-10330 unknown 4y ago Improper handling of untrusted branches in Gitea Jenkins Plugin
CVE-2019-10326 unknown 4y ago Jenkins Warnings NG Plugin cross-site request forgery vulnerability
CVE-2019-10325 unknown 4y ago Jenkins Warnings NG Plugin Cross-site scripting vulnerability
CVE-2019-10324 unknown 4y ago Cross-site request forgery vulnerability in Jenkins Artifactory Plugin
CVE-2019-10327 unknown 4y ago XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin
CVE-2019-10322 unknown 4y ago Jenkins Artifactory Plugin missing permission check
CVE-2019-10323 unknown 4y ago Jenkins Artifactory Plugin missing permission check
CVE-2019-10321 unknown 4y ago Jenkins Artifactory Plugin cross-site request forgery vulnerability
CVE-2019-11818 unknown 4y ago Alkacon OpenCMS XSS via New User module
CVE-2019-0233 unknown 4y ago Improper Preservation of Permissions in Apache Struts
CVE-2019-17564 unknown 4y ago Deserialization of Untrusted Data in Apache Dubbo
CVE-2019-17561 unknown 4y ago Improper Verification of Cryptographic Signature in Apache Netbeans
CVE-2019-20526 unknown 4y ago Ignite Realtime Openfire allows Cross-site Scripting
CVE-2019-20525 unknown 4y ago Ignite Realtime Openfire allows Cross-site Scripting
CVE-2019-20528 unknown 4y ago Ignite Realtime Openfire allows Cross-site Scripting
CVE-2019-14888 unknown 4y ago Undertow vulnerable to Uncontrolled Resource Consumption
CVE-2019-14837 unknown 4y ago keycloak vulnerable to unauthorized login via mail server setup
CVE-2019-6035 unknown 4y ago Athenz vulnerable to Open Redirect
CVE-2019-16576 unknown 4y ago Improper Authorization in Jenkins Alauda Kubernetes Suport Plugin
CVE-2019-16574 unknown 4y ago Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to capture credentials stored in Jenkins
CVE-2019-16572 unknown 4y ago Jenkins Weibo Plugin stores credentials unencrypted in its global configuration file
CVE-2019-16575 unknown 4y ago Cross-Site Request Forgery in Jenkins Alauda Kubernetes Suport Plugin
CVE-2019-16569 unknown 4y ago CSRF vulnerability in Jenkins Mantis Plugin
CVE-2019-16567 unknown 4y ago Jenkins Team Concert Plugin missing permission check
CVE-2019-16570 unknown 4y ago Jenkins RapidDeploy Plugin Cross-Site Request Forgery plugin
CVE-2019-16571 unknown 4y ago Jenkins RapidDeploy Plugin missing permission check
CVE-2019-16566 unknown 4y ago Jenkins Team Concert Plugin missing permission check
CVE-2019-16564 unknown 4y ago Jenkins Pipeline Aggregator View Plugin stored XSS vulnerability
CVE-2019-16573 unknown 4y ago Jenkins Alauda DevOps Pipeline Plugin vulnerable to cross-site request forgery
CVE-2019-16563 unknown 4y ago Cross site scripting in Jenkins Mission Control Plugin
CVE-2019-16568 unknown 4y ago Jenkins SCTMExecutor Plugin stores credentials in plain text
CVE-2019-16565 unknown 4y ago Jenkins Team Concert Plugin cross-site request forgery vulnerability
CVE-2019-16561 unknown 4y ago SSL/TLS certificate validation globally and unconditionally disabled by Jenkins WebSphere Deployer Plugin
CVE-2019-16554 unknown 4y ago Missing permission check in Jenkins Build Failure Analyzer Plugin
CVE-2019-16558 unknown 4y ago Improper Certificate Validation in Jenkins Spira Importer Plugin
CVE-2019-16555 unknown 4y ago Inefficient Regular Expression Complexity in Jenkins Build Failure Analyzer Plugin
CVE-2019-16559 unknown 4y ago Jenkins WebSphere Deployer Plugin missing permission check
CVE-2019-16560 unknown 4y ago Cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin
CVE-2019-16557 unknown 4y ago Jenkins Redgate SQL Change Automation Plugin has Insufficiently Protected Credentials
CVE-2019-16556 unknown 4y ago Jenkins Rundeck Plugin stored credentials in plain text
CVE-2019-16562 unknown 4y ago Jenkins buildgraph-view Plugin vulnerable to stored Cross-site Scripting
CVE-2019-16549 unknown 4y ago Jenkins Maven Release Plug-in Plugin XXE vulnerability
CVE-2019-16550 unknown 4y ago Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin
CVE-2019-16553 unknown 4y ago Cross-Site Request Forgery in Jenkins Build Failure Analyzer Plugin
CVE-2019-16552 unknown 4y ago Missing permission check in Jenkins Gerrit Trigger Plugin
CVE-2019-16551 unknown 4y ago Cross-Site Request Forgery in Jenkins Gerrit Trigger Plugin
CVE-2019-19687 unknown 4y ago OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enfor…
CVE-2019-14910 unknown 4y ago Keycloak Authentication Error
CVE-2019-14909 unknown 4y ago Keycloak Authentication Error
CVE-2019-10174 unknown 4y ago Use of Externally-Controlled Input to Select Classes or Code in Infinispan
CVE-2019-16548 unknown 4y ago Jenkins Google Compute Engine Plugin Cross-Site Request Forgery vulnerability
CVE-2019-16540 unknown 4y ago Jenkins Support Core Plugin allowed users with Overall/Read permission to delete arbitrary files
CVE-2019-16546 unknown 4y ago Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin
CVE-2019-16547 unknown 4y ago Jenkins Google Compute Engine Plugin Missing Authorization vulnerability
CVE-2019-16544 unknown 4y ago Jenkins QMetry for JIRA Plugin stored credentials in plain text
CVE-2019-16543 unknown 4y ago Plaintext Storage in Jenkins Spira Importer Plugin
CVE-2019-16545 unknown 4y ago Jenkins QMetry for JIRA Plugin shows plain text password in configuration form
CVE-2019-16542 unknown 4y ago Jenkins Anchore Container Scanner Plugin vulnerable to Insufficiently Protected Credentials
CVE-2019-16538 unknown 4y ago Incorrect Authorization in Jenkins Script Security Plugin
CVE-2019-16539 unknown 4y ago Missing permission check in Jenkins Support Core Plugin
CVE-2019-16541 unknown 4y ago Jenkins JIRA Plugin allows users to select and use credentials with System scope
CVE-2019-7619 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
CVE-2019-0205 unknown 4y ago Loop with Unreachable Exit Condition in Apache Thrift
CVE-2019-18393 unknown 4y ago Ignite Realtime Openfire directory traversal vulnerability
CVE-2019-18394 unknown 4y ago Ignite Realtime Openfire vulnerable to Server Side Request Forgery
CVE-2019-12415 unknown 4y ago Improper Restriction of XML External Entity Reference in Apache POI
CVE-2019-10461 unknown 4y ago Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials
CVE-2019-10476 unknown 4y ago Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials
CVE-2019-10472 unknown 4y ago Jenkins Libvirt Slaves Plugin vlnerable to Incorrect Default Permissions
CVE-2019-10471 unknown 4y ago Jenkins Libvirt Slaves Plugin vlnerable to Cross-Site Request Forgery
CVE-2019-10468 unknown 4y ago Jenkins Kubernetes CI/CD Plugin vulnerable to Cross-Site Request Forgery
CVE-2019-10460 unknown 4y ago Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials
CVE-2019-10470 unknown 4y ago Jenkins Kubernetes CI/CD Plugin vulnerable to Credential Enumeration
CVE-2019-10463 unknown 4y ago Jenkins Dynatrace Plugin contains Incorrect Default Permissions
CVE-2019-10465 unknown 4y ago Jenkins Deploy WebLogic Plugin missing permission check
CVE-2019-10473 unknown 4y ago Jenkins Libvirt Slaves Plugin vlnerable to Credential Enumeration