CVEs from 2019
Total
3,162
critical
critical 238
high
high 485
medium
medium 485
low
low 94
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-10372 | unknown | — | — | 4y ago | Jenkins Gitlab Authentication Plugin Open Redirect vulnerability | |||
| CVE-2019-10381 | unknown | — | — | 4y ago | Jenkins Codefresh Integration Plugin Improper Certificate Validation vulnerability | |||
| CVE-2019-10368 | unknown | — | — | 4y ago | Jenkins JClouds Plugin cross-site request forgery vulnerability | |||
| CVE-2019-10377 | unknown | — | — | 4y ago | Missing permission check in Jenkins Avatar Plugin | |||
| CVE-2019-10367 | unknown | — | — | 4y ago | Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin | |||
| CVE-2019-10366 | unknown | — | — | 4y ago | Skytap Cloud CI Plugin stored credentials in plain text | |||
| CVE-2019-10364 | unknown | — | — | 4y ago | Jenkins Amazon EC2 Plugin leaked beginning of private key in system log | |||
| CVE-2019-10363 | unknown | — | — | 4y ago | Cleartext Transmission of Sensitive Information in Jenkins Configuration as Code Plugin | |||
| CVE-2019-10362 | unknown | — | — | 4y ago | Improper Encoding or Escaping of Output in Jenkins Configuration as Code Plugin | |||
| CVE-2019-10361 | unknown | — | — | 4y ago | Jenkins Maven Release Plug-in Plugin stored credentials in plain text | |||
| CVE-2019-10360 | unknown | — | — | 4y ago | Jenkins Maven Release Plugin vulnerable to Cross-site Scripting | |||
| CVE-2019-10365 | unknown | — | — | 4y ago | Jenkins Google Kubernetes Engine Plugin vulnerable to Exposure of Resource to Wrong Sphere | |||
| CVE-2019-10358 | unknown | — | — | 4y ago | Maven Integration Plugin did not mask sensitive values in module build logs | |||
| CVE-2019-10356 | unknown | — | — | 4y ago | Return of Pointer Value Outside of Expected Rang in Jenkins Script Security Plugin | |||
| CVE-2019-10343 | unknown | — | — | 4y ago | Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin | |||
| CVE-2019-10357 | unknown | — | — | 4y ago | Missing Authorization in Jenkins Pipeline: Shared Groovy Libraries Plugin | |||
| CVE-2019-10344 | unknown | — | — | 4y ago | Missing Authorization in Jenkins Configuration as Code Plugin | |||
| CVE-2019-10359 | unknown | — | — | 4y ago | Jenkins Maven Release Plugin contains Cross-Site Request Forgery vulnerability | |||
| CVE-2019-10355 | unknown | — | — | 4y ago | Incorrect Privilege Assignment in Jenkins Script Security Plugin | |||
| CVE-2019-10345 | unknown | — | — | 4y ago | Plaintext Storage of a Password in Jenkins Configuration as Code Plugin | |||
| CVE-2019-7614 | unknown | — | — | 4y ago | Concurrent Execution using Shared Resource with Improper Synchronization in Elasticsearch | |||
| CVE-2019-14271 | unknown | — | — | 4y ago | In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the conten… | |||
| CVE-2019-0202 | unknown | — | — | 4y ago | Exposure of Sensitive Information in Apache Storm Logviewer | |||
| CVE-2019-1010241 | unknown | — | — | 4y ago | Jenkins Credentials Binding Plugin Stores Passwords in a Recoverable Format | |||
| CVE-2019-13509 | unknown | — | — | 4y ago | In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a… | |||
| CVE-2019-10351 | unknown | — | — | 4y ago | Jenkins Caliper CI Plugin stores credentials in plain text | |||
| CVE-2019-10348 | unknown | — | — | 4y ago | Jenkins Gogs Plugin stored credentials in plain text | |||
| CVE-2019-10350 | unknown | — | — | 4y ago | Jenkins Port Allocator Plugin stores credentials in plain text | |||
| CVE-2019-10342 | unknown | — | — | 4y ago | Missing permission check in Jenkins Docker Plugin | |||
| CVE-2019-10346 | unknown | — | — | 4y ago | Jenkins Embeddable Build Status Plugin contains Cross-site Scripting | |||
| CVE-2019-10347 | unknown | — | — | 4y ago | Stored credentials unencrypted in Jenkins Mashup Portlets Plugin | |||
| CVE-2019-10340 | unknown | — | — | 4y ago | Jenkins Docker Plugin contains Cross-Site Request Forgery | |||
| CVE-2019-10341 | unknown | — | — | 4y ago | Missing permission check in Jenkins Docker Plugin | |||
| CVE-2019-10333 | unknown | — | — | 4y ago | Jenkins ElectricFlow Plugin Missing permission checks | |||
| CVE-2019-10335 | unknown | — | — | 4y ago | Jenkins ElectricFlow Plugin is vulnerable to stored cross site scripting vulnerability | |||
| CVE-2019-10332 | unknown | — | — | 4y ago | Jenkins ElectricFlow Plugin missing permission check | |||
| CVE-2019-10337 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference Jenkins Token Macro Plugin | |||
| CVE-2019-10331 | unknown | — | — | 4y ago | Jenkins ElectricFlow Plugin cross-site request forgery vulnerability | |||
| CVE-2019-10338 | unknown | — | — | 4y ago | Jenkins JX Resources Plugin cross-site request forgery vulnerability | |||
| CVE-2019-10336 | unknown | — | — | 4y ago | Jenkins ElectricFlow Plugin is vulnerable to reflected cross site scripting vulnerability | |||
| CVE-2019-10334 | unknown | — | — | 4y ago | Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation | |||
| CVE-2019-10339 | unknown | — | — | 4y ago | Jenkins JX Resources Plugin missing permission check | |||
| CVE-2019-12728 | unknown | — | — | 4y ago | Incorrect Resource Transfer Between Spheres in Grails | |||
| CVE-2019-11841 | unknown | — | — | 4y ago | A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 488… | |||
| CVE-2019-10320 | unknown | — | — | 4y ago | Insertion of Sensitive Information into Externally-Accessible File or Directory in Jenkins Credentials Plugin | |||
| CVE-2019-0226 | unknown | — | — | 4y ago | Apache Karaf vulnerable to relative path traversal | |||
| CVE-2019-11819 | unknown | — | — | 4y ago | Alkacon OpenCMS CSV Injection via New User module | |||
| CVE-2019-10249 | unknown | — | — | 4y ago | Potentially compromised builds | |||
| CVE-2019-10318 | unknown | — | — | 4y ago | Jenkins Azure AD Plugin stored the client secret unencrypted | |||
| CVE-2019-10314 | unknown | — | — | 4y ago | Jenkins Koji Plugin globally and unconditionally disables SSL/TLS certificate validation | |||
| CVE-2019-10315 | unknown | — | — | 4y ago | Jenkins GitHub Authentication Plugin Cross-Site Request Forgery vulnerability | |||
| CVE-2019-10311 | unknown | — | — | 4y ago | Jenkins Ansible Tower Plugin missing permission check | |||
| CVE-2019-10310 | unknown | — | — | 4y ago | Jenkins Ansible Tower Plugin cross-site request forgery vulnerability | |||
| CVE-2019-10308 | unknown | — | — | 4y ago | Missing permission check in Jenkins Static Analysis Utilities Plugin | |||
| CVE-2019-10312 | unknown | — | — | 4y ago | Missing permission check in Jenkins Ansible Tower Plugin | |||
| CVE-2019-10313 | unknown | — | — | 4y ago | Jenkins Twitter Plugin stores credentials in plain text | |||
| CVE-2019-10316 | unknown | — | — | 4y ago | Jenkins Aqua MicroScanner Plugin stored credentials in plain text | |||
| CVE-2019-10307 | unknown | — | — | 4y ago | Jenkins Static Analysis Utilities Plugin is vulnerable to Cross-site request forgery vulnerability | |||
| CVE-2019-10309 | unknown | — | — | 4y ago | Jenkins Self-Organizing Swarm Plug-in Modules Plugin XXE vulnerability via UDP broadcast response | |||
| CVE-2019-10248 | unknown | — | — | 4y ago | Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS | |||
| CVE-2019-11405 | unknown | — | — | 4y ago | OpenAPI Tools OpenAPI Generator uses HTTP in various files | |||
| CVE-2019-10306 | unknown | — | — | 4y ago | Sandbox bypass in ontrack Jenkins Plugin | |||
| CVE-2019-10302 | unknown | — | — | 4y ago | Jenkins jira-ext Plugin stores credentials unencrypted | |||
| CVE-2019-10300 | unknown | — | — | 4y ago | Jenkins GitLab Plugin Cross-Site Request Forgery vulnerability | |||
| CVE-2019-10301 | unknown | — | — | 4y ago | Jenkins GitLab Plugin missing permission checks | |||
| CVE-2019-10303 | unknown | — | — | 4y ago | Jenkins Azure PublisherSettings Credentials Plugin stored credentials in plain text | |||
| CVE-2019-10304 | unknown | — | — | 4y ago | Jenkins XebiaLabs XL Deploy Plugin vulnerable to Cross-site request forgery (CSRF) | |||
| CVE-2019-10305 | unknown | — | — | 4y ago | Missing permission check in Jenkins XebiaLabs XL Deploy Plugin | |||
| CVE-2019-5312 | unknown | — | — | 4y ago | XML External Entity Reference in weixin-java-tools | |||
| CVE-2019-7722 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in PMD | |||
| CVE-2019-1003010 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Git Plugin | |||
| CVE-2019-1003012 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Blue Ocean Plugin | |||
| CVE-2019-1003013 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Blue Ocean Plugin | |||
| CVE-2019-1003018 | unknown | — | — | 4y ago | GitHub Authentication Plugin showed plain text client secret in configuration form | |||
| CVE-2019-1003015 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Job Import Plugin | |||
| CVE-2019-1003014 | unknown | — | — | 4y ago | Jenkins Config File Provider Plugin XSS vulnerability | |||
| CVE-2019-1003008 | unknown | — | — | 4y ago | Jenkins Warnings Next Generation Plugin cross-site request forgery vulnerability | |||
| CVE-2019-1003009 | unknown | — | — | 4y ago | Jenkins Active Directory Plugin Improper certificate validation with StartTLS | |||
| CVE-2019-1003007 | unknown | — | — | 4y ago | Sandbox Bypass via CSRF in Jenkins Warnings Plugin | |||
| CVE-2019-1003016 | unknown | — | — | 4y ago | Jenkins Job Import Plugin vulnerable to exposure of sensitive information | |||
| CVE-2019-1003021 | unknown | — | — | 4y ago | Jenkins OpenId Connect Authentication Plugin showed plain text client secret in configuration form | |||
| CVE-2019-1003027 | unknown | — | — | 4y ago | SSRF vulnerability due to missing permission check in Jenkins OctopusDeploy Plugin | |||
| CVE-2019-1003019 | unknown | — | — | 4y ago | GitHub Authentication Plugin session fixation vulnerability | |||
| CVE-2019-1003017 | unknown | — | — | 4y ago | Jenkins Job Import Plugin CSRF vulnerability | |||
| CVE-2019-1003023 | unknown | — | — | 4y ago | XSS vulnerability in Jenkins Warnings Next Generation Plugin | |||
| CVE-2019-1003020 | unknown | — | — | 4y ago | Jenkins Kanboard Plugin vulnerable to Server-side request forgery (SSRF) | |||
| CVE-2019-1003026 | unknown | — | — | 4y ago | Jenkins Mattermost Notification Plugin vulnerable to SSRF | |||
| CVE-2019-1003022 | unknown | — | — | 4y ago | Jenkins Monitoring Plugin vulnerable to Denial of service vulnerability | |||
| CVE-2019-1003028 | unknown | — | — | 4y ago | SSRF vulnerability due to missing permission check in Jenkins JMS Messaging Plugin | |||
| CVE-2019-10278 | unknown | — | — | 4y ago | CSRF vulnerability in jenkins-reviewbot Plugin | |||
| CVE-2019-10292 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Nomad Plugin allow SSRF | |||
| CVE-2019-10289 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Netsparker Enterprise Scan Plugin | |||
| CVE-2019-1003044 | unknown | — | — | 4y ago | Jenkins Slack Notification Plugin CSRF vulnerability and missing permission checks | |||
| CVE-2019-1003076 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Audit to Database Plugin | |||
| CVE-2019-1003042 | unknown | — | — | 4y ago | Jenkins Lockable Resources Plugin XSS vulnerability | |||
| CVE-2019-1003078 | unknown | — | — | 4y ago | Jenkins VMware Lab Manager Slaves Plugin vulnerable CSRF vulnerability | |||
| CVE-2019-1003058 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins FTP publisher Plugin | |||
| CVE-2019-1003080 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins OpenShift Deployer Plugin | |||
| CVE-2019-1003046 | unknown | — | — | 4y ago | Jenkins Fortify on Demand Uploader Plugin CSRF vulnerability | |||
| CVE-2019-1003084 | unknown | — | — | 4y ago | CSRF vulnerability in Zephyr Enterprise Test Management Plugin |