CVEs from 2019
Total
3,162
critical
critical 238
high
high 484
medium
medium 485
low
low 95
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-1003099 | unknown | — | — | 4y ago | Jenkins openid Plugin missing permission check | |||
| CVE-2019-1003081 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins OpenShift Deployer Plugin | |||
| CVE-2019-1003085 | unknown | — | — | 4y ago | Jenkins Zephyr Enterprise Test Management Plugin missing permission check | |||
| CVE-2019-1003091 | unknown | — | — | 4y ago | Missing permission check in Jenkins SOASTA CloudTest Plugin | |||
| CVE-2019-1003097 | unknown | — | — | 4y ago | Jenkins Crowd Integration Plugin stores credentials in plain text | |||
| CVE-2019-1003079 | unknown | — | — | 4y ago | Missing permission check in Jenkins VMware Lab Manager Slaves Plugin | |||
| CVE-2019-1003083 | unknown | — | — | 4y ago | Missing permission check in Jenkins Gearman Plugin | |||
| CVE-2019-1003096 | unknown | — | — | 4y ago | Jenkins TestFairy Plugin stores credentials in plain text | |||
| CVE-2019-6986 | unknown | — | — | 4y ago | Command Injection in VIVO Vitro | |||
| CVE-2019-11065 | unknown | — | — | 4y ago | Insecure transport protocol in Gradle | |||
| CVE-2019-1003051 | unknown | — | — | 4y ago | Jenkins IRC Plugin stores credentials in plain text | |||
| CVE-2019-1003052 | unknown | — | — | 4y ago | Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials in plain text | |||
| CVE-2019-1003059 | unknown | — | — | 4y ago | Missing permission check in Jenkins FTP publisher Plugin | |||
| CVE-2019-1003060 | unknown | — | — | 4y ago | Jenkins OWASP ZAP Plugin stores unencrypted credentials | |||
| CVE-2019-1003053 | unknown | — | — | 4y ago | Jenkins HockeyApp Plugin stores credentials in plain text | |||
| CVE-2019-1003056 | unknown | — | — | 4y ago | Jenkins WebSphere Deployer Plugin stores credentials in plain text | |||
| CVE-2019-1003057 | unknown | — | — | 4y ago | Jenkins Bitbucket Approve Plugin stores credentials in plain text | |||
| CVE-2019-1003070 | unknown | — | — | 4y ago | Jenkins veracode-scanner Plugin stores credentials in plain text | |||
| CVE-2019-1003064 | unknown | — | — | 4y ago | Jenkins aws-device-farm Plugin stores credentials in plain text | |||
| CVE-2019-1003069 | unknown | — | — | 4y ago | Jenkins Aqua Security Scanner Plugin stores credentials in plain text | |||
| CVE-2019-1003061 | unknown | — | — | 4y ago | Jenkins CloudFormation Plugin stores credentials in plain text | |||
| CVE-2019-1003067 | unknown | — | — | 4y ago | Jenkins Trac Publisher Plugin stores credentials in plain text | |||
| CVE-2019-1003055 | unknown | — | — | 4y ago | Jenkins FTP publisher Plugin stores credentials in plain text | |||
| CVE-2019-1003068 | unknown | — | — | 4y ago | Jenkins VMware vRealize Automation Plugin Missing Encryption of Sensitive Data | |||
| CVE-2019-1003054 | unknown | — | — | 4y ago | Jenkins Jira Issue Updater Plugin stores credentials in plain text | |||
| CVE-2019-1003063 | unknown | — | — | 4y ago | Jenkins Amazon SNS Build Notifier Plugin stores credentials in plain text | |||
| CVE-2019-1003066 | unknown | — | — | 4y ago | Jenkins Bugzilla Plugin stores credentials in plain text | |||
| CVE-2019-1003062 | unknown | — | — | 4y ago | Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials in plain text | |||
| CVE-2019-1003065 | unknown | — | — | 4y ago | Jenkins CloudShare Docker-Machine Plugin stores credentials in plain text | |||
| CVE-2019-1003095 | unknown | — | — | 4y ago | Jenkins Perfecto Mobile Plugin stores credentials in plain text | |||
| CVE-2019-1003089 | unknown | — | — | 4y ago | Jenkins Upload to pgyer Plugin stores credentials in plain text | |||
| CVE-2019-1003075 | unknown | — | — | 4y ago | Jenkins Audit to Database Plugin stores credentials in plain text | |||
| CVE-2019-1003088 | unknown | — | — | 4y ago | Jenkins Fabric-beta-publisher Plugin stores credentials in plain text | |||
| CVE-2019-1003094 | unknown | — | — | 4y ago | Jenkins Open STF Plugin stores credentials in plain text | |||
| CVE-2019-1003073 | unknown | — | — | 4y ago | Jenkins VS Team Services Continuous Deployment Plugin stores credentials in plain text | |||
| CVE-2019-1003077 | unknown | — | — | 4y ago | Missing permission check in Jenkins Audit to Database Plugin | |||
| CVE-2019-1003072 | unknown | — | — | 4y ago | Jenkins wildFly Deployer Plugin stores credentials in plain text | |||
| CVE-2019-1003071 | unknown | — | — | 4y ago | Jenkins Octopus Deploy Plugin stores credentials in plain text | |||
| CVE-2019-1003074 | unknown | — | — | 4y ago | Jenkins hyper.sh Commons Plugin stores credentials in plain text | |||
| CVE-2019-1003024 | unknown | — | — | 4y ago | Jenkins Script Security Plugin sandbox bypass vulnerability | |||
| CVE-2019-1003006 | unknown | — | — | 4y ago | Jenkins Groovy Plugin sandbox bypass vulnerability | |||
| CVE-2019-1003025 | unknown | — | — | 4y ago | Jenkins Cloud Foundry Plugin vulnerable to exposure of sensitive information | |||
| CVE-2019-1003048 | unknown | — | — | 4y ago | Jenkins PRQA Plugin stored password in plain text | |||
| CVE-2019-1003039 | unknown | — | — | 4y ago | Jenkins AppDynamics Dashboard Plugin has insufficiently protected credentials | |||
| CVE-2019-1003040 | unknown | — | — | 4y ago | Sandbox bypass vulnerability in Jenkins Script Security Plugin | |||
| CVE-2019-1003041 | unknown | — | — | 4y ago | Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin | |||
| CVE-2019-1003045 | unknown | — | — | 4y ago | ECS Publisher Plugin stored and displayed API token in plain text | |||
| CVE-2019-1003036 | unknown | — | — | 4y ago | Missing permission check in Azure VM Agents Plugin allowed modifying VM configuration | |||
| CVE-2019-1003047 | unknown | — | — | 4y ago | SSRF vulnerability due to missing permission check in Fortify on Demand Uploader Plugin | |||
| CVE-2019-1003038 | unknown | — | — | 4y ago | Jenkins Repository Connector Plugin has insufficiently protected credentials | |||
| CVE-2019-1003037 | unknown | — | — | 4y ago | Unprivileged users with Overall/Read access are able to enumerate credential IDs in Azure VM Agents Plugin | |||
| CVE-2019-1003031 | unknown | — | — | 4y ago | Script security sandbox bypass in Matrix Project Plugin | |||
| CVE-2019-1003034 | unknown | — | — | 4y ago | Script security sandbox bypass in Jenkins Job DSL Plugin | |||
| CVE-2019-1003035 | unknown | — | — | 4y ago | Information disclosure in Azure VM Agents Plugin | |||
| CVE-2019-1003032 | unknown | — | — | 4y ago | Script security sandbox bypass in Jenkins Email Extension Plugin | |||
| CVE-2019-1003033 | unknown | — | — | 4y ago | Jenkins Groovy Plugin sandbox bypass vulnerability | |||
| CVE-2019-10288 | unknown | — | — | 4y ago | Jenkins Jabber Server Plugin stores credentials in plain text | |||
| CVE-2019-10287 | unknown | — | — | 4y ago | Jenkins youtrack-plugin Plugin stored credentials in plain text | |||
| CVE-2019-10283 | unknown | — | — | 4y ago | Jenkins mabl Plugin stores credentials in plain text | |||
| CVE-2019-10286 | unknown | — | — | 4y ago | Jenkins DeployHub Plugin stores credentials in plain text | |||
| CVE-2019-10293 | unknown | — | — | 4y ago | Missing permission check in Jenkins Kmap Plugin allow SSRF | |||
| CVE-2019-10284 | unknown | — | — | 4y ago | Jenkins Diawi Upload Plugin stores credentials in plain text | |||
| CVE-2019-10285 | unknown | — | — | 4y ago | Jenkins Minio Storage Plugin stores credentials in plain text | |||
| CVE-2019-10279 | unknown | — | — | 4y ago | Missing permission check in Jenkins jenkins-reviewbot Plugin | |||
| CVE-2019-10299 | unknown | — | — | 4y ago | Jenkins CloudCoreo DeployTime Plugin stores credentials in plain text | |||
| CVE-2019-10297 | unknown | — | — | 4y ago | Jenkins Sametime Plugin stores credentials in plain text | |||
| CVE-2019-10291 | unknown | — | — | 4y ago | Jenkins Netsparker Enterprise Scan Plugin stored credentials in plain text | |||
| CVE-2019-10298 | unknown | — | — | 4y ago | Jenkins Koji Plugin stores credentials in plain text | |||
| CVE-2019-10294 | unknown | — | — | 4y ago | Jenkins Kmap Plugin stores credentials in plain text | |||
| CVE-2019-10290 | unknown | — | — | 4y ago | Missing permission check in Jenkins Netsparker Cloud Scan Plugin | |||
| CVE-2019-10282 | unknown | — | — | 4y ago | Jenkins Klaros-Testmanagement Plugin stores credentials in plain text | |||
| CVE-2019-10277 | unknown | — | — | 4y ago | Jenkins StarTeam Plugin stores credentials in plain text | |||
| CVE-2019-10295 | unknown | — | — | 4y ago | Jenkins crittercism-dsym Plugin stores API key in plain text | |||
| CVE-2019-10281 | unknown | — | — | 4y ago | Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials in plain text | |||
| CVE-2019-10296 | unknown | — | — | 4y ago | Jenkins Serena SRA Deploy Plugin stores credentials in plain text | |||
| CVE-2019-10280 | unknown | — | — | 4y ago | Jenkins Assembla Auth Plugin stores credentials in plain text | |||
| CVE-2019-7611 | unknown | — | — | 4y ago | Improper Access Control in Elasticsearch | |||
| CVE-2019-3830 | unknown | — | — | 4y ago | A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated. | |||
| CVE-2019-5919 | unknown | — | — | 4y ago | Nablarch Incomplete Cryptography | |||
| CVE-2019-9735 | unknown | — | — | 4y ago | An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security… | |||
| CVE-2019-10876 | unknown | — | — | 4y ago | An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated us… | |||
| CVE-2019-1003004 | unknown | — | — | 4y ago | Improper Authorization in Jenkins Core | |||
| CVE-2019-1003003 | unknown | — | — | 4y ago | Improper Authorization in Jenkins Core | |||
| CVE-2019-0204 | unknown | — | — | 4y ago | Docker image code execution with Apache Mesos | |||
| CVE-2019-18887 | unknown | — | — | 4y ago | An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/h… | |||
| CVE-2019-3902 | unknown | — | — | 4y ago | A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository. | |||
| CVE-2019-14900 | unknown | — | — | 4y ago | SQL Injection in Hibernate ORM | |||
| CVE-2019-12416 | unknown | — | — | 4y ago | Injection in DeltaSpike | |||
| CVE-2019-10091 | unknown | — | — | 4y ago | Apache Geode SSL endpoint verification vulnerability | |||
| CVE-2019-11343 | unknown | — | — | 4y ago | Vulnerability in Torpedo Query | |||
| CVE-2019-17640 | unknown | — | — | 4y ago | Path Traversal in Eclipse Vert | |||
| CVE-2019-10797 | unknown | — | — | 4y ago | HTTP Response Splitting in WSO2 transport-http | |||
| CVE-2019-17566 | unknown | — | — | 4y ago | Server-side request forgery (SSRF) in Apache Batik | |||
| CVE-2019-17557 | unknown | — | — | 5y ago | Cross-site scripting in Apache Syncome EndUser | |||
| CVE-2019-10170 | unknown | — | — | 5y ago | Privilege Defined With Unsafe Actions in Keycloak | |||
| CVE-2019-10095 | unknown | — | — | 5y ago | Bash command injection in Apache Zeppelin | |||
| CVE-2019-25050 | unknown | — | — | 5y ago | netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and… | |||
| CVE-2019-13126 | unknown | — | — | 5y ago | An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authe… | |||
| CVE-2019-25027 | unknown | — | — | 5y ago | Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13 | |||
| CVE-2019-25028 | unknown | — | — | 5y ago | Stored cross-site scripting in Grid component in Vaadin 7 and 8 |