VIR Vulnerability Intelligence Relay

CVEs from 2019

3,161 normalized CVEs published or assigned in this year.

Total
3,161
critical
critical 238
high
high 484
medium
medium 485
low
low 95
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%

Top vendors

Top products

  • u-boot 20
  • crimson 8
  • active_iq_unified_manager 7
  • weblogic_server 5
  • jdk 5
  • oncommand_workflow_automation 5
  • codeready_linux_builder_eus 4
  • oncommand_insight 4

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2019-12404 unknown 7y ago Cross-site scripting in Apache JSPWiki
CVE-2019-10089 unknown 7y ago Cross-site scripting in Apache JSPWiki
CVE-2019-10087 unknown 7y ago Cross-site scripting in Apache JSPWiki
CVE-2019-10090 unknown 7y ago Cross-site scripting in Apache JSPWiki
CVE-2019-16869 unknown 7y ago HTTP Request Smuggling in Netty
CVE-2019-12402 unknown 7y ago Denial of Service in Apache Commons Compress
CVE-2019-10071 unknown 7y ago Timing attack on HMAC signature comparison in Apache Tapestry
CVE-2019-16148 unknown 7y ago Cross-site scripting in Sakai
CVE-2019-10199 unknown 7y ago Improper Input Validation and Cross-Site Request Forgery in Keycloak
CVE-2019-10201 unknown 7y ago Improper Verification of Cryptographic Signature in keycloak
CVE-2019-11777 unknown 7y ago Improper Handling of Exceptional Conditions and Origin Validation Error in Eclipse Paho Java client library
CVE-2019-10753 unknown 7y ago Incorrect Resource Transfer Between Spheres in eclipse-wtp
CVE-2019-5475 unknown 7y ago OS Command Injection in Nexus Yum Repository Plugin
CVE-2019-12400 unknown 7y ago Improper input validation in Apache Santuario XML Security for Java
CVE-2019-15477 unknown 7y ago Cross-site Scripting in Jooby
CVE-2019-15488 unknown 7y ago Cross-site Scripting in Ignite Realtime Openfire
CVE-2019-16137 unknown 7y ago An issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is used. Because memory ordering is mishandled, two writers can acquire the lock at the same time, violating mutual exclus…
CVE-2019-12397 unknown 7y ago Cross-site scripting in Apache Ranger
CVE-2019-10099 unknown 7y ago Sensitive data written to disk unencrypted in Spark
CVE-2019-10088 unknown 7y ago Allocation of Resources Without Limits or Throttling in Apache Tika
CVE-2019-10093 unknown 7y ago Allocation of Resources Without Limits or Throttling in Apache Tika
CVE-2019-10094 unknown 7y ago Allocation of Resources Without Limits or Throttling in Apache Tika
CVE-2019-10184 unknown 7y ago Undertow Missing Authorization when requesting a protected directory without trailing slash
CVE-2019-14439 unknown 7y ago A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally e…
CVE-2019-14379 unknown 7y ago SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), lead…
CVE-2019-10173 unknown 7y ago Deserialization of Untrusted Data and Code Injection in xstream
CVE-2019-0228 unknown 7y ago Vulnerability that affects org.apache.pdfbox:pdfbox
CVE-2019-9827 unknown 7y ago Server-Side Request Forgery in Hawt Hawtio
CVE-2019-9843 unknown 7y ago Improper Restriction of XML External Entity Reference in DiffPlug Spotless
CVE-2019-3875 unknown 7y ago Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak
CVE-2019-11272 unknown 7y ago Insufficiently Protected Credentials and Improper Authentication in Spring Security
CVE-2019-10072 unknown 7y ago The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDA…
CVE-2019-5442 unknown 7y ago XML Entity Expansion in Pippo
CVE-2019-3888 unknown 7y ago Credential exposure through log files in Undertow
CVE-2019-12741 unknown 7y ago Cross-site Scripting in HAPI FHIR
CVE-2019-10078 unknown 7y ago Cross-site Scriptin in JSPWiki
CVE-2019-10077 unknown 7y ago Cross-site Scripting in JSPWiki
CVE-2019-10076 unknown 7y ago Cross-Site Scripting in JSPWiki
CVE-2019-3802 unknown 7y ago Improper Neutralization of Wildcards or Matching Symbols
CVE-2019-0201 unknown 7y ago Access control bypass in Apache ZooKeeper
CVE-2019-0188 unknown 7y ago XML External Entity injection in Apache Camel
CVE-2019-3797 unknown 7y ago Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA
CVE-2019-11808 unknown 7y ago Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Ratpack
CVE-2019-0213 unknown 7y ago Cross-site scripting in Apache Archiva
CVE-2019-0214 unknown 7y ago Improper Input Validation in Apache Archiva
CVE-2019-0194 unknown 7y ago Path Traversal in Apache Camel
CVE-2019-3868 unknown 7y ago Exposure of Sensitive Information to an Unauthorized Actor in Keycloak
CVE-2019-15542 unknown 7y ago An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization.
CVE-2019-10246 unknown 7y ago Information Exposure vulnerability in Eclipse Jetty
CVE-2019-10247 unknown 7y ago Installation information leak in Eclipse Jetty
CVE-2019-10241 unknown 7y ago Cross-site Scripting in Eclipse Jetty
CVE-2019-5427 unknown 7y ago Billion laughs attack in c3p0
CVE-2019-11404 unknown 7y ago Missing Encryption of Sensitive Data in arrow-kt Arrow
CVE-2019-10686 unknown 7y ago Server-Side Request Forgery (SSRF) in com.ctrip.framework.apollo:apollo
CVE-2019-3795 unknown 7y ago Spring Security uses insufficiently random values
CVE-2019-10240 unknown 7y ago Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit
CVE-2019-0225 unknown 7y ago Improper Limitation of a Pathname ('Path Traversal') in org.apache.jspwiki:jspwiki-war
CVE-2019-1010260 unknown 7y ago High severity vulnerability that affects com.github.shyiko.ktlint:ktlint-core
CVE-2019-0212 unknown 7y ago Improper Authorization in org.apache.hbase:hbase
CVE-2019-0224 unknown 7y ago Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main
CVE-2019-0222 unknown 7y ago Improper Control of Generation of Code ('Code Injection') in org.apache.activemq:activemq-client
CVE-2019-10648 unknown 7y ago Robocode vulnerabilities
CVE-2019-0191 unknown 7y ago Moderate severity vulnerability that affects org.apache.karaf:apache-karaf and org.apache.karaf:karaf
CVE-2019-0192 unknown 7y ago Critical severity vulnerability that affects org.apache.solr:solr-core
CVE-2019-9658 unknown 7y ago Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle
CVE-2019-0200 unknown 7y ago Improper Input Validation in Apache Qpid Broker-J
CVE-2019-0187 unknown 7y ago Unauthenticated Remote Code Execution in Apache JMeter
CVE-2019-9212 unknown 7y ago Incomplete List of Disallowed Inputs in SOFA-Hessian
CVE-2019-9142 unknown 7y ago Moderate severity vulnerability that affects org.b3log:symphony
CVE-2019-3774 unknown 8y ago Low severity vulnerability that affects org.springframework.batch:spring-batch-core
CVE-2019-3773 unknown 8y ago Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml
CVE-2019-3772 unknown 8y ago Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml