VIR Vulnerability Intelligence Relay

CVEs from 2019

3,162 normalized CVEs published or assigned in this year.

Total
3,162
critical
critical 238
high
high 485
medium
medium 485
low
low 94
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%

Top vendors

Top products

  • u-boot 20
  • crimson 8
  • active_iq_unified_manager 7
  • weblogic_server 5
  • jdk 5
  • oncommand_workflow_automation 5
  • codeready_linux_builder_eus 4
  • oncommand_insight 4

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2019-14881 unknown 4y ago Moodle XSS Vulnerability
CVE-2019-14882 unknown 4y ago Moodle open redirect vulnerability
CVE-2019-11939 unknown 4y ago Denial of service via malicious message size declaration in github.com/facebook/fbthrift
CVE-2019-19210 unknown 4y ago Dolibarr ERP and CRM contain XSS Vulnerability
CVE-2019-19211 unknown 4y ago Dolibarr ERP and CRM contain XSS Vulnerability
CVE-2019-19212 unknown 4y ago Dolibarr Cross-site Scripting via the qty parameter in product/fournisseurs.php
CVE-2019-19209 unknown 4y ago Dolibarr ERP and CRM SQLi
CVE-2019-10807 unknown 4y ago Improper Neutralization of Special Elements used in an OS Command in Blamer
CVE-2019-16107 unknown 4y ago phpBB Cross-Site Request Forgery (CSRF)
CVE-2019-12246 unknown 4y ago SilverStripe Denial of Service on flush and development URL tools
CVE-2019-12437 unknown 4y ago Silverstripe CSRF Protection Bypass via GraphQL
CVE-2019-10791 unknown 4y ago promise-probe OS command injection vulnerability
CVE-2019-10794 unknown 4y ago component-flatten vulnerable to Prototype Pollution
CVE-2019-14888 unknown 4y ago Undertow vulnerable to Uncontrolled Resource Consumption
CVE-2019-17361 unknown 4y ago In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoin…
CVE-2019-14837 unknown 4y ago keycloak vulnerable to unauthorized login via mail server setup
CVE-2019-14879 unknown 4y ago Moodle does not revoke role capabilities correctly
CVE-2019-10774 unknown 4y ago php-shellcommand versions before 1.6.1 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-6035 unknown 4y ago Athenz vulnerable to Open Redirect
CVE-2019-19724 unknown 4y ago Singularity insecure permissions
CVE-2019-15598 unknown 4y ago Treekill Enables OS Command Injection
CVE-2019-19850 unknown 4y ago TYPO3 SQL Injection in low-level Query Generator
CVE-2019-19848 unknown 4y ago TYPO3 Directory Traversal on ZIP extraction
CVE-2019-19849 unknown 4y ago TYPO3 Insecure Deserialization in Query Generator & Query View
CVE-2019-16574 unknown 4y ago Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to capture credentials stored in Jenkins
CVE-2019-16572 unknown 4y ago Jenkins Weibo Plugin stores credentials unencrypted in its global configuration file
CVE-2019-16575 unknown 4y ago Cross-Site Request Forgery in Jenkins Alauda Kubernetes Suport Plugin
CVE-2019-16576 unknown 4y ago Improper Authorization in Jenkins Alauda Kubernetes Suport Plugin
CVE-2019-16569 unknown 4y ago CSRF vulnerability in Jenkins Mantis Plugin
CVE-2019-16567 unknown 4y ago Jenkins Team Concert Plugin missing permission check
CVE-2019-16571 unknown 4y ago Jenkins RapidDeploy Plugin missing permission check
CVE-2019-16564 unknown 4y ago Jenkins Pipeline Aggregator View Plugin stored XSS vulnerability
CVE-2019-16566 unknown 4y ago Jenkins Team Concert Plugin missing permission check
CVE-2019-16568 unknown 4y ago Jenkins SCTMExecutor Plugin stores credentials in plain text
CVE-2019-16573 unknown 4y ago Jenkins Alauda DevOps Pipeline Plugin vulnerable to cross-site request forgery
CVE-2019-16563 unknown 4y ago Cross site scripting in Jenkins Mission Control Plugin
CVE-2019-16570 unknown 4y ago Jenkins RapidDeploy Plugin Cross-Site Request Forgery plugin
CVE-2019-16558 unknown 4y ago Improper Certificate Validation in Jenkins Spira Importer Plugin
CVE-2019-16556 unknown 4y ago Jenkins Rundeck Plugin stored credentials in plain text
CVE-2019-16557 unknown 4y ago Jenkins Redgate SQL Change Automation Plugin has Insufficiently Protected Credentials
CVE-2019-16560 unknown 4y ago Cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin
CVE-2019-16562 unknown 4y ago Jenkins buildgraph-view Plugin vulnerable to stored Cross-site Scripting
CVE-2019-16554 unknown 4y ago Missing permission check in Jenkins Build Failure Analyzer Plugin
CVE-2019-16561 unknown 4y ago SSL/TLS certificate validation globally and unconditionally disabled by Jenkins WebSphere Deployer Plugin
CVE-2019-16565 unknown 4y ago Jenkins Team Concert Plugin cross-site request forgery vulnerability
CVE-2019-16555 unknown 4y ago Inefficient Regular Expression Complexity in Jenkins Build Failure Analyzer Plugin
CVE-2019-16559 unknown 4y ago Jenkins WebSphere Deployer Plugin missing permission check
CVE-2019-16551 unknown 4y ago Cross-Site Request Forgery in Jenkins Gerrit Trigger Plugin
CVE-2019-16553 unknown 4y ago Cross-Site Request Forgery in Jenkins Build Failure Analyzer Plugin
CVE-2019-16550 unknown 4y ago Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin
CVE-2019-16549 unknown 4y ago Jenkins Maven Release Plug-in Plugin XXE vulnerability
CVE-2019-16552 unknown 4y ago Missing permission check in Jenkins Gerrit Trigger Plugin
CVE-2019-19709 unknown 4y ago Possible to circumvent title-blacklist
CVE-2019-19702 unknown 4y ago The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to perform a denial of service…
CVE-2019-19687 unknown 4y ago OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enfor…
CVE-2019-19617 unknown 4y ago phpMyAdmin unsanitized Git information
CVE-2019-19596 unknown 4y ago GitBook allows Cross-site Scripting via a local .md file.
CVE-2019-14910 unknown 4y ago Keycloak Authentication Error
CVE-2019-11255 unknown 4y ago Kubernetes CSI Sidecar Containers Can Allow Unauthorized Data Access
CVE-2019-14909 unknown 4y ago Keycloak Authentication Error
CVE-2019-19206 unknown 4y ago Dolibarr ERP and CRM contain XSS Vulnerability
CVE-2019-14856 unknown 4y ago ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None
CVE-2019-11287 unknown 4y ago Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web manage…
CVE-2019-11291 unknown 4y ago Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, fede…
CVE-2019-10174 unknown 4y ago Use of Externally-Controlled Input to Select Classes or Code in Infinispan
CVE-2019-19013 unknown 4y ago Pagekit File Upload vulnerability
CVE-2019-10206 unknown 4y ago ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contai…
CVE-2019-16547 unknown 4y ago Jenkins Google Compute Engine Plugin Missing Authorization vulnerability
CVE-2019-16540 unknown 4y ago Jenkins Support Core Plugin allowed users with Overall/Read permission to delete arbitrary files
CVE-2019-16545 unknown 4y ago Jenkins QMetry for JIRA Plugin shows plain text password in configuration form
CVE-2019-16544 unknown 4y ago Jenkins QMetry for JIRA Plugin stored credentials in plain text
CVE-2019-16543 unknown 4y ago Plaintext Storage in Jenkins Spira Importer Plugin
CVE-2019-16546 unknown 4y ago Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin
CVE-2019-16548 unknown 4y ago Jenkins Google Compute Engine Plugin Cross-Site Request Forgery vulnerability
CVE-2019-16539 unknown 4y ago Missing permission check in Jenkins Support Core Plugin
CVE-2019-16541 unknown 4y ago Jenkins JIRA Plugin allows users to select and use credentials with System scope
CVE-2019-16538 unknown 4y ago Incorrect Authorization in Jenkins Script Security Plugin
CVE-2019-16542 unknown 4y ago Jenkins Anchore Container Scanner Plugin vulnerable to Insufficiently Protected Credentials
CVE-2019-18986 unknown 4y ago Pimcore Discloses Usernames In Use
CVE-2019-18981 unknown 4y ago Pimcore Access Control Issues
CVE-2019-18982 unknown 4y ago Pimcore Cross-site Scripting (XSS) vulnerability
CVE-2019-18985 unknown 4y ago Pimcore 2FA Vulnerable to Brute Forcing
CVE-2019-8231 unknown 4y ago Magento Remote code execution through catalog attribute sets
CVE-2019-8232 unknown 4y ago Magento 2 Community Edition RCE Vulnerability
CVE-2019-8158 unknown 4y ago Magento 2 Community Edition XML Injection
CVE-2019-8230 unknown 4y ago Magento Remote code execution through support/output path modification
CVE-2019-8156 unknown 4y ago Magento 2 Community Edition SSRF vulnerability
CVE-2019-8159 unknown 4y ago Magento 2 Community Edition RCE Vulnerability
CVE-2019-8227 unknown 4y ago Magento XSS Vulnerability
CVE-2019-8151 unknown 4y ago Magento Server-Side Request Forgery (SSRF)
CVE-2019-8157 unknown 4y ago Magento Cross-Site Scripting via admin panel
CVE-2019-8150 unknown 4y ago Magento 2 Community Edition RCE Vulnerability
CVE-2019-8147 unknown 4y ago Magento 2 Community Edition XSS Vulnerability
CVE-2019-8148 unknown 4y ago Magento 2 Community Edition XSS Vulnerability
CVE-2019-8153 unknown 4y ago Magento Cross-site Scripting (XSS)
CVE-2019-8144 unknown 4y ago Magento 2 Community Edition RCE Vulnerability
CVE-2019-8146 unknown 4y ago Magento 2 Community Edition XSS Vulnerability
CVE-2019-8143 unknown 4y ago Magento Injection vulnerability via email templates
CVE-2019-8152 unknown 4y ago Magento 2 Community Edition XSS Vulnerability
CVE-2019-8139 unknown 4y ago Magento 2 Community Edition XSS Vulnerability