CVEs from 2019
Total
3,162
critical
critical 238
high
high 485
medium
medium 485
low
low 94
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-8139 | unknown | — | — | 4y ago | Magento 2 Community Edition XSS Vulnerability | |||
| CVE-2019-8142 | unknown | — | — | 4y ago | Magento 2 Community Edition XSS Vulnerability | |||
| CVE-2019-8134 | unknown | — | — | 4y ago | Magento SQL injection via marketing account with access to email templates variables | |||
| CVE-2019-8137 | unknown | — | — | 4y ago | Magento 2 Community Edition RCE Vulnerability | |||
| CVE-2019-8138 | unknown | — | — | 4y ago | Magento 2 Community Edition XSS Vulnerability | |||
| CVE-2019-8141 | unknown | — | — | 4y ago | Magento 2 Community Edition RCE Vulnerability | |||
| CVE-2019-8131 | unknown | — | — | 4y ago | Magento 2 Community Edition XSS Vulnerability | |||
| CVE-2019-8132 | unknown | — | — | 4y ago | Magento 2 Community Edition XSS Vulnerability | |||
| CVE-2019-8136 | unknown | — | — | 4y ago | Magento 2 Community Edition Insecure Component | |||
| CVE-2019-8129 | unknown | — | — | 4y ago | Magento Cross-Site Scripting via Signifyd Guarantee Option Translation Override | |||
| CVE-2019-8122 | unknown | — | — | 4y ago | Magento 2 Community Edition RCE Vulnerability | |||
| CVE-2019-8130 | unknown | — | — | 4y ago | Magento SQL injection vulnerability | |||
| CVE-2019-8128 | unknown | — | — | 4y ago | Magento Cross-Site Scripting via store name | |||
| CVE-2019-8123 | unknown | — | — | 4y ago | Magento 2 Community Edition Insufficient Logging | |||
| CVE-2019-8120 | unknown | — | — | 4y ago | Magento 2 Community Edition XSS Vulnerability | |||
| CVE-2019-8117 | unknown | — | — | 4y ago | Magento 2 Community Edition XSS Vulnerability | |||
| CVE-2019-8118 | unknown | — | — | 4y ago | Magento 2 Community Edition Weak Cryptography | |||
| CVE-2019-8124 | unknown | — | — | 4y ago | Magento 2 Community Edition Insufficient Logging | |||
| CVE-2019-8115 | unknown | — | — | 4y ago | Magento 2 Community Edition XSS Vulnerability | |||
| CVE-2019-8119 | unknown | — | — | 4y ago | Magento 2 Community Edition RCE Vulnerability | |||
| CVE-2019-8127 | unknown | — | — | 4y ago | Magento 2 Community Edition SQLi Vulnerability | |||
| CVE-2019-8092 | unknown | — | — | 4y ago | Magento 2 Community Edition XSS Vulnerability | |||
| CVE-2019-8111 | unknown | — | — | 4y ago | Magento 2 Community Edition RCE Vulnerability | |||
| CVE-2019-8114 | unknown | — | — | 4y ago | Magento 2 Community Edition RCE Vulnerability | |||
| CVE-2019-8093 | unknown | — | — | 4y ago | Magento Information Disclosure via File upload functionality | |||
| CVE-2019-8113 | unknown | — | — | 4y ago | Magento 2 Community Weak PRNG | |||
| CVE-2019-8112 | unknown | — | — | 4y ago | Magento 2 Community Edition Security Bypass | |||
| CVE-2019-8108 | unknown | — | — | 4y ago | Magento Broken authentication and session managememt | |||
| CVE-2019-8110 | unknown | — | — | 4y ago | Magento 2 Community Edition RCE Vulnerability | |||
| CVE-2019-8109 | unknown | — | — | 4y ago | Magento 2 Community Edition RCE Vulnerability via CSRF | |||
| CVE-2019-8107 | unknown | — | — | 4y ago | Magento 2 Community Edition Arbitrary File Deletion | |||
| CVE-2019-8090 | unknown | — | — | 4y ago | Magento 2 Community Edition Arbitrary File Deletion | |||
| CVE-2019-18656 | unknown | — | — | 4y ago | Pimcore XSS Vulnerability | |||
| CVE-2019-7619 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | |||
| CVE-2019-18608 | unknown | — | — | 4y ago | Cezerin Unauthorized Acces | |||
| CVE-2019-0205 | unknown | — | — | 4y ago | Loop with Unreachable Exit Condition in Apache Thrift | |||
| CVE-2019-18393 | unknown | — | — | 4y ago | Ignite Realtime Openfire directory traversal vulnerability | |||
| CVE-2019-18394 | unknown | — | — | 4y ago | Ignite Realtime Openfire vulnerable to Server Side Request Forgery | |||
| CVE-2019-15929 | unknown | — | — | 4y ago | Craft CMS possibility of brute force attempts | |||
| CVE-2019-12415 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in Apache POI | |||
| CVE-2019-17606 | unknown | — | — | 4y ago | hexo-admin plugin for Node.js XSS Vulnerability | |||
| CVE-2019-10476 | unknown | — | — | 4y ago | Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials | |||
| CVE-2019-10474 | unknown | — | — | 4y ago | Jenkins Global Post Script Plugin missing permission check | |||
| CVE-2019-10472 | unknown | — | — | 4y ago | Jenkins Libvirt Slaves Plugin vlnerable to Incorrect Default Permissions | |||
| CVE-2019-10461 | unknown | — | — | 4y ago | Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials | |||
| CVE-2019-10467 | unknown | — | — | 4y ago | Jenkins Sonar Gerrit Plugin stores credentials unencrypted | |||
| CVE-2019-10468 | unknown | — | — | 4y ago | Jenkins Kubernetes CI/CD Plugin vulnerable to Cross-Site Request Forgery | |||
| CVE-2019-10471 | unknown | — | — | 4y ago | Jenkins Libvirt Slaves Plugin vlnerable to Cross-Site Request Forgery | |||
| CVE-2019-10473 | unknown | — | — | 4y ago | Jenkins Libvirt Slaves Plugin vlnerable to Credential Enumeration | |||
| CVE-2019-10460 | unknown | — | — | 4y ago | Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials | |||
| CVE-2019-10462 | unknown | — | — | 4y ago | Jenkins Dynatrace Plugin vulnerable to Cross-Site Request Forgery | |||
| CVE-2019-10465 | unknown | — | — | 4y ago | Jenkins Deploy WebLogic Plugin missing permission check | |||
| CVE-2019-10470 | unknown | — | — | 4y ago | Jenkins Kubernetes CI/CD Plugin vulnerable to Credential Enumeration | |||
| CVE-2019-10463 | unknown | — | — | 4y ago | Jenkins Dynatrace Plugin contains Incorrect Default Permissions | |||
| CVE-2019-10464 | unknown | — | — | 4y ago | Jenkins Deploy WebLogic Plugin cross-site request forgery vulnerability | |||
| CVE-2019-10459 | unknown | — | — | 4y ago | Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token | |||
| CVE-2019-10469 | unknown | — | — | 4y ago | Jenkins Kubernetes CI/CD Plugin vulnerable to Improper Authorization | |||
| CVE-2019-10466 | unknown | — | — | 4y ago | Jenkins 360 FireLine Plugin vulnerable to XML External Entity Reference | |||
| CVE-2019-16530 | unknown | — | — | 4y ago | Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager | |||
| CVE-2019-17578 | unknown | — | — | 4y ago | Dolibarr Cross-site Scripting vulnerability | |||
| CVE-2019-17576 | unknown | — | — | 4y ago | Dolibarr Cross-site Scripting via outgoing email setup feature | |||
| CVE-2019-17577 | unknown | — | — | 4y ago | Dolibarr Cross-site Scripting via outgoing email setup feature | |||
| CVE-2019-17625 | unknown | — | — | 4y ago | Rambox RCE Vulnerability | |||
| CVE-2019-16700 | unknown | — | — | 4y ago | slub_events for Typo3 Arbitrary File Upload | |||
| CVE-2019-16699 | unknown | — | — | 4y ago | sr_freecap for Typo3 RCE Vulnerability | |||
| CVE-2019-17223 | unknown | — | — | 4y ago | Dolibarr ERP and CRM HTML Injection | |||
| CVE-2019-16698 | unknown | — | — | 4y ago | direct_mail for Typo3 sensitive data exposure | |||
| CVE-2019-16682 | unknown | — | — | 4y ago | url_redirect for Typo3 SQLi Vulnerability | |||
| CVE-2019-13116 | unknown | — | — | 4y ago | Mulesoft Mule Unsafe Deserialization | |||
| CVE-2019-10458 | unknown | — | — | 4y ago | Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin | |||
| CVE-2019-10453 | unknown | — | — | 4y ago | Jenkins Delphix Plugin vulnerable to Cleartext credential storage | |||
| CVE-2019-10452 | unknown | — | — | 4y ago | Jenkins View26 Test-Reporting Plugin stores access token in plain text | |||
| CVE-2019-10451 | unknown | — | — | 4y ago | Jenkins SOASTA CloudTest Plugin stores API token in plain text | |||
| CVE-2019-10457 | unknown | — | — | 4y ago | Missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin | |||
| CVE-2019-10455 | unknown | — | — | 4y ago | Missing permission check in Jenkins Rundeck Plugin | |||
| CVE-2019-10449 | unknown | — | — | 4y ago | Jenkins Fortify on Demand Plugin stores credentials in plain text | |||
| CVE-2019-10450 | unknown | — | — | 4y ago | Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin | |||
| CVE-2019-10456 | unknown | — | — | 4y ago | Jenkins Oracle Cloud Infrastructure Compute Classic Plugin cross-site request forgery vulnerability | |||
| CVE-2019-10454 | unknown | — | — | 4y ago | Jenkins Rundeck Plugin CSRF vulnerability | |||
| CVE-2019-10440 | unknown | — | — | 4y ago | Jenkins NeoLoad Plugin stores credentials in cleartext | |||
| CVE-2019-10439 | unknown | — | — | 4y ago | Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization | |||
| CVE-2019-10443 | unknown | — | — | 4y ago | Jenkins iceScrum Plugin stores credentials in Cleartext | |||
| CVE-2019-10448 | unknown | — | — | 4y ago | Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin | |||
| CVE-2019-10447 | unknown | — | — | 4y ago | Jenkins Sofy.AI Plugin stores API token in plain text | |||
| CVE-2019-10441 | unknown | — | — | 4y ago | Jenkins iceScrum Plugin vulnerable to Cross-site Request Forgery | |||
| CVE-2019-10444 | unknown | — | — | 4y ago | Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation | |||
| CVE-2019-10436 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins Google OAuth Credentials Plugin | |||
| CVE-2019-10445 | unknown | — | — | 4y ago | Missing permission checks in Google Kubernetes Engine Jenkins Plugin | |||
| CVE-2019-10442 | unknown | — | — | 4y ago | Jenkins iceScrum Plugin vulnerable to Missing Authorization | |||
| CVE-2019-10446 | unknown | — | — | 4y ago | Jenkins Cadence vManager Plugin disables SSL/TLS and hostname verification | |||
| CVE-2019-10438 | unknown | — | — | 4y ago | Jenkins CRX Content Package Deployer Plugin subject to Missing Authorization | |||
| CVE-2019-10437 | unknown | — | — | 4y ago | Jenkins CRX Content Package Deployer Plugin subject to Cross-Site Request Forgery | |||
| CVE-2019-14832 | unknown | — | — | 4y ago | Keycloak Unauthenticated Access | |||
| CVE-2019-14838 | unknown | — | — | 4y ago | Wildfly Authorization Misconfiguration | |||
| CVE-2019-14858 | unknown | — | — | 4y ago | A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name t… | |||
| CVE-2019-17496 | unknown | — | — | 4y ago | Craft CMS XSS Vulnerability | |||
| CVE-2019-17433 | unknown | — | — | 4y ago | z-song laravel-admin XSS via the Slug or Name on the Roles screen | |||
| CVE-2019-17109 | unknown | — | — | 4y ago | Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation. | |||
| CVE-2019-17134 | unknown | — | — | 4y ago | OpenStack Octavia Amphora-Agent not requiring Client-Certificate | |||
| CVE-2019-17104 | unknown | — | — | 4y ago | Centreon Does Not Set HTTPOnly Flag |