CVEs from 2019
Total
3,162
critical
critical 238
high
high 485
medium
medium 485
low
low 94
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-17106 | unknown | — | — | 4y ago | Centreon Sensitive Data Exposure | |||
| CVE-2019-14846 | unknown | — | — | 4y ago | In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin… | |||
| CVE-2019-17205 | unknown | — | — | 4y ago | TeamPass Stored Cross-site Scripting | |||
| CVE-2019-17204 | unknown | — | — | 4y ago | TeamPass Stored Cross-site Scripting | |||
| CVE-2019-17203 | unknown | — | — | 4y ago | TeamPass Stored Cross-site Scripting | |||
| CVE-2019-16891 | unknown | — | — | 4y ago | Liferay Portal Allows RCE via Deserialization of a JSON Payload | |||
| CVE-2019-13628 | unknown | — | — | 4y ago | wolfCrypt leaks cryptographic information via timing side channel | |||
| CVE-2019-17091 | unknown | — | — | 4y ago | Cross-site Scripting in Eclipse Mojarra | |||
| CVE-2019-16760 | unknown | — | — | 4y ago | Cargo prior to Rust 1.26.0 may download the wrong dependency | |||
| CVE-2019-10434 | unknown | — | — | 4y ago | Jenkins LDAP Email Plugin shows plain text password in configuration form | |||
| CVE-2019-10431 | unknown | — | — | 4y ago | Improper Control of Generation of Code in Jenkins Script Security Plugin | |||
| CVE-2019-10432 | unknown | — | — | 4y ago | Jenkins HTML Publisher Plugin vulnerable to Cross-site Scripting | |||
| CVE-2019-10202 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl | |||
| CVE-2019-10435 | unknown | — | — | 4y ago | Jenkins SourceGear Vault plugin transmits credentials in plain text | |||
| CVE-2019-10433 | unknown | — | — | 4y ago | DingTalk Plugin stores credentials in plain text | |||
| CVE-2019-0231 | unknown | — | — | 4y ago | Cleartext Transmission of Sensitive Information in Apache MINA | |||
| CVE-2019-16993 | unknown | — | — | 4y ago | phpBB Cross-Site Request Forgery (CSRF) | |||
| CVE-2019-16688 | unknown | — | — | 4y ago | Dolibarr stored Cross-site Scripting in an Email Template section | |||
| CVE-2019-16686 | unknown | — | — | 4y ago | Dolibarr Cross-site Scripting in a User Note section | |||
| CVE-2019-16687 | unknown | — | — | 4y ago | Dolibarr Cross-site Scripting in a User Profile in a Signature section | |||
| CVE-2019-16685 | unknown | — | — | 4y ago | Dolibarr stored Cross-site Scripting vulnerability | |||
| CVE-2019-13376 | unknown | — | — | 4y ago | phpBB Cross-Site Request Forgery (CSRF) | |||
| CVE-2019-16738 | unknown | — | — | 4y ago | MediaWiki information disclosure | |||
| CVE-2019-14272 | unknown | — | — | 4y ago | SilverStripe asset-admin Cross-site Scripting (XSS) | |||
| CVE-2019-12205 | unknown | — | — | 4y ago | Silverstripe Flash Clipboard Reflected XSS | |||
| CVE-2019-10425 | unknown | — | — | 4y ago | Jenkins Google Calendar Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-10424 | unknown | — | — | 4y ago | Jenkins elOyente Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-10416 | unknown | — | — | 4y ago | Violation Comments to GitLab Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-10422 | unknown | — | — | 4y ago | Jenkins Call Remote Job Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-10414 | unknown | — | — | 4y ago | Jenkins Git Changelog Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-10417 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin | |||
| CVE-2019-10423 | unknown | — | — | 4y ago | Jenkins CodeScan Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-10421 | unknown | — | — | 4y ago | Jenkins Azure Event Grid Build Notifier Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-10419 | unknown | — | — | 4y ago | Jenkins vFabric Application Director Plugin Insufficiently Protected Credentials | |||
| CVE-2019-10418 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin | |||
| CVE-2019-10415 | unknown | — | — | 4y ago | Jenkins Violation Comments to GitLab Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-10420 | unknown | — | — | 4y ago | Jenkins Assembla Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-10408 | unknown | — | — | 4y ago | Jenkins Project Inheritance Plugin vulnerable to Cross-Site Request Forgery | |||
| CVE-2019-10409 | unknown | — | — | 4y ago | Missing permission check in Jenkins Project Inheritance Plugin | |||
| CVE-2019-10412 | unknown | — | — | 4y ago | Jenkins Inedo ProGet Plugin Plugin has Cleartext Transmission of Sensitive Information | |||
| CVE-2019-10411 | unknown | — | — | 4y ago | Jenkins Inedo BuildMaster Plugin showed plain text password in configuration form | |||
| CVE-2019-10413 | unknown | — | — | 4y ago | Jenkins Data Theorem Mobile Security: CI/CD Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-10410 | unknown | — | — | 4y ago | Jenkins Log Parser Plugin vulnerable to Cross-site Scripting | |||
| CVE-2019-16725 | unknown | — | — | 4y ago | Joomla! XSS in Default Templates | |||
| CVE-2019-10754 | unknown | — | — | 4y ago | Use of Insufficiently Random Values in Apereo CAS | |||
| CVE-2019-12407 | unknown | — | — | 4y ago | Cross-site Scripting in Apache JSPWiki | |||
| CVE-2019-16669 | unknown | — | — | 4y ago | Pagekit User enumeration | |||
| CVE-2019-16370 | unknown | — | — | 4y ago | Use of a weak cryptographic algorithm in Gradle | |||
| CVE-2019-16317 | unknown | — | — | 4y ago | Pimcore RCE via PHAR upload | |||
| CVE-2019-16318 | unknown | — | — | 4y ago | Pimcore Unrestricted Upload of File with Dangerous Type | |||
| CVE-2019-10398 | unknown | — | — | 4y ago | Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials | |||
| CVE-2019-10397 | unknown | — | — | 4y ago | Jenkins Aqua Security Serverless Scanner Plugin showed plain text password in job configuration form fields | |||
| CVE-2019-10400 | unknown | — | — | 4y ago | Sandbox bypass vulnerability in Jenkins Script Security Plugin | |||
| CVE-2019-10396 | unknown | — | — | 4y ago | Jenkins Dashboard View Plugin vulnerable to Cross-site Scripting | |||
| CVE-2019-10394 | unknown | — | — | 4y ago | Sandbox bypass vulnerability in Jenkins Script Security Plugin | |||
| CVE-2019-10395 | unknown | — | — | 4y ago | Jenkins Build Environment Plugin vulnerable to Cross-site Scripting | |||
| CVE-2019-10399 | unknown | — | — | 4y ago | Sandbox bypass vulnerability in Jenkins Script Security Plugin | |||
| CVE-2019-10392 | unknown | — | — | 4y ago | Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin | |||
| CVE-2019-10393 | unknown | — | — | 4y ago | Sandbox bypass vulnerability in Script Security Plugin | |||
| CVE-2019-16228 | unknown | — | — | 4y ago | An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. NOTE: this outcome occurs … | |||
| CVE-2019-16226 | unknown | — | — | 4y ago | An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. NOTE: this outcome occurs when acces… | |||
| CVE-2019-16224 | unknown | — | — | 4y ago | An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs w… | |||
| CVE-2019-16225 | unknown | — | — | 4y ago | An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. NOTE: this outcome occurs w… | |||
| CVE-2019-16146 | unknown | — | — | 4y ago | Gophish XSS Vulnerability in github.com/gophish/gophish | |||
| CVE-2019-16147 | unknown | — | — | 4y ago | Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via a Journal Article Title | |||
| CVE-2019-10665 | unknown | — | — | 4y ago | LibreNMS Information Disclosure | |||
| CVE-2019-15952 | unknown | — | — | 4y ago | Total.js CMS Path Traversal | |||
| CVE-2019-15953 | unknown | — | — | 4y ago | Total.js CMS Unauthorized Access | |||
| CVE-2019-15630 | unknown | — | — | 4y ago | Mule modules contain Directory Traversal | |||
| CVE-2019-11247 | unknown | — | — | 4y ago | The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this … | |||
| CVE-2019-11250 | unknown | — | — | 4y ago | The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such a… | |||
| CVE-2019-15753 | unknown | — | — | 4y ago | OpenStack os-vif Ageing time of 0 disables linuxbridge MAC learning | |||
| CVE-2019-10391 | unknown | — | — | 4y ago | Jenkins IBM AppScan Plugin showed plain text password in job configuration form fields | |||
| CVE-2019-10390 | unknown | — | — | 4y ago | Jenkins Splunk Plugin Sandbox Bypass | |||
| CVE-2019-15570 | unknown | — | — | 4y ago | BEdita vulnerable to SQL injection | |||
| CVE-2019-15563 | unknown | — | — | 4y ago | OHDSI WebAPI vulnerable to SQL Injection | |||
| CVE-2019-15521 | unknown | — | — | 4y ago | Spoon Library as used in Fork CMS allows PHP object injection | |||
| CVE-2019-15481 | unknown | — | — | 4y ago | Kimai v2 is vulnerable to Cross-Site Scripting (XSS) | |||
| CVE-2019-15483 | unknown | — | — | 4y ago | Bolt Cross-site Scripting (XSS) via a title that is mishandled in the system log | |||
| CVE-2019-7617 | unknown | — | — | 4y ago | When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an atta… | |||
| CVE-2019-15074 | unknown | — | — | 4y ago | MantisBT allows cross-site scripting (XSS) via crafted filename | |||
| CVE-2019-15119 | unknown | — | — | 4y ago | cnlh nps vulnerable to file overwrite by local user in github.com/cnlh/nps | |||
| CVE-2019-15062 | unknown | — | — | 4y ago | Dolibarr Cross-Site Request Forgery (CSRF) | |||
| CVE-2019-14993 | unknown | — | — | 4y ago | Istio ReDoS Vulnerability | |||
| CVE-2019-12618 | unknown | — | — | 4y ago | Hashicorp Nomad Access Control Issues in github.com/hashicorp/nomad | |||
| CVE-2019-14933 | unknown | — | — | 4y ago | Bagisto CSRF Vulnerability | |||
| CVE-2019-14939 | unknown | — | — | 4y ago | An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default. | |||
| CVE-2019-14433 | unknown | — | — | 4y ago | An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external excepti… | |||
| CVE-2019-10388 | unknown | — | — | 4y ago | Relution Enterprise Appstore Publisher Jenkins Plugin contains Cross-Site Request Forgery | |||
| CVE-2019-10385 | unknown | — | — | 4y ago | Jenkins eggplant-plugin Plugin stores credentials in plain text | |||
| CVE-2019-10373 | unknown | — | — | 4y ago | Jenkins Build Pipeline Plugin vulnerable to Cross-site Scripting | |||
| CVE-2019-10389 | unknown | — | — | 4y ago | Missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin | |||
| CVE-2019-10386 | unknown | — | — | 4y ago | Cross-site request forgery vulnerability in Jenkins XL TestView Plugin | |||
| CVE-2019-10387 | unknown | — | — | 4y ago | Missing permission check in Jenkins XL TestView Plugin | |||
| CVE-2019-10379 | unknown | — | — | 4y ago | Jenkins Google Cloud Messaging Notification Plugin stores credentials in plain text | |||
| CVE-2019-10382 | unknown | — | — | 4y ago | Jenkins VMware Lab Manager Slaves Plugin vulnerable to Improper Certificate Validation | |||
| CVE-2019-10378 | unknown | — | — | 4y ago | Jenkins TestLink Plugin stores credentials in plain text | |||
| CVE-2019-10380 | unknown | — | — | 4y ago | Jenkins Simple Travis Pipeline Runner Plugin script sandbox bypass vulnerability | |||
| CVE-2019-10376 | unknown | — | — | 4y ago | Jenkins Wall Display Plugin Cross-site Scripting vulnerability | |||
| CVE-2019-10370 | unknown | — | — | 4y ago | Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin |