VIR Vulnerability Intelligence Relay

CVEs from 2019

3,162 normalized CVEs published or assigned in this year.

Total
3,162
critical
critical 238
high
high 485
medium
medium 485
low
low 94
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%

Top vendors

Top products

  • u-boot 20
  • crimson 8
  • active_iq_unified_manager 7
  • weblogic_server 5
  • jdk 5
  • oncommand_workflow_automation 5
  • codeready_linux_builder_eus 4
  • oncommand_insight 4

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2019-10152 unknown 4y ago A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arb…
CVE-2019-11202 unknown 4y ago Rancher Recreates Default User With Known Password Despite Deletion in github.com/rancher/rancher
CVE-2019-10141 unknown 4y ago A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache…
CVE-2019-14271 unknown 4y ago In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the conten…
CVE-2019-11200 unknown 4y ago Dolibarr ERP and CRM malicious executable loading
CVE-2019-11201 unknown 4y ago Dolibarr ERP and CRM Code Injection
CVE-2019-1020002 unknown 4y ago Pterodactyl vulnerable to 2FA Sniffing
CVE-2019-14315 unknown 4y ago SunHater KCFinder cross-site scripting (XSS) vulnerability in upload.php
CVE-2019-0202 unknown 4y ago Exposure of Sensitive Information in Apache Storm Logviewer
CVE-2019-13483 unknown 4y ago Auth0 Passport-SharePoint does not validate JWT signature
CVE-2019-14243 unknown 4y ago Panic when handling invalid HAProxy PROXY v2 request in github.com/mastercactapus/proxyprotocol
CVE-2019-13970 unknown 4y ago AntSword RCE and XSS via code injection
CVE-2019-1010241 unknown 4y ago Jenkins Credentials Binding Plugin Stores Passwords in a Recoverable Format
CVE-2019-1010261 unknown 4y ago Gitea XSS Vulnerability in code.gitea.io/gitea
CVE-2019-13915 unknown 4y ago b3log Wide unauthenticated file access in github.com/b3log/wide
CVE-2019-13509 unknown 4y ago In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a…
CVE-2019-1010259 unknown 4y ago SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The my…
CVE-2019-13647 unknown 4y ago Firefly III vulnerable to image-based stored XSS
CVE-2019-13645 unknown 4y ago Firefly III vulnerable to stored XSS
CVE-2019-1010054 unknown 4y ago Dolibarr Cross Site Request Forgery (CSRF)
CVE-2019-13646 unknown 4y ago Firefly III vulnerable to reflected cross-site scripting
CVE-2019-13644 unknown 4y ago Firefly III vulnerable to stored XSS
CVE-2019-1010275 unknown 4y ago Helm Improper Certificate Validation in helm.sh/helm
CVE-2019-1075 unknown 4y ago Open redirect in ASP.NET Core
CVE-2019-1010016 unknown 4y ago Dolibarr Cross Site Scripting (XSS)
CVE-2019-13594 unknown 4y ago Mirumee Saleor CSRF Protection Disabled
CVE-2019-10351 unknown 4y ago Jenkins Caliper CI Plugin stores credentials in plain text
CVE-2019-10348 unknown 4y ago Jenkins Gogs Plugin stored credentials in plain text
CVE-2019-10342 unknown 4y ago Missing permission check in Jenkins Docker Plugin
CVE-2019-10350 unknown 4y ago Jenkins Port Allocator Plugin stores credentials in plain text
CVE-2019-10346 unknown 4y ago Jenkins Embeddable Build Status Plugin contains Cross-site Scripting
CVE-2019-10347 unknown 4y ago Stored credentials unencrypted in Jenkins Mashup Portlets Plugin
CVE-2019-10341 unknown 4y ago Missing permission check in Jenkins Docker Plugin
CVE-2019-10340 unknown 4y ago Jenkins Docker Plugin contains Cross-Site Request Forgery
CVE-2019-1010314 unknown 4y ago Gitea XSS Vulnerability in Repository Description
CVE-2019-12474 unknown 4y ago Wikimedia information leak vulnerability
CVE-2019-12472 unknown 4y ago MediaWiki Incorrect Access Control vulnerability
CVE-2019-12470 unknown 4y ago Wikimedia MediaWik exposed suppressed log in RevisionDelete page
CVE-2019-12469 unknown 4y ago MediaWiki Incorrect Access Control vulnerability
CVE-2019-12473 unknown 4y ago Wikimedia Potential DOS due to slow WatchedItemStore::countVisitingWatchersMultiple
CVE-2019-12466 unknown 4y ago Wikimedia MediaWiki allows CSRF
CVE-2019-12471 unknown 4y ago MediaWiki Cross-site Scripting (XSS)
CVE-2019-12467 unknown 4y ago MediaWiki Incorrect Access Control vulnerability
CVE-2019-12468 unknown 4y ago Wikimedia MediaWiki Incorrect Access Control vulnerability
CVE-2019-11512 unknown 4y ago Contao SQL injection in the file manager
CVE-2019-13127 unknown 4y ago mxGraph vulnerable to cross-site scripting in color field
CVE-2019-12887 unknown 4y ago KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2).
CVE-2019-10154 unknown 4y ago Moodle all messaging conversations could be viewed
CVE-2019-10134 unknown 4y ago Moodle Private files uploaded via incoming mail processing could bypass quota restrictions
CVE-2019-10133 unknown 4y ago Moodle Open Redirect Vulnerability
CVE-2019-12823 unknown 4y ago Craft CMS XSS Vulnerability
CVE-2019-12149 unknown 4y ago silverstripe restfulserver and registry modules SQL injection vulnerability
CVE-2019-10339 unknown 4y ago Jenkins JX Resources Plugin missing permission check
CVE-2019-10336 unknown 4y ago Jenkins ElectricFlow Plugin is vulnerable to reflected cross site scripting vulnerability
CVE-2019-10337 unknown 4y ago Improper Restriction of XML External Entity Reference Jenkins Token Macro Plugin
CVE-2019-10335 unknown 4y ago Jenkins ElectricFlow Plugin is vulnerable to stored cross site scripting vulnerability
CVE-2019-10332 unknown 4y ago Jenkins ElectricFlow Plugin missing permission check
CVE-2019-10338 unknown 4y ago Jenkins JX Resources Plugin cross-site request forgery vulnerability
CVE-2019-10334 unknown 4y ago Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation
CVE-2019-10331 unknown 4y ago Jenkins ElectricFlow Plugin cross-site request forgery vulnerability
CVE-2019-10333 unknown 4y ago Jenkins ElectricFlow Plugin Missing permission checks
CVE-2019-11881 unknown 4y ago Rancher Login Parameter Can Be Edited in github.com/rancher/rancher
CVE-2019-12274 unknown 4y ago Rancher Privilege Escalation Vulnerability in github.com/rancher/rancher
CVE-2019-12303 unknown 4y ago Rancher code injection via fluentd config commands in github.com/rancher/rancher
CVE-2019-11768 unknown 4y ago phpMyAdmin SQL injection in Designer feature
CVE-2019-12728 unknown 4y ago Incorrect Resource Transfer Between Spheres in Grails
CVE-2019-3895 unknown 4y ago An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitr…
CVE-2019-10047 unknown 4y ago PyDio Stored XSS Vulnerability
CVE-2019-12496 unknown 4y ago Improper certificate validation in github.com/hybridgroup/gobot
CVE-2019-12452 unknown 4y ago Containous Traefik Exposes Password Hashes in github.com/traefik/traefik
CVE-2019-11876 unknown 4y ago PrestaShop Cross-site Scripting vulnerability
CVE-2019-12277 unknown 4y ago Blogifier does not properly restrict APIs
CVE-2019-11841 unknown 4y ago A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 488…
CVE-2019-10320 unknown 4y ago Insertion of Sensitive Information into Externally-Accessible File or Directory in Jenkins Credentials Plugin
CVE-2019-0982 unknown 4y ago Denial of service in ASP.NET Core
CVE-2019-12139 unknown 4y ago ezplatform-admin-ui Cross-site Scripting (XSS) vulnerability
CVE-2019-0226 unknown 4y ago Apache Karaf vulnerable to relative path traversal
CVE-2019-11830 unknown 4y ago PharStreamWrapper for Typo3 unsafe deserialization vulnerability
CVE-2019-11842 unknown 4y ago An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token…
CVE-2019-11819 unknown 4y ago Alkacon OpenCMS CSV Injection via New User module
CVE-2019-10249 unknown 4y ago Potentially compromised builds
CVE-2019-11767 unknown 4y ago phpBB Server side request forgery (SSRF)
CVE-2019-9826 unknown 4y ago phpBB Denial of Service
CVE-2019-10318 unknown 4y ago Jenkins Azure AD Plugin stored the client secret unencrypted
CVE-2019-10315 unknown 4y ago Jenkins GitHub Authentication Plugin Cross-Site Request Forgery vulnerability
CVE-2019-10313 unknown 4y ago Jenkins Twitter Plugin stores credentials in plain text
CVE-2019-10310 unknown 4y ago Jenkins Ansible Tower Plugin cross-site request forgery vulnerability
CVE-2019-10314 unknown 4y ago Jenkins Koji Plugin globally and unconditionally disables SSL/TLS certificate validation
CVE-2019-10312 unknown 4y ago Missing permission check in Jenkins Ansible Tower Plugin
CVE-2019-10316 unknown 4y ago Jenkins Aqua MicroScanner Plugin stored credentials in plain text
CVE-2019-10308 unknown 4y ago Missing permission check in Jenkins Static Analysis Utilities Plugin
CVE-2019-10311 unknown 4y ago Jenkins Ansible Tower Plugin missing permission check
CVE-2019-10317 unknown 4y ago Jenkins SiteMonitor Plugin globally and unconditionally disables SSL/TLS certificate validation
CVE-2019-10309 unknown 4y ago Jenkins Self-Organizing Swarm Plug-in Modules Plugin XXE vulnerability via UDP broadcast response
CVE-2019-10307 unknown 4y ago Jenkins Static Analysis Utilities Plugin is vulnerable to Cross-site request forgery vulnerability
CVE-2019-11576 unknown 4y ago Gitea Allows 1FA Even for 2FA-Enrolled Accounts
CVE-2019-9901 unknown 4y ago EnvoyProxy Envoy Missing HTTP URL path normalization
CVE-2019-11514 unknown 4y ago Flarum mishandles invalidation of user email tokens
CVE-2019-10248 unknown 4y ago Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS
CVE-2019-11401 unknown 4y ago SiteServer CMS RCE via unsafe file upload