CVEs from 2019
Total
3,162
critical
critical 238
high
high 484
medium
medium 485
low
low 95
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-11401 | unknown | — | — | 4y ago | SiteServer CMS RCE via unsafe file upload | |||
| CVE-2019-11243 | unknown | — | — | 4y ago | In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certifi… | |||
| CVE-2019-11340 | unknown | — | — | 4y ago | Matrix Sydent mishandles emails | |||
| CVE-2019-10306 | unknown | — | — | 4y ago | Sandbox bypass in ontrack Jenkins Plugin | |||
| CVE-2019-10300 | unknown | — | — | 4y ago | Jenkins GitLab Plugin Cross-Site Request Forgery vulnerability | |||
| CVE-2019-10301 | unknown | — | — | 4y ago | Jenkins GitLab Plugin missing permission checks | |||
| CVE-2019-10305 | unknown | — | — | 4y ago | Missing permission check in Jenkins XebiaLabs XL Deploy Plugin | |||
| CVE-2019-10302 | unknown | — | — | 4y ago | Jenkins jira-ext Plugin stores credentials unencrypted | |||
| CVE-2019-10304 | unknown | — | — | 4y ago | Jenkins XebiaLabs XL Deploy Plugin vulnerable to Cross-site request forgery (CSRF) | |||
| CVE-2019-10303 | unknown | — | — | 4y ago | Jenkins Azure PublisherSettings Credentials Plugin stored credentials in plain text | |||
| CVE-2019-16751 | unknown | — | — | 4y ago | Devise Token Auth vulnerable to Cross-site Scripting | |||
| CVE-2019-17268 | unknown | — | — | 4y ago | omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party | |||
| CVE-2019-12410 | unknown | — | — | 4y ago | While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data… | |||
| CVE-2019-7615 | unknown | — | — | 4y ago | Elastic APM agent for Ruby vulnerable to Improper Certificate Validation | |||
| CVE-2019-12408 | unknown | — | — | 4y ago | It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null v… | |||
| CVE-2019-14825 | unknown | — | — | 4y ago | Katello cleartext password storage issue | |||
| CVE-2019-25061 | unknown | — | — | 4y ago | Insecure PRNG use in random_password_generator | |||
| CVE-2019-0564 | unknown | — | — | 4y ago | Denial of service in ASP.NET Core | |||
| CVE-2019-0545 | unknown | — | — | 4y ago | Exposure of Sensitive Information in System.Net.Http | |||
| CVE-2019-5312 | unknown | — | — | 4y ago | XML External Entity Reference in weixin-java-tools | |||
| CVE-2019-6798 | unknown | — | — | 4y ago | An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature. | |||
| CVE-2019-7169 | unknown | — | — | 4y ago | Croogo vulnerable to XSS in title field | |||
| CVE-2019-7173 | unknown | — | — | 4y ago | Croogo vulnerable to Cross-site Scripting in title field | |||
| CVE-2019-7171 | unknown | — | — | 4y ago | Croogo vulnerable to XSS in title field | |||
| CVE-2019-7170 | unknown | — | — | 4y ago | Croogo vulnerable to XSS in title field | |||
| CVE-2019-7168 | unknown | — | — | 4y ago | Croogo vulnerable to XSS in Blog field | |||
| CVE-2019-7313 | unknown | — | — | 4y ago | www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain. | |||
| CVE-2019-7560 | unknown | — | — | 4y ago | In parser/btorsmt2.c in Boolector 3.0.0, opening a specially crafted input file leads to a use after free in get_failed_assumptions or btor_delete. | |||
| CVE-2019-1000008 | unknown | — | — | 4y ago | Helm Path Traversal in helm.sh/helm | |||
| CVE-2019-1000005 | unknown | — | — | 4y ago | mPDF Unsafe Deserialization | |||
| CVE-2019-8400 | unknown | — | — | 4y ago | Hydra has Reflected XSS via error_hint parameter in github.com/ory/hydra | |||
| CVE-2019-7722 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in PMD | |||
| CVE-2019-9081 | unknown | — | — | 4y ago | Laravel Framework Deserialization Vulnerability | |||
| CVE-2019-0657 | unknown | — | — | 4y ago | Improper Input Validation in .Net Framework API's | |||
| CVE-2019-6970 | unknown | — | — | 4y ago | Moodle SSRF Vulnerability | |||
| CVE-2019-7537 | unknown | — | — | 4y ago | An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution. | |||
| CVE-2019-10118 | unknown | — | — | 4y ago | Snipe-IT XSS Vulnerability | |||
| CVE-2019-11016 | unknown | — | — | 4y ago | Elgg open redirect | |||
| CVE-2019-5715 | unknown | — | — | 4y ago | Silverstripe Framework SQLi Vulnerability | |||
| CVE-2019-9644 | unknown | — | — | 4y ago | An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Acces… | |||
| CVE-2019-10642 | unknown | — | — | 4y ago | Contao CSRF Token Bypass | |||
| CVE-2019-10641 | unknown | — | — | 4y ago | Contao Does Not Invalidate Existing Sessions When Password Changes | |||
| CVE-2019-1003010 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Git Plugin | |||
| CVE-2019-1003012 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Blue Ocean Plugin | |||
| CVE-2019-1003009 | unknown | — | — | 4y ago | Jenkins Active Directory Plugin Improper certificate validation with StartTLS | |||
| CVE-2019-1003014 | unknown | — | — | 4y ago | Jenkins Config File Provider Plugin XSS vulnerability | |||
| CVE-2019-1003018 | unknown | — | — | 4y ago | GitHub Authentication Plugin showed plain text client secret in configuration form | |||
| CVE-2019-1003013 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Blue Ocean Plugin | |||
| CVE-2019-1003008 | unknown | — | — | 4y ago | Jenkins Warnings Next Generation Plugin cross-site request forgery vulnerability | |||
| CVE-2019-1003015 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Job Import Plugin | |||
| CVE-2019-1003007 | unknown | — | — | 4y ago | Sandbox Bypass via CSRF in Jenkins Warnings Plugin | |||
| CVE-2019-1003020 | unknown | — | — | 4y ago | Jenkins Kanboard Plugin vulnerable to Server-side request forgery (SSRF) | |||
| CVE-2019-1003026 | unknown | — | — | 4y ago | Jenkins Mattermost Notification Plugin vulnerable to SSRF | |||
| CVE-2019-1003017 | unknown | — | — | 4y ago | Jenkins Job Import Plugin CSRF vulnerability | |||
| CVE-2019-1003023 | unknown | — | — | 4y ago | XSS vulnerability in Jenkins Warnings Next Generation Plugin | |||
| CVE-2019-1003016 | unknown | — | — | 4y ago | Jenkins Job Import Plugin vulnerable to exposure of sensitive information | |||
| CVE-2019-1003027 | unknown | — | — | 4y ago | SSRF vulnerability due to missing permission check in Jenkins OctopusDeploy Plugin | |||
| CVE-2019-1003019 | unknown | — | — | 4y ago | GitHub Authentication Plugin session fixation vulnerability | |||
| CVE-2019-1003022 | unknown | — | — | 4y ago | Jenkins Monitoring Plugin vulnerable to Denial of service vulnerability | |||
| CVE-2019-1003021 | unknown | — | — | 4y ago | Jenkins OpenId Connect Authentication Plugin showed plain text client secret in configuration form | |||
| CVE-2019-10278 | unknown | — | — | 4y ago | CSRF vulnerability in jenkins-reviewbot Plugin | |||
| CVE-2019-1003028 | unknown | — | — | 4y ago | SSRF vulnerability due to missing permission check in Jenkins JMS Messaging Plugin | |||
| CVE-2019-10292 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Nomad Plugin allow SSRF | |||
| CVE-2019-10289 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Netsparker Enterprise Scan Plugin | |||
| CVE-2019-3850 | unknown | — | — | 4y ago | Moodle Stored HTML in assignment submission comments allowed links to be opened directly | |||
| CVE-2019-3809 | unknown | — | — | 4y ago | Moodle Blind SSRF Risk in /badges/mybackpack.php | |||
| CVE-2019-1003080 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins OpenShift Deployer Plugin | |||
| CVE-2019-1003078 | unknown | — | — | 4y ago | Jenkins VMware Lab Manager Slaves Plugin vulnerable CSRF vulnerability | |||
| CVE-2019-1003046 | unknown | — | — | 4y ago | Jenkins Fortify on Demand Uploader Plugin CSRF vulnerability | |||
| CVE-2019-1003044 | unknown | — | — | 4y ago | Jenkins Slack Notification Plugin CSRF vulnerability and missing permission checks | |||
| CVE-2019-1003042 | unknown | — | — | 4y ago | Jenkins Lockable Resources Plugin XSS vulnerability | |||
| CVE-2019-1003076 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Audit to Database Plugin | |||
| CVE-2019-1003058 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins FTP publisher Plugin | |||
| CVE-2019-1003086 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins sinatra-chef-builder Plugin | |||
| CVE-2019-1003084 | unknown | — | — | 4y ago | CSRF vulnerability in Zephyr Enterprise Test Management Plugin | |||
| CVE-2019-1003082 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Gearman Plugin | |||
| CVE-2019-1003090 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins SOASTA CloudTest Plugin | |||
| CVE-2019-1003098 | unknown | — | — | 4y ago | Jenkins OpenID Plugin CSRF vulnerability | |||
| CVE-2019-1003092 | unknown | — | — | 4y ago | Cross-site request forgery vulnerability in Jenkins Nomad Plugin | |||
| CVE-2019-1003099 | unknown | — | — | 4y ago | Jenkins openid Plugin missing permission check | |||
| CVE-2019-1003087 | unknown | — | — | 4y ago | Missing permission check in Jenkins sinatra-chef-builder Plugin | |||
| CVE-2019-1003097 | unknown | — | — | 4y ago | Jenkins Crowd Integration Plugin stores credentials in plain text | |||
| CVE-2019-1003085 | unknown | — | — | 4y ago | Jenkins Zephyr Enterprise Test Management Plugin missing permission check | |||
| CVE-2019-1003079 | unknown | — | — | 4y ago | Missing permission check in Jenkins VMware Lab Manager Slaves Plugin | |||
| CVE-2019-1003093 | unknown | — | — | 4y ago | Jenkins Nomad Plugin missing permission check | |||
| CVE-2019-1003081 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins OpenShift Deployer Plugin | |||
| CVE-2019-1003083 | unknown | — | — | 4y ago | Missing permission check in Jenkins Gearman Plugin | |||
| CVE-2019-1003091 | unknown | — | — | 4y ago | Missing permission check in Jenkins SOASTA CloudTest Plugin | |||
| CVE-2019-1003096 | unknown | — | — | 4y ago | Jenkins TestFairy Plugin stores credentials in plain text | |||
| CVE-2019-9764 | unknown | — | — | 4y ago | HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul | |||
| CVE-2019-7743 | unknown | — | — | 4y ago | Joomla! Object Injection Vulnerability | |||
| CVE-2019-8336 | unknown | — | — | 4y ago | HashiCorp Consul Access Restriction Bypass in github.com/hashicorp/consul | |||
| CVE-2019-6986 | unknown | — | — | 4y ago | Command Injection in VIVO Vitro | |||
| CVE-2019-6799 | unknown | — | — | 4y ago | An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the serv… | |||
| CVE-2019-3852 | unknown | — | — | 4y ago | Moodle context freezing | |||
| CVE-2019-3851 | unknown | — | — | 4y ago | Moodle Secure layout contained an insecure link in Boost theme | |||
| CVE-2019-11018 | unknown | — | — | 4y ago | ThinkAdmin Administrator cookies still working after password change | |||
| CVE-2019-11065 | unknown | — | — | 4y ago | Insecure transport protocol in Gradle | |||
| CVE-2019-1000021 | unknown | — | — | 4y ago | slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options pr… | |||
| CVE-2019-1000001 | unknown | — | — | 4y ago | TeamPass Storing Passwords in a Recoverable Format vulnerability |