VIR Vulnerability Intelligence Relay

CVEs from 2019

3,162 normalized CVEs published or assigned in this year.

Total
3,162
critical
critical 238
high
high 484
medium
medium 485
low
low 95
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%

Top vendors

Top products

  • u-boot 20
  • crimson 8
  • active_iq_unified_manager 7
  • weblogic_server 5
  • jdk 5
  • oncommand_workflow_automation 5
  • codeready_linux_builder_eus 4
  • oncommand_insight 4

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2019-1002100 unknown 4y ago In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch…
CVE-2019-1000002 unknown 4y ago Gitea Arbitrary File Delete Vulnerability
CVE-2019-0861 unknown 4y ago ChakraCore Memory Corruption Vulnerability
CVE-2019-0860 unknown 4y ago ChakraCore Memory Corruption Vulnerability
CVE-2019-0829 unknown 4y ago ChakraCore Memory Corruption Vulnerability
CVE-2019-0806 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2019-0812 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2019-0810 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2019-0649 unknown 4y ago Chakra JIT server Privilege Escalation
CVE-2019-0648 unknown 4y ago ChakraCore information disclosure vulnerability
CVE-2019-1003052 unknown 4y ago Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials in plain text
CVE-2019-1003051 unknown 4y ago Jenkins IRC Plugin stores credentials in plain text
CVE-2019-1003057 unknown 4y ago Jenkins Bitbucket Approve Plugin stores credentials in plain text
CVE-2019-1003060 unknown 4y ago Jenkins OWASP ZAP Plugin stores unencrypted credentials
CVE-2019-1003059 unknown 4y ago Missing permission check in Jenkins FTP publisher Plugin
CVE-2019-1003053 unknown 4y ago Jenkins HockeyApp Plugin stores credentials in plain text
CVE-2019-1003056 unknown 4y ago Jenkins WebSphere Deployer Plugin stores credentials in plain text
CVE-2019-1003055 unknown 4y ago Jenkins FTP publisher Plugin stores credentials in plain text
CVE-2019-1003070 unknown 4y ago Jenkins veracode-scanner Plugin stores credentials in plain text
CVE-2019-1003069 unknown 4y ago Jenkins Aqua Security Scanner Plugin stores credentials in plain text
CVE-2019-1003068 unknown 4y ago Jenkins VMware vRealize Automation Plugin Missing Encryption of Sensitive Data
CVE-2019-1003054 unknown 4y ago Jenkins Jira Issue Updater Plugin stores credentials in plain text
CVE-2019-1003061 unknown 4y ago Jenkins CloudFormation Plugin stores credentials in plain text
CVE-2019-1003063 unknown 4y ago Jenkins Amazon SNS Build Notifier Plugin stores credentials in plain text
CVE-2019-1003064 unknown 4y ago Jenkins aws-device-farm Plugin stores credentials in plain text
CVE-2019-1003067 unknown 4y ago Jenkins Trac Publisher Plugin stores credentials in plain text
CVE-2019-1003065 unknown 4y ago Jenkins CloudShare Docker-Machine Plugin stores credentials in plain text
CVE-2019-1003066 unknown 4y ago Jenkins Bugzilla Plugin stores credentials in plain text
CVE-2019-1003062 unknown 4y ago Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials in plain text
CVE-2019-1003095 unknown 4y ago Jenkins Perfecto Mobile Plugin stores credentials in plain text
CVE-2019-1003074 unknown 4y ago Jenkins hyper.sh Commons Plugin stores credentials in plain text
CVE-2019-1003075 unknown 4y ago Jenkins Audit to Database Plugin stores credentials in plain text
CVE-2019-1003072 unknown 4y ago Jenkins wildFly Deployer Plugin stores credentials in plain text
CVE-2019-1003073 unknown 4y ago Jenkins VS Team Services Continuous Deployment Plugin stores credentials in plain text
CVE-2019-1003088 unknown 4y ago Jenkins Fabric-beta-publisher Plugin stores credentials in plain text
CVE-2019-1003089 unknown 4y ago Jenkins Upload to pgyer Plugin stores credentials in plain text
CVE-2019-1003077 unknown 4y ago Missing permission check in Jenkins Audit to Database Plugin
CVE-2019-1003094 unknown 4y ago Jenkins Open STF Plugin stores credentials in plain text
CVE-2019-1003071 unknown 4y ago Jenkins Octopus Deploy Plugin stores credentials in plain text
CVE-2019-1003011 unknown 4y ago Jenkins Token Macro Plugin's recursive token expansion results in information disclosure and DoS
CVE-2019-1003025 unknown 4y ago Jenkins Cloud Foundry Plugin vulnerable to exposure of sensitive information
CVE-2019-1003006 unknown 4y ago Jenkins Groovy Plugin sandbox bypass vulnerability
CVE-2019-1003024 unknown 4y ago Jenkins Script Security Plugin sandbox bypass vulnerability
CVE-2019-1003048 unknown 4y ago Jenkins PRQA Plugin stored password in plain text
CVE-2019-1003040 unknown 4y ago Sandbox bypass vulnerability in Jenkins Script Security Plugin
CVE-2019-1003039 unknown 4y ago Jenkins AppDynamics Dashboard Plugin has insufficiently protected credentials
CVE-2019-1003041 unknown 4y ago Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin
CVE-2019-1003045 unknown 4y ago ECS Publisher Plugin stored and displayed API token in plain text
CVE-2019-1003047 unknown 4y ago SSRF vulnerability due to missing permission check in Fortify on Demand Uploader Plugin
CVE-2019-1003036 unknown 4y ago Missing permission check in Azure VM Agents Plugin allowed modifying VM configuration
CVE-2019-1003043 unknown 4y ago Jenkins Slack Notification Plugin missing permission check
CVE-2019-1003034 unknown 4y ago Script security sandbox bypass in Jenkins Job DSL Plugin
CVE-2019-1003035 unknown 4y ago Information disclosure in Azure VM Agents Plugin
CVE-2019-1003038 unknown 4y ago Jenkins Repository Connector Plugin has insufficiently protected credentials
CVE-2019-1003031 unknown 4y ago Script security sandbox bypass in Matrix Project Plugin
CVE-2019-1003037 unknown 4y ago Unprivileged users with Overall/Read access are able to enumerate credential IDs in Azure VM Agents Plugin
CVE-2019-10288 unknown 4y ago Jenkins Jabber Server Plugin stores credentials in plain text
CVE-2019-10287 unknown 4y ago Jenkins youtrack-plugin Plugin stored credentials in plain text
CVE-2019-1003033 unknown 4y ago Jenkins Groovy Plugin sandbox bypass vulnerability
CVE-2019-1003032 unknown 4y ago Script security sandbox bypass in Jenkins Email Extension Plugin
CVE-2019-10284 unknown 4y ago Jenkins Diawi Upload Plugin stores credentials in plain text
CVE-2019-10286 unknown 4y ago Jenkins DeployHub Plugin stores credentials in plain text
CVE-2019-10283 unknown 4y ago Jenkins mabl Plugin stores credentials in plain text
CVE-2019-10293 unknown 4y ago Missing permission check in Jenkins Kmap Plugin allow SSRF
CVE-2019-10279 unknown 4y ago Missing permission check in Jenkins jenkins-reviewbot Plugin
CVE-2019-10285 unknown 4y ago Jenkins Minio Storage Plugin stores credentials in plain text
CVE-2019-10299 unknown 4y ago Jenkins CloudCoreo DeployTime Plugin stores credentials in plain text
CVE-2019-10298 unknown 4y ago Jenkins Koji Plugin stores credentials in plain text
CVE-2019-10297 unknown 4y ago Jenkins Sametime Plugin stores credentials in plain text
CVE-2019-10291 unknown 4y ago Jenkins Netsparker Enterprise Scan Plugin stored credentials in plain text
CVE-2019-10295 unknown 4y ago Jenkins crittercism-dsym Plugin stores API key in plain text
CVE-2019-10290 unknown 4y ago Missing permission check in Jenkins Netsparker Cloud Scan Plugin
CVE-2019-10281 unknown 4y ago Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials in plain text
CVE-2019-10277 unknown 4y ago Jenkins StarTeam Plugin stores credentials in plain text
CVE-2019-10296 unknown 4y ago Jenkins Serena SRA Deploy Plugin stores credentials in plain text
CVE-2019-10294 unknown 4y ago Jenkins Kmap Plugin stores credentials in plain text
CVE-2019-10282 unknown 4y ago Jenkins Klaros-Testmanagement Plugin stores credentials in plain text
CVE-2019-10280 unknown 4y ago Jenkins Assembla Auth Plugin stores credentials in plain text
CVE-2019-3849 unknown 4y ago Moodle Users could elevate their role when accessing the LTI tool on a provider site
CVE-2019-3808 unknown 4y ago Moodle XSS Vulnerability
CVE-2019-7611 unknown 4y ago Improper Access Control in Elasticsearch
CVE-2019-3830 unknown 4y ago A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated.
CVE-2019-9185 unknown 4y ago Bolt Unrestricted Upload of File with Dangerous Type
CVE-2019-9115 unknown 4y ago irisnet-crypto RCE Vulnerability
CVE-2019-5919 unknown 4y ago Nablarch Incomplete Cryptography
CVE-2019-10643 unknown 4y ago Contao Does Not Expire Tokens Correctly
CVE-2019-10844 unknown 4y ago nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) through v1.0.14 relies on the HOME environment variable, which might be untrusted.
CVE-2019-1000013 unknown 4y ago Hex authenticity of signed packages not validated
CVE-2019-9735 unknown 4y ago An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security…
CVE-2019-10876 unknown 4y ago An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated us…
CVE-2019-5884 unknown 4y ago Sensitive Data Exposure in elFinder
CVE-2019-6257 unknown 4y ago elFinder Server Side Request Forgery (SSRF)
CVE-2019-1003003 unknown 4y ago Improper Authorization in Jenkins Core
CVE-2019-3848 unknown 4y ago Moodle Logged in users could view all calendar events
CVE-2019-1003004 unknown 4y ago Improper Authorization in Jenkins Core
CVE-2019-3847 unknown 4y ago Moodle XSS Vulnerability
CVE-2019-0204 unknown 4y ago Docker image code execution with Apache Mesos
CVE-2019-6287 unknown 4y ago Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them in github.com/rancher/rancher
CVE-2019-25060 unknown 4y ago Improper Access Control in wp-graphql
CVE-2019-15160 unknown 4y ago Inline DTD allows XML bomb attack