CVEs from 2019

3,176 normalized CVEs published or assigned in this year.

Total

3,176

critical

critical 231

high

high 484

medium

medium 482

low

low 94

% Critical

7.3%

% with KEV

3.7%

% with exploit

7.9%

Top vendors

Top packages

critical high medium low unknown

KEV Has exploit

Reset

CVE	Severity	CVSS	Risk	Published	Description
CVE-2019-11818	unknown	—	—	4y ago	Alkacon OpenCMS XSS via New User module
CVE-2019-0233	unknown	—	—	4y ago	Improper Preservation of Permissions in Apache Struts
CVE-2019-17564	unknown	—	—	4y ago	Deserialization of Untrusted Data in Apache Dubbo
CVE-2019-17561	unknown	—	—	4y ago	Improper Verification of Cryptographic Signature in Apache Netbeans
CVE-2019-20526	unknown	—	—	4y ago	Ignite Realtime Openfire allows Cross-site Scripting
CVE-2019-20525	unknown	—	—	4y ago	Ignite Realtime Openfire allows Cross-site Scripting
CVE-2019-20528	unknown	—	—	4y ago	Ignite Realtime Openfire allows Cross-site Scripting
CVE-2019-14888	unknown	—	—	4y ago	Undertow vulnerable to Uncontrolled Resource Consumption
CVE-2019-14837	unknown	—	—	4y ago	keycloak vulnerable to unauthorized login via mail server setup
CVE-2019-6035	unknown	—	—	4y ago	Athenz vulnerable to Open Redirect
CVE-2019-16574	unknown	—	—	4y ago	Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to capture credentials stored in Jenkins
CVE-2019-16575	unknown	—	—	4y ago	Cross-Site Request Forgery in Jenkins Alauda Kubernetes Suport Plugin
CVE-2019-16572	unknown	—	—	4y ago	Jenkins Weibo Plugin stores credentials unencrypted in its global configuration file
CVE-2019-16576	unknown	—	—	4y ago	Improper Authorization in Jenkins Alauda Kubernetes Suport Plugin
CVE-2019-16566	unknown	—	—	4y ago	Jenkins Team Concert Plugin missing permission check
CVE-2019-16563	unknown	—	—	4y ago	Cross site scripting in Jenkins Mission Control Plugin
CVE-2019-16569	unknown	—	—	4y ago	CSRF vulnerability in Jenkins Mantis Plugin
CVE-2019-16567	unknown	—	—	4y ago	Jenkins Team Concert Plugin missing permission check
CVE-2019-16570	unknown	—	—	4y ago	Jenkins RapidDeploy Plugin Cross-Site Request Forgery plugin
CVE-2019-16571	unknown	—	—	4y ago	Jenkins RapidDeploy Plugin missing permission check
CVE-2019-16568	unknown	—	—	4y ago	Jenkins SCTMExecutor Plugin stores credentials in plain text
CVE-2019-16573	unknown	—	—	4y ago	Jenkins Alauda DevOps Pipeline Plugin vulnerable to cross-site request forgery
CVE-2019-16564	unknown	—	—	4y ago	Jenkins Pipeline Aggregator View Plugin stored XSS vulnerability
CVE-2019-16556	unknown	—	—	4y ago	Jenkins Rundeck Plugin stored credentials in plain text
CVE-2019-16562	unknown	—	—	4y ago	Jenkins buildgraph-view Plugin vulnerable to stored Cross-site Scripting
CVE-2019-16555	unknown	—	—	4y ago	Inefficient Regular Expression Complexity in Jenkins Build Failure Analyzer Plugin
CVE-2019-16559	unknown	—	—	4y ago	Jenkins WebSphere Deployer Plugin missing permission check
CVE-2019-16561	unknown	—	—	4y ago	SSL/TLS certificate validation globally and unconditionally disabled by Jenkins WebSphere Deployer Plugin
CVE-2019-16560	unknown	—	—	4y ago	Cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin
CVE-2019-16565	unknown	—	—	4y ago	Jenkins Team Concert Plugin cross-site request forgery vulnerability
CVE-2019-16557	unknown	—	—	4y ago	Jenkins Redgate SQL Change Automation Plugin has Insufficiently Protected Credentials
CVE-2019-16558	unknown	—	—	4y ago	Improper Certificate Validation in Jenkins Spira Importer Plugin
CVE-2019-16554	unknown	—	—	4y ago	Missing permission check in Jenkins Build Failure Analyzer Plugin
CVE-2019-16552	unknown	—	—	4y ago	Missing permission check in Jenkins Gerrit Trigger Plugin
CVE-2019-16551	unknown	—	—	4y ago	Cross-Site Request Forgery in Jenkins Gerrit Trigger Plugin
CVE-2019-16549	unknown	—	—	4y ago	Jenkins Maven Release Plug-in Plugin XXE vulnerability
CVE-2019-16553	unknown	—	—	4y ago	Cross-Site Request Forgery in Jenkins Build Failure Analyzer Plugin
CVE-2019-16550	unknown	—	—	4y ago	Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin
CVE-2019-19687	unknown	—	—	4y ago	OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enfor…
CVE-2019-14910	unknown	—	—	4y ago	Keycloak Authentication Error
CVE-2019-14909	unknown	—	—	4y ago	Keycloak Authentication Error
CVE-2019-10174	unknown	—	—	4y ago	Use of Externally-Controlled Input to Select Classes or Code in Infinispan
CVE-2019-16546	unknown	—	—	4y ago	Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin
CVE-2019-16545	unknown	—	—	4y ago	Jenkins QMetry for JIRA Plugin shows plain text password in configuration form
CVE-2019-16544	unknown	—	—	4y ago	Jenkins QMetry for JIRA Plugin stored credentials in plain text
CVE-2019-16540	unknown	—	—	4y ago	Jenkins Support Core Plugin allowed users with Overall/Read permission to delete arbitrary files
CVE-2019-16543	unknown	—	—	4y ago	Plaintext Storage in Jenkins Spira Importer Plugin
CVE-2019-16548	unknown	—	—	4y ago	Jenkins Google Compute Engine Plugin Cross-Site Request Forgery vulnerability
CVE-2019-16547	unknown	—	—	4y ago	Jenkins Google Compute Engine Plugin Missing Authorization vulnerability
CVE-2019-16539	unknown	—	—	4y ago	Missing permission check in Jenkins Support Core Plugin
CVE-2019-16538	unknown	—	—	4y ago	Incorrect Authorization in Jenkins Script Security Plugin
CVE-2019-16541	unknown	—	—	4y ago	Jenkins JIRA Plugin allows users to select and use credentials with System scope
CVE-2019-16542	unknown	—	—	4y ago	Jenkins Anchore Container Scanner Plugin vulnerable to Insufficiently Protected Credentials
CVE-2019-7619	unknown	—	—	4y ago	Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
CVE-2019-0205	unknown	—	—	4y ago	Loop with Unreachable Exit Condition in Apache Thrift
CVE-2019-18393	unknown	—	—	4y ago	Ignite Realtime Openfire directory traversal vulnerability
CVE-2019-18394	unknown	—	—	4y ago	Ignite Realtime Openfire vulnerable to Server Side Request Forgery
CVE-2019-12415	unknown	—	—	4y ago	Improper Restriction of XML External Entity Reference in Apache POI
CVE-2019-10461	unknown	—	—	4y ago	Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials
CVE-2019-10472	unknown	—	—	4y ago	Jenkins Libvirt Slaves Plugin vlnerable to Incorrect Default Permissions
CVE-2019-10476	unknown	—	—	4y ago	Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials
CVE-2019-10473	unknown	—	—	4y ago	Jenkins Libvirt Slaves Plugin vlnerable to Credential Enumeration
CVE-2019-10465	unknown	—	—	4y ago	Jenkins Deploy WebLogic Plugin missing permission check
CVE-2019-10460	unknown	—	—	4y ago	Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials
CVE-2019-10463	unknown	—	—	4y ago	Jenkins Dynatrace Plugin contains Incorrect Default Permissions
CVE-2019-10471	unknown	—	—	4y ago	Jenkins Libvirt Slaves Plugin vlnerable to Cross-Site Request Forgery
CVE-2019-10470	unknown	—	—	4y ago	Jenkins Kubernetes CI/CD Plugin vulnerable to Credential Enumeration
CVE-2019-10462	unknown	—	—	4y ago	Jenkins Dynatrace Plugin vulnerable to Cross-Site Request Forgery
CVE-2019-10468	unknown	—	—	4y ago	Jenkins Kubernetes CI/CD Plugin vulnerable to Cross-Site Request Forgery
CVE-2019-10467	unknown	—	—	4y ago	Jenkins Sonar Gerrit Plugin stores credentials unencrypted
CVE-2019-10464	unknown	—	—	4y ago	Jenkins Deploy WebLogic Plugin cross-site request forgery vulnerability
CVE-2019-10466	unknown	—	—	4y ago	Jenkins 360 FireLine Plugin vulnerable to XML External Entity Reference
CVE-2019-10469	unknown	—	—	4y ago	Jenkins Kubernetes CI/CD Plugin vulnerable to Improper Authorization
CVE-2019-10459	unknown	—	—	4y ago	Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token
CVE-2019-16530	unknown	—	—	4y ago	Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager
CVE-2019-13116	unknown	—	—	4y ago	Mulesoft Mule Unsafe Deserialization
CVE-2019-10458	unknown	—	—	4y ago	Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin
CVE-2019-10453	unknown	—	—	4y ago	Jenkins Delphix Plugin vulnerable to Cleartext credential storage
CVE-2019-10455	unknown	—	—	4y ago	Missing permission check in Jenkins Rundeck Plugin
CVE-2019-10450	unknown	—	—	4y ago	Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin
CVE-2019-10451	unknown	—	—	4y ago	Jenkins SOASTA CloudTest Plugin stores API token in plain text
CVE-2019-10456	unknown	—	—	4y ago	Jenkins Oracle Cloud Infrastructure Compute Classic Plugin cross-site request forgery vulnerability
CVE-2019-10452	unknown	—	—	4y ago	Jenkins View26 Test-Reporting Plugin stores access token in plain text
CVE-2019-10454	unknown	—	—	4y ago	Jenkins Rundeck Plugin CSRF vulnerability
CVE-2019-10449	unknown	—	—	4y ago	Jenkins Fortify on Demand Plugin stores credentials in plain text
CVE-2019-10457	unknown	—	—	4y ago	Missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin
CVE-2019-10442	unknown	—	—	4y ago	Jenkins iceScrum Plugin vulnerable to Missing Authorization
CVE-2019-10441	unknown	—	—	4y ago	Jenkins iceScrum Plugin vulnerable to Cross-site Request Forgery
CVE-2019-10440	unknown	—	—	4y ago	Jenkins NeoLoad Plugin stores credentials in cleartext
CVE-2019-10439	unknown	—	—	4y ago	Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization
CVE-2019-10444	unknown	—	—	4y ago	Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation
CVE-2019-10448	unknown	—	—	4y ago	Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin
CVE-2019-10445	unknown	—	—	4y ago	Missing permission checks in Google Kubernetes Engine Jenkins Plugin
CVE-2019-10436	unknown	—	—	4y ago	Improper Limitation of a Pathname to a Restricted Directory in Jenkins Google OAuth Credentials Plugin
CVE-2019-10443	unknown	—	—	4y ago	Jenkins iceScrum Plugin stores credentials in Cleartext
CVE-2019-10446	unknown	—	—	4y ago	Jenkins Cadence vManager Plugin disables SSL/TLS and hostname verification
CVE-2019-10447	unknown	—	—	4y ago	Jenkins Sofy.AI Plugin stores API token in plain text
CVE-2019-10437	unknown	—	—	4y ago	Jenkins CRX Content Package Deployer Plugin subject to Cross-Site Request Forgery
CVE-2019-10438	unknown	—	—	4y ago	Jenkins CRX Content Package Deployer Plugin subject to Missing Authorization
CVE-2019-14832	unknown	—	—	4y ago	Keycloak Unauthenticated Access

CVEs from 2019

Top vendors

Top products

Top packages