CVEs from 2019

3,162 normalized CVEs published or assigned in this year.

Total

3,162

critical

critical 238

high

high 485

medium

medium 485

low

low 94

% Critical

7.5%

% with KEV

3.7%

% with exploit

8.0%

Top vendors

Top packages

critical high medium low unknown

KEV Has exploit

Reset

CVE	Severity	CVSS	Risk	Published	Description
CVE-2019-16544	unknown	—	—	4y ago	Jenkins QMetry for JIRA Plugin stored credentials in plain text
CVE-2019-16540	unknown	—	—	4y ago	Jenkins Support Core Plugin allowed users with Overall/Read permission to delete arbitrary files
CVE-2019-16542	unknown	—	—	4y ago	Jenkins Anchore Container Scanner Plugin vulnerable to Insufficiently Protected Credentials
CVE-2019-16538	unknown	—	—	4y ago	Incorrect Authorization in Jenkins Script Security Plugin
CVE-2019-16541	unknown	—	—	4y ago	Jenkins JIRA Plugin allows users to select and use credentials with System scope
CVE-2019-16539	unknown	—	—	4y ago	Missing permission check in Jenkins Support Core Plugin
CVE-2019-7619	unknown	—	—	4y ago	Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
CVE-2019-0205	unknown	—	—	4y ago	Loop with Unreachable Exit Condition in Apache Thrift
CVE-2019-18393	unknown	—	—	4y ago	Ignite Realtime Openfire directory traversal vulnerability
CVE-2019-18394	unknown	—	—	4y ago	Ignite Realtime Openfire vulnerable to Server Side Request Forgery
CVE-2019-12415	unknown	—	—	4y ago	Improper Restriction of XML External Entity Reference in Apache POI
CVE-2019-10472	unknown	—	—	4y ago	Jenkins Libvirt Slaves Plugin vlnerable to Incorrect Default Permissions
CVE-2019-10461	unknown	—	—	4y ago	Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials
CVE-2019-10476	unknown	—	—	4y ago	Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials
CVE-2019-10470	unknown	—	—	4y ago	Jenkins Kubernetes CI/CD Plugin vulnerable to Credential Enumeration
CVE-2019-10465	unknown	—	—	4y ago	Jenkins Deploy WebLogic Plugin missing permission check
CVE-2019-10460	unknown	—	—	4y ago	Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials
CVE-2019-10471	unknown	—	—	4y ago	Jenkins Libvirt Slaves Plugin vlnerable to Cross-Site Request Forgery
CVE-2019-10468	unknown	—	—	4y ago	Jenkins Kubernetes CI/CD Plugin vulnerable to Cross-Site Request Forgery
CVE-2019-10473	unknown	—	—	4y ago	Jenkins Libvirt Slaves Plugin vlnerable to Credential Enumeration
CVE-2019-10467	unknown	—	—	4y ago	Jenkins Sonar Gerrit Plugin stores credentials unencrypted
CVE-2019-10464	unknown	—	—	4y ago	Jenkins Deploy WebLogic Plugin cross-site request forgery vulnerability
CVE-2019-10462	unknown	—	—	4y ago	Jenkins Dynatrace Plugin vulnerable to Cross-Site Request Forgery
CVE-2019-10463	unknown	—	—	4y ago	Jenkins Dynatrace Plugin contains Incorrect Default Permissions
CVE-2019-10466	unknown	—	—	4y ago	Jenkins 360 FireLine Plugin vulnerable to XML External Entity Reference
CVE-2019-10469	unknown	—	—	4y ago	Jenkins Kubernetes CI/CD Plugin vulnerable to Improper Authorization
CVE-2019-10459	unknown	—	—	4y ago	Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token
CVE-2019-16530	unknown	—	—	4y ago	Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager
CVE-2019-13116	unknown	—	—	4y ago	Mulesoft Mule Unsafe Deserialization
CVE-2019-10458	unknown	—	—	4y ago	Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin
CVE-2019-10457	unknown	—	—	4y ago	Missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin
CVE-2019-10456	unknown	—	—	4y ago	Jenkins Oracle Cloud Infrastructure Compute Classic Plugin cross-site request forgery vulnerability
CVE-2019-10453	unknown	—	—	4y ago	Jenkins Delphix Plugin vulnerable to Cleartext credential storage
CVE-2019-10454	unknown	—	—	4y ago	Jenkins Rundeck Plugin CSRF vulnerability
CVE-2019-10449	unknown	—	—	4y ago	Jenkins Fortify on Demand Plugin stores credentials in plain text
CVE-2019-10451	unknown	—	—	4y ago	Jenkins SOASTA CloudTest Plugin stores API token in plain text
CVE-2019-10455	unknown	—	—	4y ago	Missing permission check in Jenkins Rundeck Plugin
CVE-2019-10450	unknown	—	—	4y ago	Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin
CVE-2019-10452	unknown	—	—	4y ago	Jenkins View26 Test-Reporting Plugin stores access token in plain text
CVE-2019-10444	unknown	—	—	4y ago	Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation
CVE-2019-10436	unknown	—	—	4y ago	Improper Limitation of a Pathname to a Restricted Directory in Jenkins Google OAuth Credentials Plugin
CVE-2019-10443	unknown	—	—	4y ago	Jenkins iceScrum Plugin stores credentials in Cleartext
CVE-2019-10447	unknown	—	—	4y ago	Jenkins Sofy.AI Plugin stores API token in plain text
CVE-2019-10446	unknown	—	—	4y ago	Jenkins Cadence vManager Plugin disables SSL/TLS and hostname verification
CVE-2019-10445	unknown	—	—	4y ago	Missing permission checks in Google Kubernetes Engine Jenkins Plugin
CVE-2019-10448	unknown	—	—	4y ago	Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin
CVE-2019-10441	unknown	—	—	4y ago	Jenkins iceScrum Plugin vulnerable to Cross-site Request Forgery
CVE-2019-10440	unknown	—	—	4y ago	Jenkins NeoLoad Plugin stores credentials in cleartext
CVE-2019-10442	unknown	—	—	4y ago	Jenkins iceScrum Plugin vulnerable to Missing Authorization
CVE-2019-10439	unknown	—	—	4y ago	Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization
CVE-2019-10438	unknown	—	—	4y ago	Jenkins CRX Content Package Deployer Plugin subject to Missing Authorization
CVE-2019-10437	unknown	—	—	4y ago	Jenkins CRX Content Package Deployer Plugin subject to Cross-Site Request Forgery
CVE-2019-14832	unknown	—	—	4y ago	Keycloak Unauthenticated Access
CVE-2019-14838	unknown	—	—	4y ago	Wildfly Authorization Misconfiguration
CVE-2019-16891	unknown	—	—	4y ago	Liferay Portal Allows RCE via Deserialization of a JSON Payload
CVE-2019-17091	unknown	—	—	4y ago	Cross-site Scripting in Eclipse Mojarra
CVE-2019-10431	unknown	—	—	4y ago	Improper Control of Generation of Code in Jenkins Script Security Plugin
CVE-2019-10202	unknown	—	—	4y ago	Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
CVE-2019-10433	unknown	—	—	4y ago	DingTalk Plugin stores credentials in plain text
CVE-2019-10435	unknown	—	—	4y ago	Jenkins SourceGear Vault plugin transmits credentials in plain text
CVE-2019-10434	unknown	—	—	4y ago	Jenkins LDAP Email Plugin shows plain text password in configuration form
CVE-2019-10432	unknown	—	—	4y ago	Jenkins HTML Publisher Plugin vulnerable to Cross-site Scripting
CVE-2019-0231	unknown	—	—	4y ago	Cleartext Transmission of Sensitive Information in Apache MINA
CVE-2019-10424	unknown	—	—	4y ago	Jenkins elOyente Plugin has Insufficiently Protected Credentials
CVE-2019-10425	unknown	—	—	4y ago	Jenkins Google Calendar Plugin has Insufficiently Protected Credentials
CVE-2019-10417	unknown	—	—	4y ago	Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin
CVE-2019-10423	unknown	—	—	4y ago	Jenkins CodeScan Plugin has Insufficiently Protected Credentials
CVE-2019-10415	unknown	—	—	4y ago	Jenkins Violation Comments to GitLab Plugin has Insufficiently Protected Credentials
CVE-2019-10421	unknown	—	—	4y ago	Jenkins Azure Event Grid Build Notifier Plugin has Insufficiently Protected Credentials
CVE-2019-10419	unknown	—	—	4y ago	Jenkins vFabric Application Director Plugin Insufficiently Protected Credentials
CVE-2019-10416	unknown	—	—	4y ago	Violation Comments to GitLab Plugin has Insufficiently Protected Credentials
CVE-2019-10422	unknown	—	—	4y ago	Jenkins Call Remote Job Plugin has Insufficiently Protected Credentials
CVE-2019-10414	unknown	—	—	4y ago	Jenkins Git Changelog Plugin has Insufficiently Protected Credentials
CVE-2019-10420	unknown	—	—	4y ago	Jenkins Assembla Plugin has Insufficiently Protected Credentials
CVE-2019-10418	unknown	—	—	4y ago	Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin
CVE-2019-10410	unknown	—	—	4y ago	Jenkins Log Parser Plugin vulnerable to Cross-site Scripting
CVE-2019-10413	unknown	—	—	4y ago	Jenkins Data Theorem Mobile Security: CI/CD Plugin has Insufficiently Protected Credentials
CVE-2019-10411	unknown	—	—	4y ago	Jenkins Inedo BuildMaster Plugin showed plain text password in configuration form
CVE-2019-10408	unknown	—	—	4y ago	Jenkins Project Inheritance Plugin vulnerable to Cross-Site Request Forgery
CVE-2019-10412	unknown	—	—	4y ago	Jenkins Inedo ProGet Plugin Plugin has Cleartext Transmission of Sensitive Information
CVE-2019-10409	unknown	—	—	4y ago	Missing permission check in Jenkins Project Inheritance Plugin
CVE-2019-10754	unknown	—	—	4y ago	Use of Insufficiently Random Values in Apereo CAS
CVE-2019-12407	unknown	—	—	4y ago	Cross-site Scripting in Apache JSPWiki
CVE-2019-16370	unknown	—	—	4y ago	Use of a weak cryptographic algorithm in Gradle
CVE-2019-10398	unknown	—	—	4y ago	Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials
CVE-2019-10397	unknown	—	—	4y ago	Jenkins Aqua Security Serverless Scanner Plugin showed plain text password in job configuration form fields
CVE-2019-10395	unknown	—	—	4y ago	Jenkins Build Environment Plugin vulnerable to Cross-site Scripting
CVE-2019-10394	unknown	—	—	4y ago	Sandbox bypass vulnerability in Jenkins Script Security Plugin
CVE-2019-10399	unknown	—	—	4y ago	Sandbox bypass vulnerability in Jenkins Script Security Plugin
CVE-2019-10396	unknown	—	—	4y ago	Jenkins Dashboard View Plugin vulnerable to Cross-site Scripting
CVE-2019-10400	unknown	—	—	4y ago	Sandbox bypass vulnerability in Jenkins Script Security Plugin
CVE-2019-10392	unknown	—	—	4y ago	Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin
CVE-2019-10393	unknown	—	—	4y ago	Sandbox bypass vulnerability in Script Security Plugin
CVE-2019-16147	unknown	—	—	4y ago	Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via a Journal Article Title
CVE-2019-15630	unknown	—	—	4y ago	Mule modules contain Directory Traversal
CVE-2019-10391	unknown	—	—	4y ago	Jenkins IBM AppScan Plugin showed plain text password in job configuration form fields
CVE-2019-10390	unknown	—	—	4y ago	Jenkins Splunk Plugin Sandbox Bypass
CVE-2019-15563	unknown	—	—	4y ago	OHDSI WebAPI vulnerable to SQL Injection
CVE-2019-14433	unknown	—	—	4y ago	An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external excepti…
CVE-2019-10388	unknown	—	—	4y ago	Relution Enterprise Appstore Publisher Jenkins Plugin contains Cross-Site Request Forgery

CVEs from 2019

Top vendors

Top products

Top packages