VIR Vulnerability Intelligence Relay

CVEs from 2019

3,216 normalized CVEs published or assigned in this year.

Total
3,216
critical
critical 204
high
high 479
medium
medium 471
low
low 94
% Critical
6.3%
% with KEV
3.7%
% with exploit
7.8%

Top vendors

Top products

  • u-boot 20
  • active_iq_unified_manager 7
  • jdk 5
  • weblogic_server 5
  • oncommand_workflow_automation 5
  • oncommand_insight 4
  • codeready_linux_builder_eus 4
  • libxslt 4

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2019-16556 unknown 4y ago Jenkins Rundeck Plugin stored credentials in plain text
CVE-2019-16555 unknown 4y ago Inefficient Regular Expression Complexity in Jenkins Build Failure Analyzer Plugin
CVE-2019-16553 unknown 4y ago Cross-Site Request Forgery in Jenkins Build Failure Analyzer Plugin
CVE-2019-16549 unknown 4y ago Jenkins Maven Release Plug-in Plugin XXE vulnerability
CVE-2019-16551 unknown 4y ago Cross-Site Request Forgery in Jenkins Gerrit Trigger Plugin
CVE-2019-16550 unknown 4y ago Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin
CVE-2019-16552 unknown 4y ago Missing permission check in Jenkins Gerrit Trigger Plugin
CVE-2019-19687 unknown 4y ago OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enfor…
CVE-2019-14910 unknown 4y ago Keycloak Authentication Error
CVE-2019-14909 unknown 4y ago Keycloak Authentication Error
CVE-2019-10174 unknown 4y ago Use of Externally-Controlled Input to Select Classes or Code in Infinispan
CVE-2019-16548 unknown 4y ago Jenkins Google Compute Engine Plugin Cross-Site Request Forgery vulnerability
CVE-2019-16545 unknown 4y ago Jenkins QMetry for JIRA Plugin shows plain text password in configuration form
CVE-2019-16540 unknown 4y ago Jenkins Support Core Plugin allowed users with Overall/Read permission to delete arbitrary files
CVE-2019-16543 unknown 4y ago Plaintext Storage in Jenkins Spira Importer Plugin
CVE-2019-16544 unknown 4y ago Jenkins QMetry for JIRA Plugin stored credentials in plain text
CVE-2019-16547 unknown 4y ago Jenkins Google Compute Engine Plugin Missing Authorization vulnerability
CVE-2019-16546 unknown 4y ago Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin
CVE-2019-16539 unknown 4y ago Missing permission check in Jenkins Support Core Plugin
CVE-2019-16541 unknown 4y ago Jenkins JIRA Plugin allows users to select and use credentials with System scope
CVE-2019-16538 unknown 4y ago Incorrect Authorization in Jenkins Script Security Plugin
CVE-2019-16542 unknown 4y ago Jenkins Anchore Container Scanner Plugin vulnerable to Insufficiently Protected Credentials
CVE-2019-7619 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
CVE-2019-0205 unknown 4y ago Loop with Unreachable Exit Condition in Apache Thrift
CVE-2019-18393 unknown 4y ago Ignite Realtime Openfire directory traversal vulnerability
CVE-2019-18394 unknown 4y ago Ignite Realtime Openfire vulnerable to Server Side Request Forgery
CVE-2019-12415 unknown 4y ago Improper Restriction of XML External Entity Reference in Apache POI
CVE-2019-10476 unknown 4y ago Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials
CVE-2019-10472 unknown 4y ago Jenkins Libvirt Slaves Plugin vlnerable to Incorrect Default Permissions
CVE-2019-10461 unknown 4y ago Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials
CVE-2019-10470 unknown 4y ago Jenkins Kubernetes CI/CD Plugin vulnerable to Credential Enumeration
CVE-2019-10462 unknown 4y ago Jenkins Dynatrace Plugin vulnerable to Cross-Site Request Forgery
CVE-2019-10468 unknown 4y ago Jenkins Kubernetes CI/CD Plugin vulnerable to Cross-Site Request Forgery
CVE-2019-10467 unknown 4y ago Jenkins Sonar Gerrit Plugin stores credentials unencrypted
CVE-2019-10471 unknown 4y ago Jenkins Libvirt Slaves Plugin vlnerable to Cross-Site Request Forgery
CVE-2019-10460 unknown 4y ago Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials
CVE-2019-10473 unknown 4y ago Jenkins Libvirt Slaves Plugin vlnerable to Credential Enumeration
CVE-2019-10463 unknown 4y ago Jenkins Dynatrace Plugin contains Incorrect Default Permissions
CVE-2019-10465 unknown 4y ago Jenkins Deploy WebLogic Plugin missing permission check
CVE-2019-10464 unknown 4y ago Jenkins Deploy WebLogic Plugin cross-site request forgery vulnerability
CVE-2019-10469 unknown 4y ago Jenkins Kubernetes CI/CD Plugin vulnerable to Improper Authorization
CVE-2019-10466 unknown 4y ago Jenkins 360 FireLine Plugin vulnerable to XML External Entity Reference
CVE-2019-10459 unknown 4y ago Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token
CVE-2019-16530 unknown 4y ago Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager
CVE-2019-13116 unknown 4y ago Mulesoft Mule Unsafe Deserialization
CVE-2019-10458 unknown 4y ago Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin
CVE-2019-10453 unknown 4y ago Jenkins Delphix Plugin vulnerable to Cleartext credential storage
CVE-2019-10457 unknown 4y ago Missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin
CVE-2019-10449 unknown 4y ago Jenkins Fortify on Demand Plugin stores credentials in plain text
CVE-2019-10450 unknown 4y ago Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin
CVE-2019-10456 unknown 4y ago Jenkins Oracle Cloud Infrastructure Compute Classic Plugin cross-site request forgery vulnerability
CVE-2019-10454 unknown 4y ago Jenkins Rundeck Plugin CSRF vulnerability
CVE-2019-10452 unknown 4y ago Jenkins View26 Test-Reporting Plugin stores access token in plain text
CVE-2019-10455 unknown 4y ago Missing permission check in Jenkins Rundeck Plugin
CVE-2019-10451 unknown 4y ago Jenkins SOASTA CloudTest Plugin stores API token in plain text
CVE-2019-10446 unknown 4y ago Jenkins Cadence vManager Plugin disables SSL/TLS and hostname verification
CVE-2019-10436 unknown 4y ago Improper Limitation of a Pathname to a Restricted Directory in Jenkins Google OAuth Credentials Plugin
CVE-2019-10447 unknown 4y ago Jenkins Sofy.AI Plugin stores API token in plain text
CVE-2019-10444 unknown 4y ago Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation
CVE-2019-10442 unknown 4y ago Jenkins iceScrum Plugin vulnerable to Missing Authorization
CVE-2019-10443 unknown 4y ago Jenkins iceScrum Plugin stores credentials in Cleartext
CVE-2019-10440 unknown 4y ago Jenkins NeoLoad Plugin stores credentials in cleartext
CVE-2019-10445 unknown 4y ago Missing permission checks in Google Kubernetes Engine Jenkins Plugin
CVE-2019-10441 unknown 4y ago Jenkins iceScrum Plugin vulnerable to Cross-site Request Forgery
CVE-2019-10439 unknown 4y ago Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization
CVE-2019-10448 unknown 4y ago Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin
CVE-2019-10437 unknown 4y ago Jenkins CRX Content Package Deployer Plugin subject to Cross-Site Request Forgery
CVE-2019-10438 unknown 4y ago Jenkins CRX Content Package Deployer Plugin subject to Missing Authorization
CVE-2019-14832 unknown 4y ago Keycloak Unauthenticated Access
CVE-2019-14838 unknown 4y ago Wildfly Authorization Misconfiguration
CVE-2019-16891 unknown 4y ago Liferay Portal Allows RCE via Deserialization of a JSON Payload
CVE-2019-17091 unknown 4y ago Cross-site Scripting in Eclipse Mojarra
CVE-2019-10435 unknown 4y ago Jenkins SourceGear Vault plugin transmits credentials in plain text
CVE-2019-10431 unknown 4y ago Improper Control of Generation of Code in Jenkins Script Security Plugin
CVE-2019-10434 unknown 4y ago Jenkins LDAP Email Plugin shows plain text password in configuration form
CVE-2019-0231 unknown 4y ago Cleartext Transmission of Sensitive Information in Apache MINA
CVE-2019-10433 unknown 4y ago DingTalk Plugin stores credentials in plain text
CVE-2019-10202 unknown 4y ago Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
CVE-2019-10432 unknown 4y ago Jenkins HTML Publisher Plugin vulnerable to Cross-site Scripting
CVE-2019-10424 unknown 4y ago Jenkins elOyente Plugin has Insufficiently Protected Credentials
CVE-2019-10425 unknown 4y ago Jenkins Google Calendar Plugin has Insufficiently Protected Credentials
CVE-2019-10423 unknown 4y ago Jenkins CodeScan Plugin has Insufficiently Protected Credentials
CVE-2019-10415 unknown 4y ago Jenkins Violation Comments to GitLab Plugin has Insufficiently Protected Credentials
CVE-2019-10414 unknown 4y ago Jenkins Git Changelog Plugin has Insufficiently Protected Credentials
CVE-2019-10421 unknown 4y ago Jenkins Azure Event Grid Build Notifier Plugin has Insufficiently Protected Credentials
CVE-2019-10422 unknown 4y ago Jenkins Call Remote Job Plugin has Insufficiently Protected Credentials
CVE-2019-10420 unknown 4y ago Jenkins Assembla Plugin has Insufficiently Protected Credentials
CVE-2019-10419 unknown 4y ago Jenkins vFabric Application Director Plugin Insufficiently Protected Credentials
CVE-2019-10416 unknown 4y ago Violation Comments to GitLab Plugin has Insufficiently Protected Credentials
CVE-2019-10417 unknown 4y ago Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin
CVE-2019-10418 unknown 4y ago Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin
CVE-2019-10409 unknown 4y ago Missing permission check in Jenkins Project Inheritance Plugin
CVE-2019-10410 unknown 4y ago Jenkins Log Parser Plugin vulnerable to Cross-site Scripting
CVE-2019-10408 unknown 4y ago Jenkins Project Inheritance Plugin vulnerable to Cross-Site Request Forgery
CVE-2019-10411 unknown 4y ago Jenkins Inedo BuildMaster Plugin showed plain text password in configuration form
CVE-2019-10412 unknown 4y ago Jenkins Inedo ProGet Plugin Plugin has Cleartext Transmission of Sensitive Information
CVE-2019-10413 unknown 4y ago Jenkins Data Theorem Mobile Security: CI/CD Plugin has Insufficiently Protected Credentials
CVE-2019-10754 unknown 4y ago Use of Insufficiently Random Values in Apereo CAS
CVE-2019-12407 unknown 4y ago Cross-site Scripting in Apache JSPWiki
CVE-2019-16370 unknown 4y ago Use of a weak cryptographic algorithm in Gradle