VIR Vulnerability Intelligence Relay

CVEs from 2019

3,216 normalized CVEs published or assigned in this year.

Total
3,216
critical
critical 204
high
high 479
medium
medium 471
low
low 94
% Critical
6.3%
% with KEV
3.7%
% with exploit
7.8%

Top vendors

Top products

  • u-boot 20
  • active_iq_unified_manager 7
  • jdk 5
  • weblogic_server 5
  • oncommand_workflow_automation 5
  • oncommand_insight 4
  • codeready_linux_builder_eus 4
  • libxslt 4

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2019-10400 unknown 4y ago Sandbox bypass vulnerability in Jenkins Script Security Plugin
CVE-2019-10392 unknown 4y ago Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin
CVE-2019-10393 unknown 4y ago Sandbox bypass vulnerability in Script Security Plugin
CVE-2019-16147 unknown 4y ago Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via a Journal Article Title
CVE-2019-15630 unknown 4y ago Mule modules contain Directory Traversal
CVE-2019-10391 unknown 4y ago Jenkins IBM AppScan Plugin showed plain text password in job configuration form fields
CVE-2019-10390 unknown 4y ago Jenkins Splunk Plugin Sandbox Bypass
CVE-2019-15563 unknown 4y ago OHDSI WebAPI vulnerable to SQL Injection
CVE-2019-14433 unknown 4y ago An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external excepti…
CVE-2019-10388 unknown 4y ago Relution Enterprise Appstore Publisher Jenkins Plugin contains Cross-Site Request Forgery
CVE-2019-10380 unknown 4y ago Jenkins Simple Travis Pipeline Runner Plugin script sandbox bypass vulnerability
CVE-2019-10378 unknown 4y ago Jenkins TestLink Plugin stores credentials in plain text
CVE-2019-10385 unknown 4y ago Jenkins eggplant-plugin Plugin stores credentials in plain text
CVE-2019-10373 unknown 4y ago Jenkins Build Pipeline Plugin vulnerable to Cross-site Scripting
CVE-2019-10379 unknown 4y ago Jenkins Google Cloud Messaging Notification Plugin stores credentials in plain text
CVE-2019-10382 unknown 4y ago Jenkins VMware Lab Manager Slaves Plugin vulnerable to Improper Certificate Validation
CVE-2019-10386 unknown 4y ago Cross-site request forgery vulnerability in Jenkins XL TestView Plugin
CVE-2019-10389 unknown 4y ago Missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin
CVE-2019-10387 unknown 4y ago Missing permission check in Jenkins XL TestView Plugin
CVE-2019-10371 unknown 4y ago Jenkins Gitlab Authentication Plugin vulnerable to Session Fixation
CVE-2019-10375 unknown 4y ago Arbitrary file read vulnerability in Jenkins File System SCM Plugin
CVE-2019-10368 unknown 4y ago Jenkins JClouds Plugin cross-site request forgery vulnerability
CVE-2019-10372 unknown 4y ago Jenkins Gitlab Authentication Plugin Open Redirect vulnerability
CVE-2019-10377 unknown 4y ago Missing permission check in Jenkins Avatar Plugin
CVE-2019-10369 unknown 4y ago Jenkins JClouds Plugin missing permission check
CVE-2019-10374 unknown 4y ago Jenkins PegDown Formatter Plugin has Cross-site Scripting vulnerability
CVE-2019-10376 unknown 4y ago Jenkins Wall Display Plugin Cross-site Scripting vulnerability
CVE-2019-10370 unknown 4y ago Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin
CVE-2019-10381 unknown 4y ago Jenkins Codefresh Integration Plugin Improper Certificate Validation vulnerability
CVE-2019-10367 unknown 4y ago Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin
CVE-2019-10366 unknown 4y ago Skytap Cloud CI Plugin stored credentials in plain text
CVE-2019-10362 unknown 4y ago Improper Encoding or Escaping of Output in Jenkins Configuration as Code Plugin
CVE-2019-10361 unknown 4y ago Jenkins Maven Release Plug-in Plugin stored credentials in plain text
CVE-2019-10360 unknown 4y ago Jenkins Maven Release Plugin vulnerable to Cross-site Scripting
CVE-2019-10363 unknown 4y ago Cleartext Transmission of Sensitive Information in Jenkins Configuration as Code Plugin
CVE-2019-10364 unknown 4y ago Jenkins Amazon EC2 Plugin leaked beginning of private key in system log
CVE-2019-10365 unknown 4y ago Jenkins Google Kubernetes Engine Plugin vulnerable to Exposure of Resource to Wrong Sphere
CVE-2019-10357 unknown 4y ago Missing Authorization in Jenkins Pipeline: Shared Groovy Libraries Plugin
CVE-2019-10358 unknown 4y ago Maven Integration Plugin did not mask sensitive values in module build logs
CVE-2019-10344 unknown 4y ago Missing Authorization in Jenkins Configuration as Code Plugin
CVE-2019-10355 unknown 4y ago Incorrect Privilege Assignment in Jenkins Script Security Plugin
CVE-2019-10343 unknown 4y ago Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin
CVE-2019-10359 unknown 4y ago Jenkins Maven Release Plugin contains Cross-Site Request Forgery vulnerability
CVE-2019-10356 unknown 4y ago Return of Pointer Value Outside of Expected Rang in Jenkins Script Security Plugin
CVE-2019-10345 unknown 4y ago Plaintext Storage of a Password in Jenkins Configuration as Code Plugin
CVE-2019-7614 unknown 4y ago Concurrent Execution using Shared Resource with Improper Synchronization in Elasticsearch
CVE-2019-14271 unknown 4y ago In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the conten…
CVE-2019-0202 unknown 4y ago Exposure of Sensitive Information in Apache Storm Logviewer
CVE-2019-1010241 unknown 4y ago Jenkins Credentials Binding Plugin Stores Passwords in a Recoverable Format
CVE-2019-13509 unknown 4y ago In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a…
CVE-2019-10351 unknown 4y ago Jenkins Caliper CI Plugin stores credentials in plain text
CVE-2019-10342 unknown 4y ago Missing permission check in Jenkins Docker Plugin
CVE-2019-10348 unknown 4y ago Jenkins Gogs Plugin stored credentials in plain text
CVE-2019-10350 unknown 4y ago Jenkins Port Allocator Plugin stores credentials in plain text
CVE-2019-10340 unknown 4y ago Jenkins Docker Plugin contains Cross-Site Request Forgery
CVE-2019-10346 unknown 4y ago Jenkins Embeddable Build Status Plugin contains Cross-site Scripting
CVE-2019-10347 unknown 4y ago Stored credentials unencrypted in Jenkins Mashup Portlets Plugin
CVE-2019-10341 unknown 4y ago Missing permission check in Jenkins Docker Plugin
CVE-2019-10335 unknown 4y ago Jenkins ElectricFlow Plugin is vulnerable to stored cross site scripting vulnerability
CVE-2019-10331 unknown 4y ago Jenkins ElectricFlow Plugin cross-site request forgery vulnerability
CVE-2019-10333 unknown 4y ago Jenkins ElectricFlow Plugin Missing permission checks
CVE-2019-10337 unknown 4y ago Improper Restriction of XML External Entity Reference Jenkins Token Macro Plugin
CVE-2019-10339 unknown 4y ago Jenkins JX Resources Plugin missing permission check
CVE-2019-10336 unknown 4y ago Jenkins ElectricFlow Plugin is vulnerable to reflected cross site scripting vulnerability
CVE-2019-10334 unknown 4y ago Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation
CVE-2019-10332 unknown 4y ago Jenkins ElectricFlow Plugin missing permission check
CVE-2019-10338 unknown 4y ago Jenkins JX Resources Plugin cross-site request forgery vulnerability
CVE-2019-12728 unknown 4y ago Incorrect Resource Transfer Between Spheres in Grails
CVE-2019-11841 unknown 4y ago A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 488…
CVE-2019-10320 unknown 4y ago Insertion of Sensitive Information into Externally-Accessible File or Directory in Jenkins Credentials Plugin
CVE-2019-0226 unknown 4y ago Apache Karaf vulnerable to relative path traversal
CVE-2019-11819 unknown 4y ago Alkacon OpenCMS CSV Injection via New User module
CVE-2019-10249 unknown 4y ago Potentially compromised builds
CVE-2019-10318 unknown 4y ago Jenkins Azure AD Plugin stored the client secret unencrypted
CVE-2019-10314 unknown 4y ago Jenkins Koji Plugin globally and unconditionally disables SSL/TLS certificate validation
CVE-2019-10315 unknown 4y ago Jenkins GitHub Authentication Plugin Cross-Site Request Forgery vulnerability
CVE-2019-10311 unknown 4y ago Jenkins Ansible Tower Plugin missing permission check
CVE-2019-10310 unknown 4y ago Jenkins Ansible Tower Plugin cross-site request forgery vulnerability
CVE-2019-10308 unknown 4y ago Missing permission check in Jenkins Static Analysis Utilities Plugin
CVE-2019-10313 unknown 4y ago Jenkins Twitter Plugin stores credentials in plain text
CVE-2019-10316 unknown 4y ago Jenkins Aqua MicroScanner Plugin stored credentials in plain text
CVE-2019-10312 unknown 4y ago Missing permission check in Jenkins Ansible Tower Plugin
CVE-2019-10307 unknown 4y ago Jenkins Static Analysis Utilities Plugin is vulnerable to Cross-site request forgery vulnerability
CVE-2019-10309 unknown 4y ago Jenkins Self-Organizing Swarm Plug-in Modules Plugin XXE vulnerability via UDP broadcast response
CVE-2019-10248 unknown 4y ago Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS
CVE-2019-11405 unknown 4y ago OpenAPI Tools OpenAPI Generator uses HTTP in various files
CVE-2019-10306 unknown 4y ago Sandbox bypass in ontrack Jenkins Plugin
CVE-2019-10301 unknown 4y ago Jenkins GitLab Plugin missing permission checks
CVE-2019-10304 unknown 4y ago Jenkins XebiaLabs XL Deploy Plugin vulnerable to Cross-site request forgery (CSRF)
CVE-2019-10303 unknown 4y ago Jenkins Azure PublisherSettings Credentials Plugin stored credentials in plain text
CVE-2019-10302 unknown 4y ago Jenkins jira-ext Plugin stores credentials unencrypted
CVE-2019-10300 unknown 4y ago Jenkins GitLab Plugin Cross-Site Request Forgery vulnerability
CVE-2019-10305 unknown 4y ago Missing permission check in Jenkins XebiaLabs XL Deploy Plugin
CVE-2019-5312 unknown 4y ago XML External Entity Reference in weixin-java-tools
CVE-2019-7722 unknown 4y ago Improper Restriction of XML External Entity Reference in PMD
CVE-2019-1003010 unknown 4y ago Cross-Site Request Forgery in Jenkins Git Plugin
CVE-2019-1003018 unknown 4y ago GitHub Authentication Plugin showed plain text client secret in configuration form
CVE-2019-1003015 unknown 4y ago XXE vulnerability in Jenkins Job Import Plugin
CVE-2019-1003007 unknown 4y ago Sandbox Bypass via CSRF in Jenkins Warnings Plugin
CVE-2019-1003008 unknown 4y ago Jenkins Warnings Next Generation Plugin cross-site request forgery vulnerability