CVEs from 2019
Total
3,202
critical
critical 204
high
high 479
medium
medium 471
low
low 94
% Critical
6.4%
% with KEV
3.7%
% with exploit
7.9%
Top products
- u-boot 20
- active_iq_unified_manager 7
- jdk 5
- weblogic_server 5
- oncommand_workflow_automation 5
- oncommand_insight 4
- codeready_linux_builder_eus 4
- libxslt 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-10306 | unknown | — | — | 4y ago | Sandbox bypass in ontrack Jenkins Plugin | |||
| CVE-2019-10305 | unknown | — | — | 4y ago | Missing permission check in Jenkins XebiaLabs XL Deploy Plugin | |||
| CVE-2019-10304 | unknown | — | — | 4y ago | Jenkins XebiaLabs XL Deploy Plugin vulnerable to Cross-site request forgery (CSRF) | |||
| CVE-2019-10303 | unknown | — | — | 4y ago | Jenkins Azure PublisherSettings Credentials Plugin stored credentials in plain text | |||
| CVE-2019-10300 | unknown | — | — | 4y ago | Jenkins GitLab Plugin Cross-Site Request Forgery vulnerability | |||
| CVE-2019-10302 | unknown | — | — | 4y ago | Jenkins jira-ext Plugin stores credentials unencrypted | |||
| CVE-2019-10301 | unknown | — | — | 4y ago | Jenkins GitLab Plugin missing permission checks | |||
| CVE-2019-5312 | unknown | — | — | 4y ago | XML External Entity Reference in weixin-java-tools | |||
| CVE-2019-7722 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in PMD | |||
| CVE-2019-1003010 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Git Plugin | |||
| CVE-2019-1003007 | unknown | — | — | 4y ago | Sandbox Bypass via CSRF in Jenkins Warnings Plugin | |||
| CVE-2019-1003014 | unknown | — | — | 4y ago | Jenkins Config File Provider Plugin XSS vulnerability | |||
| CVE-2019-1003012 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Blue Ocean Plugin | |||
| CVE-2019-1003008 | unknown | — | — | 4y ago | Jenkins Warnings Next Generation Plugin cross-site request forgery vulnerability | |||
| CVE-2019-1003015 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Job Import Plugin | |||
| CVE-2019-1003018 | unknown | — | — | 4y ago | GitHub Authentication Plugin showed plain text client secret in configuration form | |||
| CVE-2019-1003013 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Blue Ocean Plugin | |||
| CVE-2019-1003009 | unknown | — | — | 4y ago | Jenkins Active Directory Plugin Improper certificate validation with StartTLS | |||
| CVE-2019-1003020 | unknown | — | — | 4y ago | Jenkins Kanboard Plugin vulnerable to Server-side request forgery (SSRF) | |||
| CVE-2019-1003016 | unknown | — | — | 4y ago | Jenkins Job Import Plugin vulnerable to exposure of sensitive information | |||
| CVE-2019-1003027 | unknown | — | — | 4y ago | SSRF vulnerability due to missing permission check in Jenkins OctopusDeploy Plugin | |||
| CVE-2019-1003022 | unknown | — | — | 4y ago | Jenkins Monitoring Plugin vulnerable to Denial of service vulnerability | |||
| CVE-2019-1003019 | unknown | — | — | 4y ago | GitHub Authentication Plugin session fixation vulnerability | |||
| CVE-2019-1003026 | unknown | — | — | 4y ago | Jenkins Mattermost Notification Plugin vulnerable to SSRF | |||
| CVE-2019-1003021 | unknown | — | — | 4y ago | Jenkins OpenId Connect Authentication Plugin showed plain text client secret in configuration form | |||
| CVE-2019-1003023 | unknown | — | — | 4y ago | XSS vulnerability in Jenkins Warnings Next Generation Plugin | |||
| CVE-2019-1003017 | unknown | — | — | 4y ago | Jenkins Job Import Plugin CSRF vulnerability | |||
| CVE-2019-10292 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Nomad Plugin allow SSRF | |||
| CVE-2019-10289 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Netsparker Enterprise Scan Plugin | |||
| CVE-2019-1003028 | unknown | — | — | 4y ago | SSRF vulnerability due to missing permission check in Jenkins JMS Messaging Plugin | |||
| CVE-2019-10278 | unknown | — | — | 4y ago | CSRF vulnerability in jenkins-reviewbot Plugin | |||
| CVE-2019-1003058 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins FTP publisher Plugin | |||
| CVE-2019-1003044 | unknown | — | — | 4y ago | Jenkins Slack Notification Plugin CSRF vulnerability and missing permission checks | |||
| CVE-2019-1003076 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Audit to Database Plugin | |||
| CVE-2019-1003042 | unknown | — | — | 4y ago | Jenkins Lockable Resources Plugin XSS vulnerability | |||
| CVE-2019-1003078 | unknown | — | — | 4y ago | Jenkins VMware Lab Manager Slaves Plugin vulnerable CSRF vulnerability | |||
| CVE-2019-1003080 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins OpenShift Deployer Plugin | |||
| CVE-2019-1003046 | unknown | — | — | 4y ago | Jenkins Fortify on Demand Uploader Plugin CSRF vulnerability | |||
| CVE-2019-1003082 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Gearman Plugin | |||
| CVE-2019-1003084 | unknown | — | — | 4y ago | CSRF vulnerability in Zephyr Enterprise Test Management Plugin | |||
| CVE-2019-1003086 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins sinatra-chef-builder Plugin | |||
| CVE-2019-1003098 | unknown | — | — | 4y ago | Jenkins OpenID Plugin CSRF vulnerability | |||
| CVE-2019-1003092 | unknown | — | — | 4y ago | Cross-site request forgery vulnerability in Jenkins Nomad Plugin | |||
| CVE-2019-1003091 | unknown | — | — | 4y ago | Missing permission check in Jenkins SOASTA CloudTest Plugin | |||
| CVE-2019-1003093 | unknown | — | — | 4y ago | Jenkins Nomad Plugin missing permission check | |||
| CVE-2019-1003087 | unknown | — | — | 4y ago | Missing permission check in Jenkins sinatra-chef-builder Plugin | |||
| CVE-2019-1003085 | unknown | — | — | 4y ago | Jenkins Zephyr Enterprise Test Management Plugin missing permission check | |||
| CVE-2019-1003097 | unknown | — | — | 4y ago | Jenkins Crowd Integration Plugin stores credentials in plain text | |||
| CVE-2019-1003083 | unknown | — | — | 4y ago | Missing permission check in Jenkins Gearman Plugin | |||
| CVE-2019-1003081 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins OpenShift Deployer Plugin | |||
| CVE-2019-1003079 | unknown | — | — | 4y ago | Missing permission check in Jenkins VMware Lab Manager Slaves Plugin | |||
| CVE-2019-1003099 | unknown | — | — | 4y ago | Jenkins openid Plugin missing permission check | |||
| CVE-2019-1003096 | unknown | — | — | 4y ago | Jenkins TestFairy Plugin stores credentials in plain text | |||
| CVE-2019-6986 | unknown | — | — | 4y ago | Command Injection in VIVO Vitro | |||
| CVE-2019-11065 | unknown | — | — | 4y ago | Insecure transport protocol in Gradle | |||
| CVE-2019-1003052 | unknown | — | — | 4y ago | Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials in plain text | |||
| CVE-2019-1003051 | unknown | — | — | 4y ago | Jenkins IRC Plugin stores credentials in plain text | |||
| CVE-2019-1003053 | unknown | — | — | 4y ago | Jenkins HockeyApp Plugin stores credentials in plain text | |||
| CVE-2019-1003057 | unknown | — | — | 4y ago | Jenkins Bitbucket Approve Plugin stores credentials in plain text | |||
| CVE-2019-1003059 | unknown | — | — | 4y ago | Missing permission check in Jenkins FTP publisher Plugin | |||
| CVE-2019-1003056 | unknown | — | — | 4y ago | Jenkins WebSphere Deployer Plugin stores credentials in plain text | |||
| CVE-2019-1003060 | unknown | — | — | 4y ago | Jenkins OWASP ZAP Plugin stores unencrypted credentials | |||
| CVE-2019-1003064 | unknown | — | — | 4y ago | Jenkins aws-device-farm Plugin stores credentials in plain text | |||
| CVE-2019-1003070 | unknown | — | — | 4y ago | Jenkins veracode-scanner Plugin stores credentials in plain text | |||
| CVE-2019-1003067 | unknown | — | — | 4y ago | Jenkins Trac Publisher Plugin stores credentials in plain text | |||
| CVE-2019-1003054 | unknown | — | — | 4y ago | Jenkins Jira Issue Updater Plugin stores credentials in plain text | |||
| CVE-2019-1003061 | unknown | — | — | 4y ago | Jenkins CloudFormation Plugin stores credentials in plain text | |||
| CVE-2019-1003068 | unknown | — | — | 4y ago | Jenkins VMware vRealize Automation Plugin Missing Encryption of Sensitive Data | |||
| CVE-2019-1003069 | unknown | — | — | 4y ago | Jenkins Aqua Security Scanner Plugin stores credentials in plain text | |||
| CVE-2019-1003063 | unknown | — | — | 4y ago | Jenkins Amazon SNS Build Notifier Plugin stores credentials in plain text | |||
| CVE-2019-1003055 | unknown | — | — | 4y ago | Jenkins FTP publisher Plugin stores credentials in plain text | |||
| CVE-2019-1003062 | unknown | — | — | 4y ago | Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials in plain text | |||
| CVE-2019-1003066 | unknown | — | — | 4y ago | Jenkins Bugzilla Plugin stores credentials in plain text | |||
| CVE-2019-1003065 | unknown | — | — | 4y ago | Jenkins CloudShare Docker-Machine Plugin stores credentials in plain text | |||
| CVE-2019-1003088 | unknown | — | — | 4y ago | Jenkins Fabric-beta-publisher Plugin stores credentials in plain text | |||
| CVE-2019-1003071 | unknown | — | — | 4y ago | Jenkins Octopus Deploy Plugin stores credentials in plain text | |||
| CVE-2019-1003094 | unknown | — | — | 4y ago | Jenkins Open STF Plugin stores credentials in plain text | |||
| CVE-2019-1003095 | unknown | — | — | 4y ago | Jenkins Perfecto Mobile Plugin stores credentials in plain text | |||
| CVE-2019-1003072 | unknown | — | — | 4y ago | Jenkins wildFly Deployer Plugin stores credentials in plain text | |||
| CVE-2019-1003074 | unknown | — | — | 4y ago | Jenkins hyper.sh Commons Plugin stores credentials in plain text | |||
| CVE-2019-1003075 | unknown | — | — | 4y ago | Jenkins Audit to Database Plugin stores credentials in plain text | |||
| CVE-2019-1003089 | unknown | — | — | 4y ago | Jenkins Upload to pgyer Plugin stores credentials in plain text | |||
| CVE-2019-1003077 | unknown | — | — | 4y ago | Missing permission check in Jenkins Audit to Database Plugin | |||
| CVE-2019-1003073 | unknown | — | — | 4y ago | Jenkins VS Team Services Continuous Deployment Plugin stores credentials in plain text | |||
| CVE-2019-1003025 | unknown | — | — | 4y ago | Jenkins Cloud Foundry Plugin vulnerable to exposure of sensitive information | |||
| CVE-2019-1003006 | unknown | — | — | 4y ago | Jenkins Groovy Plugin sandbox bypass vulnerability | |||
| CVE-2019-1003024 | unknown | — | — | 4y ago | Jenkins Script Security Plugin sandbox bypass vulnerability | |||
| CVE-2019-1003048 | unknown | — | — | 4y ago | Jenkins PRQA Plugin stored password in plain text | |||
| CVE-2019-1003039 | unknown | — | — | 4y ago | Jenkins AppDynamics Dashboard Plugin has insufficiently protected credentials | |||
| CVE-2019-1003040 | unknown | — | — | 4y ago | Sandbox bypass vulnerability in Jenkins Script Security Plugin | |||
| CVE-2019-1003041 | unknown | — | — | 4y ago | Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin | |||
| CVE-2019-1003047 | unknown | — | — | 4y ago | SSRF vulnerability due to missing permission check in Fortify on Demand Uploader Plugin | |||
| CVE-2019-1003045 | unknown | — | — | 4y ago | ECS Publisher Plugin stored and displayed API token in plain text | |||
| CVE-2019-1003036 | unknown | — | — | 4y ago | Missing permission check in Azure VM Agents Plugin allowed modifying VM configuration | |||
| CVE-2019-1003038 | unknown | — | — | 4y ago | Jenkins Repository Connector Plugin has insufficiently protected credentials | |||
| CVE-2019-1003035 | unknown | — | — | 4y ago | Information disclosure in Azure VM Agents Plugin | |||
| CVE-2019-1003037 | unknown | — | — | 4y ago | Unprivileged users with Overall/Read access are able to enumerate credential IDs in Azure VM Agents Plugin | |||
| CVE-2019-1003034 | unknown | — | — | 4y ago | Script security sandbox bypass in Jenkins Job DSL Plugin | |||
| CVE-2019-1003031 | unknown | — | — | 4y ago | Script security sandbox bypass in Matrix Project Plugin | |||
| CVE-2019-10288 | unknown | — | — | 4y ago | Jenkins Jabber Server Plugin stores credentials in plain text |