VIR Vulnerability Intelligence Relay

CVEs from 2019

3,193 normalized CVEs published or assigned in this year.

Total
3,193
critical
critical 204
high
high 479
medium
medium 471
low
low 94
% Critical
6.4%
% with KEV
3.7%
% with exploit
7.9%

Top vendors

Top products

  • u-boot 20
  • active_iq_unified_manager 7
  • jdk 5
  • weblogic_server 5
  • oncommand_workflow_automation 5
  • oncommand_insight 4
  • codeready_linux_builder_eus 4
  • libxslt 4

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2019-10909 unknown 7y ago In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. Th…
CVE-2019-12406 unknown 7y ago Potential DOS attack due to unrestricted attachment count in messages
CVE-2019-12419 unknown 7y ago Potential session hijack in Apache CXF
CVE-2019-10755 unknown 7y ago Use of Cryptographically Weak Pseudo-Random Number Generator in org.pac4j:pac4j-saml
CVE-2019-11284 unknown 7y ago Insufficiently Protected Credentials in Pivotal Reactor Netty
CVE-2019-17513 unknown 7y ago io.ratpack:ratpack-core vulnerable to Improper Neutralization of Special Elements in Output ('Injection')
CVE-2019-17359 unknown 7y ago Out-of-Memory Error in Bouncy Castle Crypto
CVE-2019-17195 unknown 7y ago Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT
CVE-2019-17495 unknown 7y ago Cross-site scripting in Swagger-UI
CVE-2019-17545 unknown 7y ago GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
CVE-2019-12404 unknown 7y ago Cross-site scripting in Apache JSPWiki
CVE-2019-10089 unknown 7y ago Cross-site scripting in Apache JSPWiki
CVE-2019-10087 unknown 7y ago Cross-site scripting in Apache JSPWiki
CVE-2019-10090 unknown 7y ago Cross-site scripting in Apache JSPWiki
CVE-2019-16869 unknown 7y ago HTTP Request Smuggling in Netty
CVE-2019-12402 unknown 7y ago Denial of Service in Apache Commons Compress
CVE-2019-10071 unknown 7y ago Timing attack on HMAC signature comparison in Apache Tapestry
CVE-2019-16148 unknown 7y ago Cross-site scripting in Sakai
CVE-2019-10199 unknown 7y ago Improper Input Validation and Cross-Site Request Forgery in Keycloak
CVE-2019-10201 unknown 7y ago Improper Verification of Cryptographic Signature in keycloak
CVE-2019-11777 unknown 7y ago Improper Handling of Exceptional Conditions and Origin Validation Error in Eclipse Paho Java client library
CVE-2019-10753 unknown 7y ago Incorrect Resource Transfer Between Spheres in eclipse-wtp
CVE-2019-5475 unknown 7y ago OS Command Injection in Nexus Yum Repository Plugin
CVE-2019-12400 unknown 7y ago Improper input validation in Apache Santuario XML Security for Java
CVE-2019-15477 unknown 7y ago Cross-site Scripting in Jooby
CVE-2019-15488 unknown 7y ago Cross-site Scripting in Ignite Realtime Openfire
CVE-2019-12397 unknown 7y ago Cross-site scripting in Apache Ranger
CVE-2019-10099 unknown 7y ago Sensitive data written to disk unencrypted in Spark
CVE-2019-10088 unknown 7y ago Allocation of Resources Without Limits or Throttling in Apache Tika
CVE-2019-10093 unknown 7y ago Allocation of Resources Without Limits or Throttling in Apache Tika
CVE-2019-10094 unknown 7y ago Allocation of Resources Without Limits or Throttling in Apache Tika
CVE-2019-10184 unknown 7y ago Undertow Missing Authorization when requesting a protected directory without trailing slash
CVE-2019-14439 unknown 7y ago Deserialization of untrusted data in FasterXML jackson-databind
CVE-2019-14379 unknown 7y ago Deserialization of untrusted data in FasterXML jackson-databind
CVE-2019-10173 unknown 7y ago Deserialization of Untrusted Data and Code Injection in xstream
CVE-2019-0228 unknown 7y ago Vulnerability that affects org.apache.pdfbox:pdfbox
CVE-2019-9827 unknown 7y ago Server-Side Request Forgery in Hawt Hawtio
CVE-2019-9843 unknown 7y ago Improper Restriction of XML External Entity Reference in DiffPlug Spotless
CVE-2019-3875 unknown 7y ago Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak
CVE-2019-11272 unknown 7y ago Insufficiently Protected Credentials and Improper Authentication in Spring Security
CVE-2019-10072 unknown 7y ago Improper Locking in Apache Tomcat
CVE-2019-5442 unknown 7y ago XML Entity Expansion in Pippo
CVE-2019-3888 unknown 7y ago Credential exposure through log files in Undertow
CVE-2019-12741 unknown 7y ago Cross-site Scripting in HAPI FHIR
CVE-2019-10078 unknown 7y ago Cross-site Scriptin in JSPWiki
CVE-2019-10077 unknown 7y ago Cross-site Scripting in JSPWiki
CVE-2019-10076 unknown 7y ago Cross-Site Scripting in JSPWiki
CVE-2019-3802 unknown 7y ago Improper Neutralization of Wildcards or Matching Symbols
CVE-2019-0201 unknown 7y ago Access control bypass in Apache ZooKeeper
CVE-2019-0188 unknown 7y ago XML External Entity injection in Apache Camel
CVE-2019-3797 unknown 7y ago Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA
CVE-2019-11808 unknown 7y ago Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Ratpack
CVE-2019-0213 unknown 7y ago Cross-site scripting in Apache Archiva
CVE-2019-0214 unknown 7y ago Improper Input Validation in Apache Archiva
CVE-2019-0194 unknown 7y ago Path Traversal in Apache Camel
CVE-2019-3868 unknown 7y ago Exposure of Sensitive Information to an Unauthorized Actor in Keycloak
CVE-2019-15542 unknown 7y ago An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization.
CVE-2019-10246 unknown 7y ago Information Exposure vulnerability in Eclipse Jetty
CVE-2019-10247 unknown 7y ago Installation information leak in Eclipse Jetty
CVE-2019-10241 unknown 7y ago Cross-site Scripting in Eclipse Jetty
CVE-2019-5427 unknown 7y ago Billion laughs attack in c3p0
CVE-2019-11404 unknown 7y ago Missing Encryption of Sensitive Data in arrow-kt Arrow
CVE-2019-10686 unknown 7y ago Server-Side Request Forgery (SSRF) in com.ctrip.framework.apollo:apollo
CVE-2019-3795 unknown 7y ago Spring Security uses insufficiently random values
CVE-2019-10240 unknown 7y ago Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit
CVE-2019-0225 unknown 7y ago Improper Limitation of a Pathname ('Path Traversal') in org.apache.jspwiki:jspwiki-war
CVE-2019-1010260 unknown 7y ago High severity vulnerability that affects com.github.shyiko.ktlint:ktlint-core
CVE-2019-0212 unknown 7y ago Improper Authorization in org.apache.hbase:hbase
CVE-2019-0224 unknown 7y ago Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main
CVE-2019-0222 unknown 7y ago Improper Control of Generation of Code ('Code Injection') in org.apache.activemq:activemq-client
CVE-2019-10648 unknown 7y ago Improper Input Validation in net.sf.robocode:robocode.host allows for external service interaction
CVE-2019-0191 unknown 7y ago Moderate severity vulnerability that affects org.apache.karaf:apache-karaf and org.apache.karaf:karaf
CVE-2019-0192 unknown 7y ago Critical severity vulnerability that affects org.apache.solr:solr-core
CVE-2019-9658 unknown 7y ago Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle
CVE-2019-0200 unknown 7y ago Improper Input Validation in Apache Qpid Broker-J
CVE-2019-0187 unknown 7y ago Unauthenticated Remote Code Execution in Apache JMeter
CVE-2019-9212 unknown 7y ago Incomplete List of Disallowed Inputs in SOFA-Hessian
CVE-2019-9142 unknown 7y ago Moderate severity vulnerability that affects org.b3log:symphony
CVE-2019-3774 unknown 7y ago Low severity vulnerability that affects org.springframework.batch:spring-batch-core
CVE-2019-3773 unknown 7y ago Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml
CVE-2019-3772 unknown 7y ago Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml