VIR Vulnerability Intelligence Relay

CVEs from 2019

3,216 normalized CVEs published or assigned in this year.

Total
3,216
critical
critical 204
high
high 479
medium
medium 471
low
low 94
% Critical
6.3%
% with KEV
3.7%
% with exploit
7.8%

Top vendors

Top products

  • u-boot 20
  • active_iq_unified_manager 7
  • jdk 5
  • weblogic_server 5
  • oncommand_workflow_automation 5
  • oncommand_insight 4
  • codeready_linux_builder_eus 4
  • libxslt 4

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2019-12400 unknown 7y ago Improper input validation in Apache Santuario XML Security for Java
CVE-2019-15477 unknown 7y ago Cross-site Scripting in Jooby
CVE-2019-15488 unknown 7y ago Cross-site Scripting in Ignite Realtime Openfire
CVE-2019-12397 unknown 7y ago Cross-site scripting in Apache Ranger
CVE-2019-10099 unknown 7y ago Sensitive data written to disk unencrypted in Spark
CVE-2019-10088 unknown 7y ago Allocation of Resources Without Limits or Throttling in Apache Tika
CVE-2019-10093 unknown 7y ago Allocation of Resources Without Limits or Throttling in Apache Tika
CVE-2019-10094 unknown 7y ago Allocation of Resources Without Limits or Throttling in Apache Tika
CVE-2019-10184 unknown 7y ago Undertow Missing Authorization when requesting a protected directory without trailing slash
CVE-2019-14439 unknown 7y ago Deserialization of untrusted data in FasterXML jackson-databind
CVE-2019-14379 unknown 7y ago Deserialization of untrusted data in FasterXML jackson-databind
CVE-2019-10173 unknown 7y ago Deserialization of Untrusted Data and Code Injection in xstream
CVE-2019-0228 unknown 7y ago Vulnerability that affects org.apache.pdfbox:pdfbox
CVE-2019-9827 unknown 7y ago Server-Side Request Forgery in Hawt Hawtio
CVE-2019-9843 unknown 7y ago Improper Restriction of XML External Entity Reference in DiffPlug Spotless
CVE-2019-3875 unknown 7y ago Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak
CVE-2019-11272 unknown 7y ago Insufficiently Protected Credentials and Improper Authentication in Spring Security
CVE-2019-10072 unknown 7y ago Improper Locking in Apache Tomcat
CVE-2019-5442 unknown 7y ago XML Entity Expansion in Pippo
CVE-2019-3888 unknown 7y ago Credential exposure through log files in Undertow
CVE-2019-12741 unknown 7y ago Cross-site Scripting in HAPI FHIR
CVE-2019-10078 unknown 7y ago Cross-site Scriptin in JSPWiki
CVE-2019-10077 unknown 7y ago Cross-site Scripting in JSPWiki
CVE-2019-10076 unknown 7y ago Cross-Site Scripting in JSPWiki
CVE-2019-3802 unknown 7y ago Improper Neutralization of Wildcards or Matching Symbols
CVE-2019-0201 unknown 7y ago Access control bypass in Apache ZooKeeper
CVE-2019-0188 unknown 7y ago XML External Entity injection in Apache Camel
CVE-2019-3797 unknown 7y ago Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA
CVE-2019-11808 unknown 7y ago Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Ratpack
CVE-2019-0213 unknown 7y ago Cross-site scripting in Apache Archiva
CVE-2019-0214 unknown 7y ago Improper Input Validation in Apache Archiva
CVE-2019-0194 unknown 7y ago Path Traversal in Apache Camel
CVE-2019-3868 unknown 7y ago Exposure of Sensitive Information to an Unauthorized Actor in Keycloak
CVE-2019-15542 unknown 7y ago An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization.
CVE-2019-10246 unknown 7y ago Information Exposure vulnerability in Eclipse Jetty
CVE-2019-10247 unknown 7y ago Installation information leak in Eclipse Jetty
CVE-2019-10241 unknown 7y ago Cross-site Scripting in Eclipse Jetty
CVE-2019-5427 unknown 7y ago Billion laughs attack in c3p0
CVE-2019-11404 unknown 7y ago Missing Encryption of Sensitive Data in arrow-kt Arrow
CVE-2019-10686 unknown 7y ago Server-Side Request Forgery (SSRF) in com.ctrip.framework.apollo:apollo
CVE-2019-3795 unknown 7y ago Spring Security uses insufficiently random values
CVE-2019-10240 unknown 7y ago Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit
CVE-2019-0225 unknown 7y ago Improper Limitation of a Pathname ('Path Traversal') in org.apache.jspwiki:jspwiki-war
CVE-2019-1010260 unknown 7y ago High severity vulnerability that affects com.github.shyiko.ktlint:ktlint-core
CVE-2019-0212 unknown 7y ago Improper Authorization in org.apache.hbase:hbase
CVE-2019-0224 unknown 7y ago Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main
CVE-2019-0222 unknown 7y ago Improper Control of Generation of Code ('Code Injection') in org.apache.activemq:activemq-client
CVE-2019-10648 unknown 7y ago Improper Input Validation in net.sf.robocode:robocode.host allows for external service interaction
CVE-2019-0191 unknown 7y ago Moderate severity vulnerability that affects org.apache.karaf:apache-karaf and org.apache.karaf:karaf
CVE-2019-0192 unknown 7y ago Critical severity vulnerability that affects org.apache.solr:solr-core
CVE-2019-9658 unknown 7y ago Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle
CVE-2019-0200 unknown 7y ago Improper Input Validation in Apache Qpid Broker-J
CVE-2019-0187 unknown 7y ago Unauthenticated Remote Code Execution in Apache JMeter
CVE-2019-9212 unknown 7y ago Incomplete List of Disallowed Inputs in SOFA-Hessian
CVE-2019-9142 unknown 7y ago Moderate severity vulnerability that affects org.b3log:symphony
CVE-2019-3774 unknown 7y ago Low severity vulnerability that affects org.springframework.batch:spring-batch-core
CVE-2019-3773 unknown 7y ago Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml
CVE-2019-3772 unknown 7y ago Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml