CVEs from 2019
Total
4,015
critical
critical 232
high
high 332
medium
medium 301
low
low 72
% Critical
5.8%
% with KEV
2.9%
% with exploit
3.0%
Top products
- u-boot 20
- nsauditor 1
- crypto 1
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2019-8687 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-12155 | low | — | 2.5 | 7y ago | Low: virt:rhel security, bug fix, and enhancement update | |
| CVE-2019-9824 | low | — | 2.5 | 7y ago | Low: virt:rhel security, bug fix, and enhancement update | |
| CVE-2019-9755 | low | — | 2.5 | 7y ago | Low: virt:rhel security, bug fix, and enhancement update | |
| CVE-2019-0193 | unknown | — | 1.5 | 7y ago | XML External Entity (XXE) Injection in Apache Solr | |
| CVE-2019-19791 | unknown | — | — | — | In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints (when some LemonLDAP::NG setup options are used… | |
| CVE-2019-18346 | unknown | — | — | — | A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the applicati… | |
| CVE-2019-10740 | unknown | — | — | — | In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidde… | |
| CVE-2019-15237 | unknown | — | — | — | Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks. | |
| CVE-2019-18900 | unknown | — | — | — | : Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store use… | |
| CVE-2019-1010043 | unknown | — | — | — | Quake3e < 5ed740d is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Argument string creation. | |
| CVE-2019-1010006 | unknown | — | — | — | Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. … | |
| CVE-2019-3467 | unknown | — | — | — | Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed p… | |
| CVE-2019-18347 | unknown | — | — | — | A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in… | |
| CVE-2019-18345 | unknown | — | — | — | A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked… | |
| CVE-2019-12046 | unknown | — | — | — | LemonLDAP::NG -2.0.3 has Incorrect Access Control. | |
| CVE-2019-13031 | unknown | — | — | — | LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" r… | |
| CVE-2019-15941 | unknown | — | — | — | OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an… | |
| CVE-2019-17352 | unknown | — | — | 4y ago | JFinal file validation vulnerability | |
| CVE-2019-17560 | unknown | — | — | 4y ago | Improper Certificate Validation in Apache Netbeans | |
| CVE-2019-19899 | unknown | — | — | 4y ago | Pebble Templates Improper Input Validation vulnerability | |
| CVE-2019-17598 | unknown | — | — | 4y ago | Play Framework Inadequate Encryption Strength vulnerability | |
| CVE-2019-10430 | unknown | — | — | 4y ago | Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text | |
| CVE-2019-10426 | unknown | — | — | 4y ago | Jenkins Gem Publisher Plugin stores credentials as plaintext | |
| CVE-2019-10403 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |
| CVE-2019-10405 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |
| CVE-2019-0195 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Apache Tapestry | |
| CVE-2019-1010206 | unknown | — | — | 4y ago | kevinsawicki/http-request Missing certificate validation | |
| CVE-2019-10327 | unknown | — | — | 4y ago | XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin | |
| CVE-2019-10323 | unknown | — | — | 4y ago | Jenkins Artifactory Plugin missing permission check | |
| CVE-2019-10321 | unknown | — | — | 4y ago | Jenkins Artifactory Plugin cross-site request forgery vulnerability | |
| CVE-2019-17564 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Apache Dubbo | |
| CVE-2019-20526 | unknown | — | — | 4y ago | Ignite Realtime Openfire allows Cross-site Scripting | |
| CVE-2019-16576 | unknown | — | — | 4y ago | Improper Authorization in Jenkins Alauda Kubernetes Suport Plugin | |
| CVE-2019-16572 | unknown | — | — | 4y ago | Jenkins Weibo Plugin stores credentials unencrypted in its global configuration file | |
| CVE-2019-16574 | unknown | — | — | 4y ago | Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to capture credentials stored in Jenkins | |
| CVE-2019-16575 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Alauda Kubernetes Suport Plugin | |
| CVE-2019-16555 | unknown | — | — | 4y ago | Inefficient Regular Expression Complexity in Jenkins Build Failure Analyzer Plugin | |
| CVE-2019-16562 | unknown | — | — | 4y ago | Jenkins buildgraph-view Plugin vulnerable to stored Cross-site Scripting | |
| CVE-2019-16561 | unknown | — | — | 4y ago | SSL/TLS certificate validation globally and unconditionally disabled by Jenkins WebSphere Deployer Plugin | |
| CVE-2019-16558 | unknown | — | — | 4y ago | Improper Certificate Validation in Jenkins Spira Importer Plugin | |
| CVE-2019-16552 | unknown | — | — | 4y ago | Missing permission check in Jenkins Gerrit Trigger Plugin | |
| CVE-2019-16553 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Build Failure Analyzer Plugin | |
| CVE-2019-16549 | unknown | — | — | 4y ago | Jenkins Maven Release Plug-in Plugin XXE vulnerability | |
| CVE-2019-16540 | unknown | — | — | 4y ago | Jenkins Support Core Plugin allowed users with Overall/Read permission to delete arbitrary files | |
| CVE-2019-16545 | unknown | — | — | 4y ago | Jenkins QMetry for JIRA Plugin shows plain text password in configuration form | |
| CVE-2019-16544 | unknown | — | — | 4y ago | Jenkins QMetry for JIRA Plugin stored credentials in plain text | |
| CVE-2019-16546 | unknown | — | — | 4y ago | Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin | |
| CVE-2019-16538 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Script Security Plugin | |
| CVE-2019-18393 | unknown | — | — | 4y ago | Ignite Realtime Openfire directory traversal vulnerability | |
| CVE-2019-10461 | unknown | — | — | 4y ago | Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials | |
| CVE-2019-10470 | unknown | — | — | 4y ago | Jenkins Kubernetes CI/CD Plugin vulnerable to Credential Enumeration | |
| CVE-2019-10465 | unknown | — | — | 4y ago | Jenkins Deploy WebLogic Plugin missing permission check | |
| CVE-2019-10467 | unknown | — | — | 4y ago | Jenkins Sonar Gerrit Plugin stores credentials unencrypted | |
| CVE-2019-10473 | unknown | — | — | 4y ago | Jenkins Libvirt Slaves Plugin vlnerable to Credential Enumeration | |
| CVE-2019-10464 | unknown | — | — | 4y ago | Jenkins Deploy WebLogic Plugin cross-site request forgery vulnerability | |
| CVE-2019-10460 | unknown | — | — | 4y ago | Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials | |
| CVE-2019-10466 | unknown | — | — | 4y ago | Jenkins 360 FireLine Plugin vulnerable to XML External Entity Reference | |
| CVE-2019-10451 | unknown | — | — | 4y ago | Jenkins SOASTA CloudTest Plugin stores API token in plain text | |
| CVE-2019-10454 | unknown | — | — | 4y ago | Jenkins Rundeck Plugin CSRF vulnerability | |
| CVE-2019-10453 | unknown | — | — | 4y ago | Jenkins Delphix Plugin vulnerable to Cleartext credential storage | |
| CVE-2019-10452 | unknown | — | — | 4y ago | Jenkins View26 Test-Reporting Plugin stores access token in plain text | |
| CVE-2019-10457 | unknown | — | — | 4y ago | Missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin | |
| CVE-2019-10436 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins Google OAuth Credentials Plugin | |
| CVE-2019-10443 | unknown | — | — | 4y ago | Jenkins iceScrum Plugin stores credentials in Cleartext | |
| CVE-2019-10447 | unknown | — | — | 4y ago | Jenkins Sofy.AI Plugin stores API token in plain text | |
| CVE-2019-10446 | unknown | — | — | 4y ago | Jenkins Cadence vManager Plugin disables SSL/TLS and hostname verification | |
| CVE-2019-10439 | unknown | — | — | 4y ago | Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization | |
| CVE-2019-10437 | unknown | — | — | 4y ago | Jenkins CRX Content Package Deployer Plugin subject to Cross-Site Request Forgery | |
| CVE-2019-14832 | unknown | — | — | 4y ago | Keycloak Unauthenticated Access | |
| CVE-2019-14838 | unknown | — | — | 4y ago | Wildfly Authorization Misconfiguration | |
| CVE-2019-16891 | unknown | — | — | 4y ago | Liferay Portal Allows RCE via Deserialization of a JSON Payload | |
| CVE-2019-10434 | unknown | — | — | 4y ago | Jenkins LDAP Email Plugin shows plain text password in configuration form | |
| CVE-2019-10431 | unknown | — | — | 4y ago | Improper Control of Generation of Code in Jenkins Script Security Plugin | |
| CVE-2019-0231 | unknown | — | — | 4y ago | Cleartext Transmission of Sensitive Information in Apache MINA | |
| CVE-2019-10425 | unknown | — | — | 4y ago | Jenkins Google Calendar Plugin has Insufficiently Protected Credentials | |
| CVE-2019-10416 | unknown | — | — | 4y ago | Violation Comments to GitLab Plugin has Insufficiently Protected Credentials | |
| CVE-2019-10421 | unknown | — | — | 4y ago | Jenkins Azure Event Grid Build Notifier Plugin has Insufficiently Protected Credentials | |
| CVE-2019-10415 | unknown | — | — | 4y ago | Jenkins Violation Comments to GitLab Plugin has Insufficiently Protected Credentials | |
| CVE-2019-10400 | unknown | — | — | 4y ago | Sandbox bypass vulnerability in Jenkins Script Security Plugin | |
| CVE-2019-10397 | unknown | — | — | 4y ago | Jenkins Aqua Security Serverless Scanner Plugin showed plain text password in job configuration form fields | |
| CVE-2019-10395 | unknown | — | — | 4y ago | Jenkins Build Environment Plugin vulnerable to Cross-site Scripting | |
| CVE-2019-10391 | unknown | — | — | 4y ago | Jenkins IBM AppScan Plugin showed plain text password in job configuration form fields | |
| CVE-2019-15563 | unknown | — | — | 4y ago | OHDSI WebAPI vulnerable to SQL Injection | |
| CVE-2019-10386 | unknown | — | — | 4y ago | Cross-site request forgery vulnerability in Jenkins XL TestView Plugin | |
| CVE-2019-10371 | unknown | — | — | 4y ago | Jenkins Gitlab Authentication Plugin vulnerable to Session Fixation | |
| CVE-2019-10381 | unknown | — | — | 4y ago | Jenkins Codefresh Integration Plugin Improper Certificate Validation vulnerability | |
| CVE-2019-10369 | unknown | — | — | 4y ago | Jenkins JClouds Plugin missing permission check | |
| CVE-2019-10375 | unknown | — | — | 4y ago | Arbitrary file read vulnerability in Jenkins File System SCM Plugin | |
| CVE-2019-10368 | unknown | — | — | 4y ago | Jenkins JClouds Plugin cross-site request forgery vulnerability | |
| CVE-2019-10367 | unknown | — | — | 4y ago | Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin | |
| CVE-2019-10362 | unknown | — | — | 4y ago | Improper Encoding or Escaping of Output in Jenkins Configuration as Code Plugin | |
| CVE-2019-10360 | unknown | — | — | 4y ago | Jenkins Maven Release Plugin vulnerable to Cross-site Scripting | |
| CVE-2019-10351 | unknown | — | — | 4y ago | Jenkins Caliper CI Plugin stores credentials in plain text | |
| CVE-2019-10349 | unknown | — | — | 4y ago | Jenkins Dependency Graph Viewer Plugin contains Cross-site Scripting | |
| CVE-2019-10350 | unknown | — | — | 4y ago | Jenkins Port Allocator Plugin stores credentials in plain text | |
| CVE-2019-10342 | unknown | — | — | 4y ago | Missing permission check in Jenkins Docker Plugin | |
| CVE-2019-10341 | unknown | — | — | 4y ago | Missing permission check in Jenkins Docker Plugin | |
| CVE-2019-10332 | unknown | — | — | 4y ago | Jenkins ElectricFlow Plugin missing permission check | |
| CVE-2019-10331 | unknown | — | — | 4y ago | Jenkins ElectricFlow Plugin cross-site request forgery vulnerability |