CVEs from 2019
Total
3,162
critical
critical 238
high
high 485
medium
medium 485
low
low 94
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-19049 | unknown | — | — | — | A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering of_fdt_un… | |||
| CVE-2019-19050 | unknown | — | — | — | A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering cryp… | |||
| CVE-2019-19079 | unknown | — | — | — | A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19. | |||
| CVE-2019-19075 | unknown | — | — | — | A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca821… | |||
| CVE-2019-19076 | unknown | — | — | — | A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consum… | |||
| CVE-2019-19080 | unknown | — | — | — | Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memor… | |||
| CVE-2019-19081 | unknown | — | — | — | A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory … | |||
| CVE-2019-19083 | unknown | — | — | — | Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects … | |||
| CVE-2019-19377 | unknown | — | — | — | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. | |||
| CVE-2019-19814 | unknown | — | — | — | In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but … | |||
| CVE-2019-19815 | unknown | — | — | — | In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fs_recover_fsync_data in fs/f2fs/recovery.c. This is related to F2FS_P_SB in fs/f2fs/f2f… | |||
| CVE-2019-19966 | unknown | — | — | — | In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655. | |||
| CVE-2019-19816 | unknown | — | — | — | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a va… | |||
| CVE-2019-19947 | unknown | — | — | — | In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. | |||
| CVE-2019-19965 | unknown | — | — | — | In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race … | |||
| CVE-2019-20095 | unknown | — | — | — | mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This… | |||
| CVE-2019-20422 | unknown | — | — | — | In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified… | |||
| CVE-2019-20794 | unknown | — | — | — | An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction… | |||
| CVE-2019-3901 | unknown | — | — | — | A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_acce… | |||
| CVE-2019-8956 | unknown | — | — | — | In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory. | |||
| CVE-2019-10714 | unknown | — | — | — | LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV. | |||
| CVE-2019-19952 | unknown | — | — | — | In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage. | |||
| CVE-2019-13137 | unknown | — | — | — | ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c. | |||
| CVE-2019-10873 | unknown | — | — | — | An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc. | |||
| CVE-2019-13295 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. | |||
| CVE-2019-13301 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error. | |||
| CVE-2019-13296 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value. | |||
| CVE-2019-9543 | unknown | — | — | — | An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) th… | |||
| CVE-2019-13297 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. | |||
| CVE-2019-13298 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error. | |||
| CVE-2019-9545 | unknown | — | — | — | An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the p… | |||
| CVE-2019-13311 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error. | |||
| CVE-2019-13299 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel. | |||
| CVE-2019-13307 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. | |||
| CVE-2019-13303 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage. | |||
| CVE-2019-13310 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. | |||
| CVE-2019-13308 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage. | |||
| CVE-2019-13454 | unknown | — | — | — | ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c. | |||
| CVE-2019-17547 | unknown | — | — | — | In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free. | |||
| CVE-2019-15139 | unknown | — | — | — | The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read… | |||
| CVE-2019-15141 | unknown | — | — | — | WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image fil… | |||
| CVE-2019-16712 | unknown | — | — | — | ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. | |||
| CVE-2019-16710 | unknown | — | — | — | ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. | |||
| CVE-2019-16713 | unknown | — | — | — | ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. | |||
| CVE-2019-14382 | unknown | — | — | — | DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. | |||
| CVE-2019-17113 | unknown | — | — | — | In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API,… | |||
| CVE-2019-3826 | unknown | — | — | 3y ago | A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prome… | |||
| CVE-2019-19040 | unknown | — | — | 4y ago | Reflected Cross site scripting (XSS) in kairosdb | |||
| CVE-2019-25075 | unknown | — | — | 4y ago | Path Traversal in Gravitee API Management | |||
| CVE-2019-17352 | unknown | — | — | 4y ago | JFinal file validation vulnerability | |||
| CVE-2019-10169 | unknown | — | — | 4y ago | Keycloak code execution via UMA policy abuse | |||
| CVE-2019-17560 | unknown | — | — | 4y ago | Improper Certificate Validation in Apache Netbeans | |||
| CVE-2019-19899 | unknown | — | — | 4y ago | Pebble Templates Improper Input Validation vulnerability | |||
| CVE-2019-20366 | unknown | — | — | 4y ago | XSS in Ignite Realtime Openfire via isTrustStore | |||
| CVE-2019-17598 | unknown | — | — | 4y ago | Play Framework Inadequate Encryption Strength vulnerability | |||
| CVE-2019-10406 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2019-10427 | unknown | — | — | 4y ago | Jenkins Aqua MicroScanner Plugin showed plain text credential in configuration form | |||
| CVE-2019-10426 | unknown | — | — | 4y ago | Jenkins Gem Publisher Plugin stores credentials as plaintext | |||
| CVE-2019-10430 | unknown | — | — | 4y ago | Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text | |||
| CVE-2019-10407 | unknown | — | — | 4y ago | Project Inheritance Plugin showed secret environment variables defined in Mask Passwords Plugin | |||
| CVE-2019-10428 | unknown | — | — | 4y ago | Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form | |||
| CVE-2019-10404 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2019-10405 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2019-10403 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2019-10402 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2019-10401 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2019-0195 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Apache Tapestry | |||
| CVE-2019-12401 | unknown | — | — | 4y ago | Apache Solr vulnerable to XML Bomb | |||
| CVE-2019-1010206 | unknown | — | — | 4y ago | kevinsawicki/http-request Missing certificate validation | |||
| CVE-2019-10326 | unknown | — | — | 4y ago | Jenkins Warnings NG Plugin cross-site request forgery vulnerability | |||
| CVE-2019-10328 | unknown | — | — | 4y ago | Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin | |||
| CVE-2019-10325 | unknown | — | — | 4y ago | Jenkins Warnings NG Plugin Cross-site scripting vulnerability | |||
| CVE-2019-10329 | unknown | — | — | 4y ago | Plaintext password storage in Jenkins InfluxDB Plugin | |||
| CVE-2019-10324 | unknown | — | — | 4y ago | Cross-site request forgery vulnerability in Jenkins Artifactory Plugin | |||
| CVE-2019-10330 | unknown | — | — | 4y ago | Improper handling of untrusted branches in Gitea Jenkins Plugin | |||
| CVE-2019-10327 | unknown | — | — | 4y ago | XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin | |||
| CVE-2019-10322 | unknown | — | — | 4y ago | Jenkins Artifactory Plugin missing permission check | |||
| CVE-2019-10323 | unknown | — | — | 4y ago | Jenkins Artifactory Plugin missing permission check | |||
| CVE-2019-10321 | unknown | — | — | 4y ago | Jenkins Artifactory Plugin cross-site request forgery vulnerability | |||
| CVE-2019-11818 | unknown | — | — | 4y ago | Alkacon OpenCMS XSS via New User module | |||
| CVE-2019-0233 | unknown | — | — | 4y ago | Improper Preservation of Permissions in Apache Struts | |||
| CVE-2019-17564 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Apache Dubbo | |||
| CVE-2019-17561 | unknown | — | — | 4y ago | Improper Verification of Cryptographic Signature in Apache Netbeans | |||
| CVE-2019-20525 | unknown | — | — | 4y ago | Ignite Realtime Openfire allows Cross-site Scripting | |||
| CVE-2019-20526 | unknown | — | — | 4y ago | Ignite Realtime Openfire allows Cross-site Scripting | |||
| CVE-2019-20528 | unknown | — | — | 4y ago | Ignite Realtime Openfire allows Cross-site Scripting | |||
| CVE-2019-14888 | unknown | — | — | 4y ago | Undertow vulnerable to Uncontrolled Resource Consumption | |||
| CVE-2019-14837 | unknown | — | — | 4y ago | keycloak vulnerable to unauthorized login via mail server setup | |||
| CVE-2019-6035 | unknown | — | — | 4y ago | Athenz vulnerable to Open Redirect | |||
| CVE-2019-16574 | unknown | — | — | 4y ago | Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to capture credentials stored in Jenkins | |||
| CVE-2019-16572 | unknown | — | — | 4y ago | Jenkins Weibo Plugin stores credentials unencrypted in its global configuration file | |||
| CVE-2019-16576 | unknown | — | — | 4y ago | Improper Authorization in Jenkins Alauda Kubernetes Suport Plugin | |||
| CVE-2019-16575 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Alauda Kubernetes Suport Plugin | |||
| CVE-2019-16571 | unknown | — | — | 4y ago | Jenkins RapidDeploy Plugin missing permission check | |||
| CVE-2019-16567 | unknown | — | — | 4y ago | Jenkins Team Concert Plugin missing permission check | |||
| CVE-2019-16566 | unknown | — | — | 4y ago | Jenkins Team Concert Plugin missing permission check | |||
| CVE-2019-16563 | unknown | — | — | 4y ago | Cross site scripting in Jenkins Mission Control Plugin | |||
| CVE-2019-16564 | unknown | — | — | 4y ago | Jenkins Pipeline Aggregator View Plugin stored XSS vulnerability | |||
| CVE-2019-16570 | unknown | — | — | 4y ago | Jenkins RapidDeploy Plugin Cross-Site Request Forgery plugin | |||
| CVE-2019-16569 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Mantis Plugin |