CVEs from 2019
Total
3,161
critical
critical 238
high
high 484
medium
medium 485
low
low 95
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-14896 | unknown | — | — | — | A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, poss… | |||
| CVE-2019-14902 | unknown | — | — | — | There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a… | |||
| CVE-2019-19949 | unknown | — | — | — | In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. | |||
| CVE-2019-15139 | unknown | — | — | — | The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read… | |||
| CVE-2019-15141 | unknown | — | — | — | WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image fil… | |||
| CVE-2019-15211 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio… | |||
| CVE-2019-18853 | unknown | — | — | — | ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2. | |||
| CVE-2019-15215 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. | |||
| CVE-2019-17540 | unknown | — | — | — | ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c. | |||
| CVE-2019-15291 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop… | |||
| CVE-2019-15538 | unknown | — | — | — | An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsi… | |||
| CVE-2019-16711 | unknown | — | — | — | ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. | |||
| CVE-2019-15140 | unknown | — | — | — | coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab ima… | |||
| CVE-2019-14981 | unknown | — | — | — | In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a cr… | |||
| CVE-2019-16709 | unknown | — | — | — | ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. | |||
| CVE-2019-13305 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. | |||
| CVE-2019-13304 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment. | |||
| CVE-2019-18680 | unknown | — | — | — | An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0. | |||
| CVE-2019-18807 | unknown | — | — | — | Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory consumpt… | |||
| CVE-2019-13302 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages. | |||
| CVE-2019-13136 | unknown | — | — | — | ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c. | |||
| CVE-2019-18814 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c. | |||
| CVE-2019-13661 | unknown | — | — | — | UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page. | |||
| CVE-2019-13662 | unknown | — | — | — | Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||
| CVE-2019-19037 | unknown | — | — | — | ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero. | |||
| CVE-2019-19043 | unknown | — | — | — | A memory leak in the i40e_setup_macvlans() function in drivers/net/ethernet/intel/i40e/i40e_main.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption… | |||
| CVE-2019-12974 | unknown | — | — | — | A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service … | |||
| CVE-2019-19048 | unknown | — | — | — | A memory leak in the crypto_reportstat() function in drivers/virt/vboxguest/vboxguest_utils.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by tr… | |||
| CVE-2019-19053 | unknown | — | — | — | A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggeri… | |||
| CVE-2019-11472 | unknown | — | — | — | ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which… | |||
| CVE-2019-11470 | unknown | — | — | — | The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image s… | |||
| CVE-2019-17541 | unknown | — | — | — | ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. | |||
| CVE-2019-19082 | unknown | — | — | — | Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affec… | |||
| CVE-2019-13670 | unknown | — | — | — | Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2019-19252 | unknown | — | — | — | vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a. | |||
| CVE-2019-19448 | unknown | — | — | — | In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space… | |||
| CVE-2019-19462 | unknown | — | — | — | relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. | |||
| CVE-2019-13669 | unknown | — | — | — | Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2019-19769 | unknown | — | — | — | In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). | |||
| CVE-2019-19813 | unknown | — | — | — | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/… | |||
| CVE-2019-17021 | unknown | — | — | — | During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windo… | |||
| CVE-2019-19927 | unknown | — | — | — | In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read ac… | |||
| CVE-2019-17018 | unknown | — | — | — | When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affects Firefox < 72. | |||
| CVE-2019-19965 | unknown | — | — | — | In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race … | |||
| CVE-2019-20095 | unknown | — | — | — | mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This… | |||
| CVE-2019-20175 | unknown | — | — | — | An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an … | |||
| CVE-2019-15237 | unknown | — | — | 1mo ago | Roundcube Webmail vulnerabilities | |||
| CVE-2019-3826 | unknown | — | — | 3y ago | A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prome… | |||
| CVE-2019-19040 | unknown | — | — | 4y ago | Reflected Cross site scripting (XSS) in kairosdb | |||
| CVE-2019-25075 | unknown | — | — | 4y ago | Path Traversal in Gravitee API Management | |||
| CVE-2019-17352 | unknown | — | — | 4y ago | JFinal file validation vulnerability | |||
| CVE-2019-10169 | unknown | — | — | 4y ago | Keycloak code execution via UMA policy abuse | |||
| CVE-2019-17560 | unknown | — | — | 4y ago | Improper Certificate Validation in Apache Netbeans | |||
| CVE-2019-20366 | unknown | — | — | 4y ago | XSS in Ignite Realtime Openfire via isTrustStore | |||
| CVE-2019-19899 | unknown | — | — | 4y ago | Pebble Templates Improper Input Validation vulnerability | |||
| CVE-2019-17598 | unknown | — | — | 4y ago | Play Framework Inadequate Encryption Strength vulnerability | |||
| CVE-2019-10407 | unknown | — | — | 4y ago | Project Inheritance Plugin showed secret environment variables defined in Mask Passwords Plugin | |||
| CVE-2019-10426 | unknown | — | — | 4y ago | Jenkins Gem Publisher Plugin stores credentials as plaintext | |||
| CVE-2019-10428 | unknown | — | — | 4y ago | Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form | |||
| CVE-2019-10427 | unknown | — | — | 4y ago | Jenkins Aqua MicroScanner Plugin showed plain text credential in configuration form | |||
| CVE-2019-10430 | unknown | — | — | 4y ago | Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text | |||
| CVE-2019-10406 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2019-10402 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2019-10404 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2019-10405 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2019-10401 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2019-10403 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2019-0195 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Apache Tapestry | |||
| CVE-2019-12401 | unknown | — | — | 4y ago | Apache Solr vulnerable to XML Bomb | |||
| CVE-2019-1010206 | unknown | — | — | 4y ago | kevinsawicki/http-request Missing certificate validation | |||
| CVE-2019-10324 | unknown | — | — | 4y ago | Cross-site request forgery vulnerability in Jenkins Artifactory Plugin | |||
| CVE-2019-10327 | unknown | — | — | 4y ago | XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin | |||
| CVE-2019-10328 | unknown | — | — | 4y ago | Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin | |||
| CVE-2019-10326 | unknown | — | — | 4y ago | Jenkins Warnings NG Plugin cross-site request forgery vulnerability | |||
| CVE-2019-10330 | unknown | — | — | 4y ago | Improper handling of untrusted branches in Gitea Jenkins Plugin | |||
| CVE-2019-10325 | unknown | — | — | 4y ago | Jenkins Warnings NG Plugin Cross-site scripting vulnerability | |||
| CVE-2019-10329 | unknown | — | — | 4y ago | Plaintext password storage in Jenkins InfluxDB Plugin | |||
| CVE-2019-10322 | unknown | — | — | 4y ago | Jenkins Artifactory Plugin missing permission check | |||
| CVE-2019-10323 | unknown | — | — | 4y ago | Jenkins Artifactory Plugin missing permission check | |||
| CVE-2019-10321 | unknown | — | — | 4y ago | Jenkins Artifactory Plugin cross-site request forgery vulnerability | |||
| CVE-2019-11818 | unknown | — | — | 4y ago | Alkacon OpenCMS XSS via New User module | |||
| CVE-2019-0233 | unknown | — | — | 4y ago | Improper Preservation of Permissions in Apache Struts | |||
| CVE-2019-17564 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Apache Dubbo | |||
| CVE-2019-17561 | unknown | — | — | 4y ago | Improper Verification of Cryptographic Signature in Apache Netbeans | |||
| CVE-2019-20525 | unknown | — | — | 4y ago | Ignite Realtime Openfire allows Cross-site Scripting | |||
| CVE-2019-20526 | unknown | — | — | 4y ago | Ignite Realtime Openfire allows Cross-site Scripting | |||
| CVE-2019-20528 | unknown | — | — | 4y ago | Ignite Realtime Openfire allows Cross-site Scripting | |||
| CVE-2019-14888 | unknown | — | — | 4y ago | Undertow vulnerable to Uncontrolled Resource Consumption | |||
| CVE-2019-14837 | unknown | — | — | 4y ago | keycloak vulnerable to unauthorized login via mail server setup | |||
| CVE-2019-6035 | unknown | — | — | 4y ago | Athenz vulnerable to Open Redirect | |||
| CVE-2019-16576 | unknown | — | — | 4y ago | Improper Authorization in Jenkins Alauda Kubernetes Suport Plugin | |||
| CVE-2019-16574 | unknown | — | — | 4y ago | Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to capture credentials stored in Jenkins | |||
| CVE-2019-16572 | unknown | — | — | 4y ago | Jenkins Weibo Plugin stores credentials unencrypted in its global configuration file | |||
| CVE-2019-16575 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Alauda Kubernetes Suport Plugin | |||
| CVE-2019-16570 | unknown | — | — | 4y ago | Jenkins RapidDeploy Plugin Cross-Site Request Forgery plugin | |||
| CVE-2019-16567 | unknown | — | — | 4y ago | Jenkins Team Concert Plugin missing permission check | |||
| CVE-2019-16563 | unknown | — | — | 4y ago | Cross site scripting in Jenkins Mission Control Plugin | |||
| CVE-2019-16571 | unknown | — | — | 4y ago | Jenkins RapidDeploy Plugin missing permission check | |||
| CVE-2019-16566 | unknown | — | — | 4y ago | Jenkins Team Concert Plugin missing permission check | |||
| CVE-2019-16564 | unknown | — | — | 4y ago | Jenkins Pipeline Aggregator View Plugin stored XSS vulnerability |