CVEs from 2019
Total
3,164
critical
critical 238
high
high 485
medium
medium 485
low
low 94
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-6290 | medium | — | 5.5 | — | An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, be… | |||
| CVE-2019-20093 | medium | — | 5.5 | — | The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtrac… | |||
| CVE-2019-8397 | medium | — | 5.5 | — | An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c. | |||
| CVE-2019-17498 | medium | — | 5.5 | — | In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a s… | |||
| CVE-2019-6502 | medium | — | 5.5 | — | sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. | |||
| CVE-2019-8396 | medium | — | 5.5 | — | A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while rep… | |||
| CVE-2019-12209 | medium | — | 5.5 | — | Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks syml… | |||
| CVE-2019-9199 | medium | — | 5.5 | — | PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose bi… | |||
| CVE-2019-10209 | medium | — | 5.5 | — | multiple issues in postgresql-libs, postgresql | |||
| CVE-2019-19918 | medium | — | 5.5 | — | arbitrary code execution in lout | |||
| CVE-2019-14833 | medium | — | 5.5 | — | A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Sam… | |||
| CVE-2019-13615 | medium | — | 5.5 | — | libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement. | |||
| CVE-2019-3807 | medium | — | 5.5 | — | An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properl… | |||
| CVE-2019-14847 | medium | — | 5.5 | — | A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not po… | |||
| CVE-2019-25597 | medium | 5.5 | 5.5 | 3mo ago | NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers … | |||
| CVE-2019-17543 | medium | — | 5.5 | 11mo ago | RHSA-2025:11035: lz4 security update (Moderate) | |||
| CVE-2019-19012 | medium | — | 5.5 | 1y ago | RHSA-2025:7539: ruby:2.5 security update (Moderate) | |||
| CVE-2019-12900 | medium | — | 5.5 | 1y ago | RHSA-2025:0733: bzip2 security and bug fix update (Moderate) | |||
| CVE-2019-25162 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device… | |||
| CVE-2019-15505 | medium | — | 5.5 | 2y ago | drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). | |||
| CVE-2019-13631 | medium | — | 5.5 | 2y ago | In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation o… | |||
| CVE-2019-13224 | medium | — | 5.5 | 2y ago | RHSA-2024:0889: oniguruma security update (Moderate) | |||
| CVE-2019-16163 | medium | — | 5.5 | 2y ago | RHSA-2024:0889: oniguruma security update (Moderate) | |||
| CVE-2019-19204 | medium | — | 5.5 | 2y ago | RHSA-2024:0889: oniguruma security update (Moderate) | |||
| CVE-2019-19203 | medium | — | 5.5 | 2y ago | RHSA-2024:0889: oniguruma security update (Moderate) | |||
| CVE-2019-19499 | medium | — | 5.5 | 2y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-19921 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2019-14560 | medium | — | 5.5 | 3y ago | RHSA-2023:6919: edk2 security and bug fix update (Moderate) | |||
| CVE-2019-25058 | medium | — | 5.5 | 3y ago | RHSA-2023:0087: usbguard security update (Moderate) | |||
| CVE-2019-25033 | medium | — | 5.5 | 4y ago | RHSA-2022:7622: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14809 | medium | — | 5.5 | 4y ago | RHSA-2019:3433: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-6446 | medium | — | 5.5 | 4y ago | RHSA-2019:3704: numpy security update (Moderate) | |||
| CVE-2019-17596 | medium | — | 5.5 | 4y ago | RHSA-2020:0329: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2019-10384 | medium | — | 5.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2019-10383 | medium | — | 5.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2019-6486 | medium | — | 5.5 | 4y ago | Denial of service affecting P-521 and P-384 curves in crypto/elliptic | |||
| CVE-2019-16276 | medium | — | 5.5 | 4y ago | RHSA-2020:0329: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2019-11236 | medium | — | 5.5 | 4y ago | RHSA-2020:1916: python-pip security update (Moderate) | |||
| CVE-2019-1003049 | medium | — | 5.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2019-1003050 | medium | — | 5.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2019-25051 | medium | — | 5.5 | 4y ago | RHSA-2022:1808: aspell security update (Moderate) | |||
| CVE-2019-19004 | medium | — | 5.5 | 5y ago | RHSA-2021:4519: autotrace security update (Moderate) | |||
| CVE-2019-19005 | medium | — | 5.5 | 5y ago | RHSA-2021:4519: autotrace security update (Moderate) | |||
| CVE-2019-17595 | medium | — | 5.5 | 5y ago | RHSA-2021:4426: ncurses security update (Moderate) | |||
| CVE-2019-17594 | medium | — | 5.5 | 5y ago | RHSA-2021:4426: ncurses security update (Moderate) | |||
| CVE-2019-5827 | medium | — | 5.5 | 5y ago | Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2019-13750 | medium | — | 5.5 | 5y ago | Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. | |||
| CVE-2019-13751 | medium | — | 5.5 | 5y ago | Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2019-19603 | medium | — | 5.5 | 5y ago | RHSA-2021:4396: sqlite security update (Moderate) | |||
| CVE-2019-18218 | medium | — | 5.5 | 5y ago | cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). | |||
| CVE-2019-14615 | medium | — | 5.5 | 5y ago | Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via l… | |||
| CVE-2019-12973 | medium | — | 5.5 | 5y ago | RHSA-2021:4251: openjpeg2 security update (Moderate) | |||
| CVE-2019-14584 | medium | — | 5.5 | 5y ago | RHSA-2021:4198: edk2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-15845 | medium | — | 5.5 | 5y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-16254 | medium | — | 5.5 | 5y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-16255 | medium | — | 5.5 | 5y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-16201 | medium | — | 5.5 | 5y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20916 | medium | — | 5.5 | 5y ago | The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwr… | |||
| CVE-2019-20396 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20395 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20397 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20398 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20391 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20392 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20393 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20394 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20839 | medium | — | 5.5 | 5y ago | libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. | |||
| CVE-2019-13012 | medium | — | 5.5 | 5y ago | RHSA-2021:1586: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9169 | medium | — | 5.5 | 5y ago | RHSA-2021:1585: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25013 | medium | — | 5.5 | 5y ago | RHSA-2021:1585: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14866 | medium | — | 5.5 | 5y ago | RHSA-2021:1582: cpio security update (Moderate) | |||
| CVE-2019-25041 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25042 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25032 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25034 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25035 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25036 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25037 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25038 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25039 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25040 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20477 | medium | — | 5.5 | 5y ago | RHSA-2020:4641: python38:3.8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20372 | medium | — | 5.5 | 6y ago | RHSA-2020:5495: nginx:1.16 security update (Moderate) | |||
| CVE-2019-10221 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-15166 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-18928 | medium | — | 5.5 | 6y ago | RHSA-2020:4655: cyrus-imapd security update (Moderate) | |||
| CVE-2019-19783 | medium | — | 5.5 | 6y ago | RHSA-2020:4655: cyrus-imapd security update (Moderate) | |||
| CVE-2019-12420 | medium | — | 5.5 | 6y ago | RHSA-2020:4625: spamassassin security update (Moderate) | |||
| CVE-2019-10179 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-10146 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-7577 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7578 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-20388 | medium | — | 5.5 | 6y ago | xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. | |||
| CVE-2019-7635 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7636 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7575 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7572 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7573 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7637 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7574 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) |