CVEs from 2019
Total
3,164
critical
critical 238
high
high 485
medium
medium 485
low
low 94
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-17567 | medium | — | 5.5 | — | Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing … | |||
| CVE-2019-6988 | medium | — | 5.5 | — | An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_… | |||
| CVE-2019-8398 | medium | — | 5.5 | — | An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c. | |||
| CVE-2019-19918 | medium | — | 5.5 | — | arbitrary code execution in lout | |||
| CVE-2019-19721 | medium | — | 5.5 | — | An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted i… | |||
| CVE-2019-10723 | medium | — | 5.5 | — | An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated. | |||
| CVE-2019-20093 | medium | — | 5.5 | — | The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtrac… | |||
| CVE-2019-6502 | medium | — | 5.5 | — | sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. | |||
| CVE-2019-3807 | medium | — | 5.5 | — | An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properl… | |||
| CVE-2019-5716 | medium | — | 5.5 | — | In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. | |||
| CVE-2019-8397 | medium | — | 5.5 | — | An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c. | |||
| CVE-2019-16378 | medium | — | 5.5 | — | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be rel… | |||
| CVE-2019-8396 | medium | — | 5.5 | — | A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while rep… | |||
| CVE-2019-6475 | medium | — | 5.5 | — | Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to D… | |||
| CVE-2019-25597 | medium | 5.5 | 5.5 | 3mo ago | NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers … | |||
| CVE-2019-17543 | medium | — | 5.5 | 11mo ago | RHSA-2025:11035: lz4 security update (Moderate) | |||
| CVE-2019-19012 | medium | — | 5.5 | 1y ago | RHSA-2025:7539: ruby:2.5 security update (Moderate) | |||
| CVE-2019-12900 | medium | — | 5.5 | 1y ago | RHSA-2025:0733: bzip2 security and bug fix update (Moderate) | |||
| CVE-2019-25162 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device… | |||
| CVE-2019-15505 | medium | — | 5.5 | 2y ago | drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). | |||
| CVE-2019-13631 | medium | — | 5.5 | 2y ago | In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation o… | |||
| CVE-2019-19203 | medium | — | 5.5 | 2y ago | RHSA-2024:0889: oniguruma security update (Moderate) | |||
| CVE-2019-19204 | medium | — | 5.5 | 2y ago | RHSA-2024:0889: oniguruma security update (Moderate) | |||
| CVE-2019-13224 | medium | — | 5.5 | 2y ago | RHSA-2024:0889: oniguruma security update (Moderate) | |||
| CVE-2019-16163 | medium | — | 5.5 | 2y ago | RHSA-2024:0889: oniguruma security update (Moderate) | |||
| CVE-2019-19499 | medium | — | 5.5 | 2y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-19921 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2019-14560 | medium | — | 5.5 | 3y ago | RHSA-2023:6919: edk2 security and bug fix update (Moderate) | |||
| CVE-2019-25058 | medium | — | 5.5 | 3y ago | RHSA-2023:0087: usbguard security update (Moderate) | |||
| CVE-2019-25033 | medium | — | 5.5 | 4y ago | RHSA-2022:7622: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14809 | medium | — | 5.5 | 4y ago | RHSA-2019:3433: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-6446 | medium | — | 5.5 | 4y ago | RHSA-2019:3704: numpy security update (Moderate) | |||
| CVE-2019-17596 | medium | — | 5.5 | 4y ago | RHSA-2020:0329: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2019-10383 | medium | — | 5.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2019-10384 | medium | — | 5.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2019-6486 | medium | — | 5.5 | 4y ago | Denial of service affecting P-521 and P-384 curves in crypto/elliptic | |||
| CVE-2019-16276 | medium | — | 5.5 | 4y ago | RHSA-2020:0329: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2019-11236 | medium | — | 5.5 | 4y ago | RHSA-2020:1916: python-pip security update (Moderate) | |||
| CVE-2019-1003049 | medium | — | 5.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2019-1003050 | medium | — | 5.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2019-25051 | medium | — | 5.5 | 4y ago | RHSA-2022:1808: aspell security update (Moderate) | |||
| CVE-2019-19005 | medium | — | 5.5 | 5y ago | RHSA-2021:4519: autotrace security update (Moderate) | |||
| CVE-2019-19004 | medium | — | 5.5 | 5y ago | RHSA-2021:4519: autotrace security update (Moderate) | |||
| CVE-2019-17595 | medium | — | 5.5 | 5y ago | RHSA-2021:4426: ncurses security update (Moderate) | |||
| CVE-2019-17594 | medium | — | 5.5 | 5y ago | RHSA-2021:4426: ncurses security update (Moderate) | |||
| CVE-2019-13750 | medium | — | 5.5 | 5y ago | Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. | |||
| CVE-2019-13751 | medium | — | 5.5 | 5y ago | Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2019-5827 | medium | — | 5.5 | 5y ago | Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2019-19603 | medium | — | 5.5 | 5y ago | RHSA-2021:4396: sqlite security update (Moderate) | |||
| CVE-2019-18218 | medium | — | 5.5 | 5y ago | cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). | |||
| CVE-2019-14615 | medium | — | 5.5 | 5y ago | Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via l… | |||
| CVE-2019-12973 | medium | — | 5.5 | 5y ago | RHSA-2021:4251: openjpeg2 security update (Moderate) | |||
| CVE-2019-14584 | medium | — | 5.5 | 5y ago | RHSA-2021:4198: edk2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-15845 | medium | — | 5.5 | 5y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-16201 | medium | — | 5.5 | 5y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-16255 | medium | — | 5.5 | 5y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-16254 | medium | — | 5.5 | 5y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20916 | medium | — | 5.5 | 5y ago | The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwr… | |||
| CVE-2019-20398 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20397 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20396 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20395 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20393 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20392 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20391 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20394 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20839 | medium | — | 5.5 | 5y ago | libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. | |||
| CVE-2019-13012 | medium | — | 5.5 | 5y ago | RHSA-2021:1586: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25013 | medium | — | 5.5 | 5y ago | RHSA-2021:1585: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9169 | medium | — | 5.5 | 5y ago | RHSA-2021:1585: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25036 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14866 | medium | — | 5.5 | 5y ago | RHSA-2021:1582: cpio security update (Moderate) | |||
| CVE-2019-25034 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25040 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25041 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25037 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25038 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25035 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25039 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25032 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25042 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20477 | medium | — | 5.5 | 5y ago | RHSA-2020:4641: python38:3.8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20372 | medium | — | 5.5 | 6y ago | RHSA-2020:5495: nginx:1.16 security update (Moderate) | |||
| CVE-2019-20637 | medium | — | 5.5 | 6y ago | An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next re… | |||
| CVE-2019-15166 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9278 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-10221 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-19481 | medium | — | 5.5 | 6y ago | RHSA-2020:4483: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-15892 | medium | — | 5.5 | 6y ago | An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests… | |||
| CVE-2019-20792 | medium | — | 5.5 | 6y ago | RHSA-2020:4483: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-19783 | medium | — | 5.5 | 6y ago | RHSA-2020:4655: cyrus-imapd security update (Moderate) | |||
| CVE-2019-7576 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7574 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7575 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7573 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7572 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-12420 | medium | — | 5.5 | 6y ago | RHSA-2020:4625: spamassassin security update (Moderate) | |||
| CVE-2019-17185 | medium | — | 5.5 | 6y ago | RHSA-2020:4799: freeradius:3.0 security and bug fix update (Moderate) | |||
| CVE-2019-20387 | medium | — | 5.5 | 6y ago | repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. | |||
| CVE-2019-20388 | medium | — | 5.5 | 6y ago | xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. |