CVEs from 2019
Total
3,164
critical
critical 238
high
high 485
medium
medium 485
low
low 94
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-9199 | medium | — | 5.5 | — | PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose bi… | |||
| CVE-2019-17498 | medium | — | 5.5 | — | In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a s… | |||
| CVE-2019-6502 | medium | — | 5.5 | — | sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. | |||
| CVE-2019-19918 | medium | — | 5.5 | — | arbitrary code execution in lout | |||
| CVE-2019-12209 | medium | — | 5.5 | — | Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks syml… | |||
| CVE-2019-16927 | medium | — | 5.5 | — | Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. | |||
| CVE-2019-7148 | medium | — | 5.5 | — | An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denia… | |||
| CVE-2019-8397 | medium | — | 5.5 | — | An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c. | |||
| CVE-2019-8398 | medium | — | 5.5 | — | An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c. | |||
| CVE-2019-17567 | medium | — | 5.5 | — | Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing … | |||
| CVE-2019-16378 | medium | — | 5.5 | — | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be rel… | |||
| CVE-2019-14833 | medium | — | 5.5 | — | A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Sam… | |||
| CVE-2019-14847 | medium | — | 5.5 | — | A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not po… | |||
| CVE-2019-11499 | medium | — | 5.5 | — | In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message. | |||
| CVE-2019-25597 | medium | 5.5 | 5.5 | 3mo ago | NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers … | |||
| CVE-2019-17543 | medium | — | 5.5 | 11mo ago | RHSA-2025:11035: lz4 security update (Moderate) | |||
| CVE-2019-19012 | medium | — | 5.5 | 1y ago | RHSA-2025:7539: ruby:2.5 security update (Moderate) | |||
| CVE-2019-12900 | medium | — | 5.5 | 1y ago | RHSA-2025:0733: bzip2 security and bug fix update (Moderate) | |||
| CVE-2019-25162 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device… | |||
| CVE-2019-15505 | medium | — | 5.5 | 2y ago | drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). | |||
| CVE-2019-13631 | medium | — | 5.5 | 2y ago | In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation o… | |||
| CVE-2019-13224 | medium | — | 5.5 | 2y ago | RHSA-2024:0889: oniguruma security update (Moderate) | |||
| CVE-2019-19204 | medium | — | 5.5 | 2y ago | RHSA-2024:0889: oniguruma security update (Moderate) | |||
| CVE-2019-19203 | medium | — | 5.5 | 2y ago | RHSA-2024:0889: oniguruma security update (Moderate) | |||
| CVE-2019-16163 | medium | — | 5.5 | 2y ago | RHSA-2024:0889: oniguruma security update (Moderate) | |||
| CVE-2019-19499 | medium | — | 5.5 | 2y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-19921 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2019-14560 | medium | — | 5.5 | 3y ago | RHSA-2023:6919: edk2 security and bug fix update (Moderate) | |||
| CVE-2019-25058 | medium | — | 5.5 | 3y ago | RHSA-2023:0087: usbguard security update (Moderate) | |||
| CVE-2019-25033 | medium | — | 5.5 | 4y ago | RHSA-2022:7622: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14809 | medium | — | 5.5 | 4y ago | RHSA-2019:3433: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-6446 | medium | — | 5.5 | 4y ago | RHSA-2019:3704: numpy security update (Moderate) | |||
| CVE-2019-17596 | medium | — | 5.5 | 4y ago | RHSA-2020:0329: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2019-10383 | medium | — | 5.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2019-10384 | medium | — | 5.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2019-6486 | medium | — | 5.5 | 4y ago | Denial of service affecting P-521 and P-384 curves in crypto/elliptic | |||
| CVE-2019-16276 | medium | — | 5.5 | 4y ago | RHSA-2020:0329: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2019-11236 | medium | — | 5.5 | 4y ago | RHSA-2020:1916: python-pip security update (Moderate) | |||
| CVE-2019-1003050 | medium | — | 5.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2019-1003049 | medium | — | 5.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2019-25051 | medium | — | 5.5 | 4y ago | RHSA-2022:1808: aspell security update (Moderate) | |||
| CVE-2019-19005 | medium | — | 5.5 | 5y ago | RHSA-2021:4519: autotrace security update (Moderate) | |||
| CVE-2019-19004 | medium | — | 5.5 | 5y ago | RHSA-2021:4519: autotrace security update (Moderate) | |||
| CVE-2019-17594 | medium | — | 5.5 | 5y ago | RHSA-2021:4426: ncurses security update (Moderate) | |||
| CVE-2019-17595 | medium | — | 5.5 | 5y ago | RHSA-2021:4426: ncurses security update (Moderate) | |||
| CVE-2019-5827 | medium | — | 5.5 | 5y ago | Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2019-13750 | medium | — | 5.5 | 5y ago | Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. | |||
| CVE-2019-13751 | medium | — | 5.5 | 5y ago | Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2019-19603 | medium | — | 5.5 | 5y ago | RHSA-2021:4396: sqlite security update (Moderate) | |||
| CVE-2019-18218 | medium | — | 5.5 | 5y ago | cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). | |||
| CVE-2019-14615 | medium | — | 5.5 | 5y ago | Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via l… | |||
| CVE-2019-12973 | medium | — | 5.5 | 5y ago | RHSA-2021:4251: openjpeg2 security update (Moderate) | |||
| CVE-2019-14584 | medium | — | 5.5 | 5y ago | RHSA-2021:4198: edk2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-15845 | medium | — | 5.5 | 5y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-16254 | medium | — | 5.5 | 5y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-16255 | medium | — | 5.5 | 5y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-16201 | medium | — | 5.5 | 5y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20916 | medium | — | 5.5 | 5y ago | The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwr… | |||
| CVE-2019-20391 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20398 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20395 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20394 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20393 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20392 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20397 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20396 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20839 | medium | — | 5.5 | 5y ago | libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. | |||
| CVE-2019-13012 | medium | — | 5.5 | 5y ago | RHSA-2021:1586: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9169 | medium | — | 5.5 | 5y ago | RHSA-2021:1585: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25013 | medium | — | 5.5 | 5y ago | RHSA-2021:1585: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14866 | medium | — | 5.5 | 5y ago | RHSA-2021:1582: cpio security update (Moderate) | |||
| CVE-2019-25034 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25032 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25042 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25036 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25035 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25039 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25041 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25040 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25038 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25037 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20477 | medium | — | 5.5 | 5y ago | RHSA-2020:4641: python38:3.8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20372 | medium | — | 5.5 | 6y ago | RHSA-2020:5495: nginx:1.16 security update (Moderate) | |||
| CVE-2019-20387 | medium | — | 5.5 | 6y ago | repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. | |||
| CVE-2019-14559 | medium | — | 5.5 | 6y ago | RHSA-2020:4805: edk2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-17185 | medium | — | 5.5 | 6y ago | RHSA-2020:4799: freeradius:3.0 security and bug fix update (Moderate) | |||
| CVE-2019-15892 | medium | — | 5.5 | 6y ago | An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests… | |||
| CVE-2019-20637 | medium | — | 5.5 | 6y ago | An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next re… | |||
| CVE-2019-19956 | medium | — | 5.5 | 6y ago | xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. | |||
| CVE-2019-7576 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-20388 | medium | — | 5.5 | 6y ago | xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. | |||
| CVE-2019-7574 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7575 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7573 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-18928 | medium | — | 5.5 | 6y ago | RHSA-2020:4655: cyrus-imapd security update (Moderate) | |||
| CVE-2019-7572 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-12420 | medium | — | 5.5 | 6y ago | RHSA-2020:4625: spamassassin security update (Moderate) | |||
| CVE-2019-10221 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-19481 | medium | — | 5.5 | 6y ago | RHSA-2020:4483: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-19783 | medium | — | 5.5 | 6y ago | RHSA-2020:4655: cyrus-imapd security update (Moderate) |