CVEs from 2019
Total
3,164
critical
critical 231
high
high 484
medium
medium 484
low
low 94
% Critical
7.3%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-9978 | unknown | — | 2.5 | 5y ago | WordPress Social Warfare plugin contains a cross-site scripting (XSS) vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social Warfare Pro. | |||
| CVE-2019-0541 | unknown | — | 2.5 | 5y ago | Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability. | |||
| CVE-2019-0863 | unknown | — | 2.5 | 5y ago | Microsoft Windows Error Reporting (WER) contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode. | |||
| CVE-2019-16759 | unknown | — | 2.5 | 5y ago | The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. | |||
| CVE-2019-17402 | low | — | 2.5 | 5y ago | RHSA-2021:1758: exiv2 security, bug fix, and enhancement update (Low) | |||
| CVE-2019-2708 | low | — | 2.5 | 5y ago | RHSA-2021:1675: libdb security update (Low) | |||
| CVE-2019-18276 | low | — | 2.5 | 5y ago | RHSA-2021:1679: bash security and bug fix update (Low) | |||
| CVE-2019-16167 | low | — | 2.5 | 6y ago | RHSA-2020:4638: sysstat security update (Low) | |||
| CVE-2019-17450 | low | — | 2.5 | 6y ago | RHSA-2020:4465: binutils security update (Low) | |||
| CVE-2019-1551 | low | — | 2.5 | 6y ago | RHSA-2020:4514: openssl security, bug fix, and enhancement update (Low) | |||
| CVE-2019-20386 | low | — | 2.5 | 6y ago | An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. | |||
| CVE-2019-14494 | low | — | 2.5 | 6y ago | An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. | |||
| CVE-2019-15165 | low | — | 2.5 | 6y ago | RHSA-2020:4547: libpcap security, bug fix, and enhancement update (Low) | |||
| CVE-2019-1010305 | low | — | 2.5 | 6y ago | RHSA-2020:1686: libmspack security and bug fix update (Low) | |||
| CVE-2019-13045 | low | — | 2.5 | 6y ago | RHSA-2020:1616: irssi security update (Low) | |||
| CVE-2019-1010317 | low | — | 2.5 | 6y ago | RHSA-2020:1581: wavpack security update (Low) | |||
| CVE-2019-1010315 | low | — | 2.5 | 6y ago | RHSA-2020:1581: wavpack security update (Low) | |||
| CVE-2019-1010319 | low | — | 2.5 | 6y ago | RHSA-2020:1581: wavpack security update (Low) | |||
| CVE-2019-11498 | low | — | 2.5 | 6y ago | RHSA-2020:1581: wavpack security update (Low) | |||
| CVE-2019-14834 | low | — | 2.5 | 6y ago | RHSA-2020:1715: dnsmasq security, bug fix, and enhancement update (Low) | |||
| CVE-2019-8696 | low | — | 2.5 | 6y ago | RHSA-2020:1765: cups security and bug fix update (Low) | |||
| CVE-2019-1010204 | low | — | 2.5 | 6y ago | RHSA-2020:1797: binutils security and bug fix update (Low) | |||
| CVE-2019-19126 | low | — | 2.5 | 6y ago | RHSA-2020:1828: glibc security, bug fix, and enhancement update (Low) | |||
| CVE-2019-3695 | low | — | 2.5 | 6y ago | RHBA-2020:1628: pcp bug fix and enhancement update (Low) | |||
| CVE-2019-13232 | low | — | 2.5 | 6y ago | RHSA-2020:1787: unzip security update (Low) | |||
| CVE-2019-17451 | low | — | 2.5 | 6y ago | RHSA-2020:1797: binutils security and bug fix update (Low) | |||
| CVE-2019-3696 | low | — | 2.5 | 6y ago | RHBA-2020:1628: pcp bug fix and enhancement update (Low) | |||
| CVE-2019-8675 | low | — | 2.5 | 6y ago | RHSA-2020:1765: cups security and bug fix update (Low) | |||
| CVE-2019-17558 | unknown | — | 2.5 | 6y ago | The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution. | |||
| CVE-2019-19118 | low | — | 2.5 | 7y ago | Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but ed… | |||
| CVE-2019-8735 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processin… | |||
| CVE-2019-8768 | low | — | 2.5 | 7y ago | "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing h… | |||
| CVE-2019-8726 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processin… | |||
| CVE-2019-8687 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for … | |||
| CVE-2019-8673 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for … | |||
| CVE-2019-8676 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6… | |||
| CVE-2019-8679 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for … | |||
| CVE-2019-8681 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for … | |||
| CVE-2019-8686 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for … | |||
| CVE-2019-8677 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for … | |||
| CVE-2019-8615 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for … | |||
| CVE-2019-8619 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for … | |||
| CVE-2019-8609 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for … | |||
| CVE-2019-8608 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for … | |||
| CVE-2019-8666 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for … | |||
| CVE-2019-8597 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for … | |||
| CVE-2019-8595 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for … | |||
| CVE-2019-8596 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for … | |||
| CVE-2019-8601 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9… | |||
| CVE-2019-8586 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for … | |||
| CVE-2019-8587 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for … | |||
| CVE-2019-8583 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9… | |||
| CVE-2019-8584 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for … | |||
| CVE-2019-8594 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for … | |||
| CVE-2019-8607 | low | — | 2.5 | 7y ago | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud f… | |||
| CVE-2019-8559 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.1… | |||
| CVE-2019-8563 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.1… | |||
| CVE-2019-8544 | low | — | 2.5 | 7y ago | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Proces… | |||
| CVE-2019-8571 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for … | |||
| CVE-2019-6251 | low | — | 2.5 | 7y ago | WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a… | |||
| CVE-2019-8551 | low | — | 2.5 | 7y ago | A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web c… | |||
| CVE-2019-6237 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for … | |||
| CVE-2019-8523 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing… | |||
| CVE-2019-11070 | low | — | 2.5 | 7y ago | WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in dean… | |||
| CVE-2019-8524 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing… | |||
| CVE-2019-8536 | low | — | 2.5 | 7y ago | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Proces… | |||
| CVE-2019-8610 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for … | |||
| CVE-2019-3820 | low | — | 2.5 | 7y ago | RHSA-2019:3553: GNOME security, bug fix, and enhancement update (Low) | |||
| CVE-2019-11459 | low | — | 2.5 | 7y ago | RHSA-2019:3553: GNOME security, bug fix, and enhancement update (Low) | |||
| CVE-2019-12795 | low | — | 2.5 | 7y ago | daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local atta… | |||
| CVE-2019-8535 | low | — | 2.5 | 7y ago | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing malicio… | |||
| CVE-2019-9824 | low | — | 2.5 | 7y ago | tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure. | |||
| CVE-2019-12155 | low | — | 2.5 | 7y ago | interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference. | |||
| CVE-2019-9755 | low | — | 2.5 | 7y ago | RHSA-2019:3345: virt:rhel security, bug fix, and enhancement update (Low) | |||
| CVE-2019-1543 | low | — | 2.5 | 7y ago | RHSA-2019:3700: openssl security, bug fix, and enhancement update (Low) | |||
| CVE-2019-7665 | low | — | 2.5 | 7y ago | RHSA-2019:3575: elfutils security, bug fix, and enhancement update (Low) | |||
| CVE-2019-7150 | low | — | 2.5 | 7y ago | RHSA-2019:3575: elfutils security, bug fix, and enhancement update (Low) | |||
| CVE-2019-7149 | low | — | 2.5 | 7y ago | RHSA-2019:3575: elfutils security, bug fix, and enhancement update (Low) | |||
| CVE-2019-7664 | low | — | 2.5 | 7y ago | RHSA-2019:3575: elfutils security, bug fix, and enhancement update (Low) | |||
| CVE-2019-6465 | low | — | 2.5 | 7y ago | RHSA-2019:3552: bind security and bug fix update (Low) | |||
| CVE-2019-7146 | low | — | 2.5 | 7y ago | RHSA-2019:3575: elfutils security, bug fix, and enhancement update (Low) | |||
| CVE-2019-13313 | low | — | 2.5 | 7y ago | RHSA-2019:3387: osinfo-db and libosinfo security and bug fix update (Low) | |||
| CVE-2019-10155 | low | — | 2.5 | 7y ago | RHSA-2019:3391: libreswan security and bug fix update (Low) | |||
| CVE-2019-12312 | low | — | 2.5 | 7y ago | RHSA-2019:3391: libreswan security and bug fix update (Low) | |||
| CVE-2019-10183 | low | — | 2.5 | 7y ago | RHSA-2019:3464: virt-manager security, bug fix, and enhancement update (Low) | |||
| CVE-2019-5418 | unknown | — | 2.5 | 7y ago | Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server… | |||
| CVE-2019-6340 | unknown | — | 2.5 | 7y ago | In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases. | |||
| CVE-2019-19006 | unknown | — | 1.5 | 4mo ago | Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services provided by the FreePBX admin. | |||
| CVE-2019-6693 | unknown | — | 1.5 | 1y ago | Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key. | |||
| CVE-2019-9875 | unknown | — | 1.5 | 1y ago | Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an authenticated attacker to execute arbitrary code by sending a… | |||
| CVE-2019-9874 | unknown | — | 1.5 | 1y ago | Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an unauthenticated attacker to execute arbitrary code by sending… | |||
| CVE-2019-11001 | unknown | — | 1.5 | 2y ago | Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the "TestEmail… | |||
| CVE-2019-0344 | unknown | — | 1.5 | 2y ago | SAP Commerce Cloud (formerly known as Hybris) contains a deserialization of untrusted data vulnerability within the mediaconversion and virtualjdbc extension that allows for code injection. | |||
| CVE-2019-8526 | unknown | — | 1.5 | 3y ago | Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. | |||
| CVE-2019-1388 | unknown | — | 1.5 | 3y ago | Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context. | |||
| CVE-2019-15271 | unknown | — | 1.5 | 4y ago | A deserialization of untrusted data vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an attacker to execute code with root privileges. | |||
| CVE-2019-7193 | unknown | — | 1.5 | 4y ago | QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system. | |||
| CVE-2019-1385 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. | |||
| CVE-2019-1130 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. | |||
| CVE-2019-7287 | unknown | — | 1.5 | 4y ago | Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution. |