CVEs from 2019
Total
3,165
critical
critical 231
high
high 484
medium
medium 483
low
low 94
% Critical
7.3%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-6475 | medium | — | 5.5 | — | Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to D… | |||
| CVE-2019-8397 | medium | — | 5.5 | — | An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c. | |||
| CVE-2019-16378 | medium | — | 5.5 | — | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be rel… | |||
| CVE-2019-10723 | medium | — | 5.5 | — | An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated. | |||
| CVE-2019-12210 | medium | — | 5.5 | — | In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descr… | |||
| CVE-2019-19917 | medium | — | 5.5 | — | arbitrary code execution in lout | |||
| CVE-2019-25597 | medium | 5.5 | 5.5 | 3mo ago | NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers … | |||
| CVE-2019-17543 | medium | — | 5.5 | 11mo ago | RHSA-2025:11035: lz4 security update (Moderate) | |||
| CVE-2019-19012 | medium | — | 5.5 | 1y ago | RHSA-2025:7539: ruby:2.5 security update (Moderate) | |||
| CVE-2019-12900 | medium | — | 5.5 | 1y ago | RHSA-2025:0733: bzip2 security and bug fix update (Moderate) | |||
| CVE-2019-25162 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device… | |||
| CVE-2019-15505 | medium | — | 5.5 | 2y ago | drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). | |||
| CVE-2019-13631 | medium | — | 5.5 | 2y ago | In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation o… | |||
| CVE-2019-16163 | medium | — | 5.5 | 2y ago | RHSA-2024:0889: oniguruma security update (Moderate) | |||
| CVE-2019-13224 | medium | — | 5.5 | 2y ago | RHSA-2024:0889: oniguruma security update (Moderate) | |||
| CVE-2019-19204 | medium | — | 5.5 | 2y ago | RHSA-2024:0889: oniguruma security update (Moderate) | |||
| CVE-2019-19203 | medium | — | 5.5 | 2y ago | RHSA-2024:0889: oniguruma security update (Moderate) | |||
| CVE-2019-19499 | medium | — | 5.5 | 2y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-19921 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2019-14560 | medium | — | 5.5 | 3y ago | RHSA-2023:6919: edk2 security and bug fix update (Moderate) | |||
| CVE-2019-25058 | medium | — | 5.5 | 3y ago | RHSA-2023:0087: usbguard security update (Moderate) | |||
| CVE-2019-25033 | medium | — | 5.5 | 4y ago | RHSA-2022:7622: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14809 | medium | — | 5.5 | 4y ago | RHSA-2019:3433: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-6446 | medium | — | 5.5 | 4y ago | RHSA-2019:3704: numpy security update (Moderate) | |||
| CVE-2019-17596 | medium | — | 5.5 | 4y ago | RHSA-2020:0329: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2019-10383 | medium | — | 5.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2019-10384 | medium | — | 5.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2019-6486 | medium | — | 5.5 | 4y ago | Denial of service affecting P-521 and P-384 curves in crypto/elliptic | |||
| CVE-2019-16276 | medium | — | 5.5 | 4y ago | RHSA-2020:0329: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2019-11236 | medium | — | 5.5 | 4y ago | RHSA-2020:1916: python-pip security update (Moderate) | |||
| CVE-2019-1003049 | medium | — | 5.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2019-1003050 | medium | — | 5.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2019-25051 | medium | — | 5.5 | 4y ago | RHSA-2022:1808: aspell security update (Moderate) | |||
| CVE-2019-19004 | medium | — | 5.5 | 5y ago | RHSA-2021:4519: autotrace security update (Moderate) | |||
| CVE-2019-19005 | medium | — | 5.5 | 5y ago | RHSA-2021:4519: autotrace security update (Moderate) | |||
| CVE-2019-17595 | medium | — | 5.5 | 5y ago | RHSA-2021:4426: ncurses security update (Moderate) | |||
| CVE-2019-17594 | medium | — | 5.5 | 5y ago | RHSA-2021:4426: ncurses security update (Moderate) | |||
| CVE-2019-13750 | medium | — | 5.5 | 5y ago | Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. | |||
| CVE-2019-5827 | medium | — | 5.5 | 5y ago | Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2019-19603 | medium | — | 5.5 | 5y ago | RHSA-2021:4396: sqlite security update (Moderate) | |||
| CVE-2019-13751 | medium | — | 5.5 | 5y ago | Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2019-18218 | medium | — | 5.5 | 5y ago | cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). | |||
| CVE-2019-14615 | medium | — | 5.5 | 5y ago | Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via l… | |||
| CVE-2019-12973 | medium | — | 5.5 | 5y ago | RHSA-2021:4251: openjpeg2 security update (Moderate) | |||
| CVE-2019-14584 | medium | — | 5.5 | 5y ago | RHSA-2021:4198: edk2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-15845 | medium | — | 5.5 | 5y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-16201 | medium | — | 5.5 | 5y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-16254 | medium | — | 5.5 | 5y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-16255 | medium | — | 5.5 | 5y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20916 | medium | — | 5.5 | 5y ago | The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwr… | |||
| CVE-2019-20391 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20394 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20396 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20397 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20398 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20392 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20395 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20393 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20839 | medium | — | 5.5 | 5y ago | libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. | |||
| CVE-2019-13012 | medium | — | 5.5 | 5y ago | RHSA-2021:1586: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25013 | medium | — | 5.5 | 5y ago | RHSA-2021:1585: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9169 | medium | — | 5.5 | 5y ago | RHSA-2021:1585: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25041 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14866 | medium | — | 5.5 | 5y ago | RHSA-2021:1582: cpio security update (Moderate) | |||
| CVE-2019-25040 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25042 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25039 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25034 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25036 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25032 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25037 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25038 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25035 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20477 | medium | — | 5.5 | 5y ago | RHSA-2020:4641: python38:3.8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20372 | medium | — | 5.5 | 6y ago | RHSA-2020:5495: nginx:1.16 security update (Moderate) | |||
| CVE-2019-19481 | medium | — | 5.5 | 6y ago | RHSA-2020:4483: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14889 | medium | — | 5.5 | 6y ago | RHSA-2020:4545: libssh security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-15892 | medium | — | 5.5 | 6y ago | An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests… | |||
| CVE-2019-10179 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-10146 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-16680 | medium | — | 5.5 | 6y ago | RHSA-2020:4820: file-roller security update (Moderate) | |||
| CVE-2019-9278 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-18928 | medium | — | 5.5 | 6y ago | RHSA-2020:4655: cyrus-imapd security update (Moderate) | |||
| CVE-2019-20792 | medium | — | 5.5 | 6y ago | RHSA-2020:4483: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20387 | medium | — | 5.5 | 6y ago | repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. | |||
| CVE-2019-20218 | medium | — | 5.5 | 6y ago | RHSA-2020:4442: sqlite security update (Moderate) | |||
| CVE-2019-17185 | medium | — | 5.5 | 6y ago | RHSA-2020:4799: freeradius:3.0 security and bug fix update (Moderate) | |||
| CVE-2019-15166 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-19783 | medium | — | 5.5 | 6y ago | RHSA-2020:4655: cyrus-imapd security update (Moderate) | |||
| CVE-2019-7576 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7574 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7575 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7573 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7572 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-12420 | medium | — | 5.5 | 6y ago | RHSA-2020:4625: spamassassin security update (Moderate) | |||
| CVE-2019-19479 | medium | — | 5.5 | 6y ago | RHSA-2020:4483: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-15946 | medium | — | 5.5 | 6y ago | RHSA-2020:4483: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-13627 | medium | — | 5.5 | 6y ago | RHSA-2020:4482: libgcrypt security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-15945 | medium | — | 5.5 | 6y ago | RHSA-2020:4483: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20388 | medium | — | 5.5 | 6y ago | RHSA-2020:4479: libxml2 security update (Moderate) |