CVEs from 2019
Total
3,162
critical
critical 238
high
high 484
medium
medium 485
low
low 95
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-16764 | unknown | — | — | 4y ago | Denial of service | |||
| CVE-2019-9942 | unknown | — | — | 4y ago | Twig Sandbox Information Disclosure | |||
| CVE-2019-18887 | unknown | — | — | 4y ago | An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/h… | |||
| CVE-2019-10905 | unknown | — | — | 4y ago | Parsedown Class-Name Injection | |||
| CVE-2019-11228 | unknown | — | — | 4y ago | Gitea Improper Input Validation in github.com/go-gitea/gitea | |||
| CVE-2019-14802 | unknown | — | — | 4y ago | Hashicorp Nomad Information Exposure Through Environmental Variables in github.com/hashicorp/nomad | |||
| CVE-2019-16097 | unknown | — | — | 4y ago | Missing Authorization in Harbor in github.com/goharbor/harbor | |||
| CVE-2019-12243 | unknown | — | — | 4y ago | Istio may not check inbound TCP connections against istio-policy | |||
| CVE-2019-11244 | unknown | — | — | 4y ago | In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). I… | |||
| CVE-2019-3792 | unknown | — | — | 4y ago | Pivotal Concourse SQL Injection Vulnerability | |||
| CVE-2019-1002101 | unknown | — | — | 4y ago | The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kub… | |||
| CVE-2019-3564 | unknown | — | — | 4y ago | Denial of service via ignored unknown fields in github.com/facebook/fbthrift | |||
| CVE-2019-9039 | unknown | — | — | 4y ago | SQL Injection in Couchbase Sync Gateway | |||
| CVE-2019-3902 | unknown | — | — | 4y ago | A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository. | |||
| CVE-2019-19030 | unknown | — | — | 4y ago | Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030) in github.com/goharbor/harbor | |||
| CVE-2019-10062 | unknown | — | — | 4y ago | Cross-site Scripting in aurelia-framework | |||
| CVE-2019-19935 | unknown | — | — | 4y ago | DOM-based cross-site scripting in Froala Editor | |||
| CVE-2019-2391 | unknown | — | — | 4y ago | Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB In… | |||
| CVE-2019-14900 | unknown | — | — | 4y ago | SQL Injection in Hibernate ORM | |||
| CVE-2019-12416 | unknown | — | — | 4y ago | Injection in DeltaSpike | |||
| CVE-2019-10091 | unknown | — | — | 4y ago | Apache Geode SSL endpoint verification vulnerability | |||
| CVE-2019-11343 | unknown | — | — | 4y ago | Vulnerability in Torpedo Query | |||
| CVE-2019-20922 | unknown | — | — | 4y ago | Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow… | |||
| CVE-2019-20920 | unknown | — | — | 4y ago | Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arb… | |||
| CVE-2019-20903 | unknown | — | — | 4y ago | Cross-site scripting in @atlaskit/editor-core | |||
| CVE-2019-17640 | unknown | — | — | 4y ago | Path Traversal in Eclipse Vert | |||
| CVE-2019-15609 | unknown | — | — | 4y ago | OS Command Injection and Command Injection in kill-port-process | |||
| CVE-2019-10803 | unknown | — | — | 4y ago | push-dir Enables OS Command Injection | |||
| CVE-2019-15608 | unknown | — | — | 4y ago | The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. Th… | |||
| CVE-2019-10797 | unknown | — | — | 4y ago | HTTP Response Splitting in WSO2 transport-http | |||
| CVE-2019-10795 | unknown | — | — | 4y ago | Prototype Pollution in undefsafe | |||
| CVE-2019-10793 | unknown | — | — | 4y ago | Prototype Pollution in dot-object | |||
| CVE-2019-17566 | unknown | — | — | 4y ago | Server-side request forgery (SSRF) in Apache Batik | |||
| CVE-2019-10196 | unknown | — | — | 5y ago | Resource Exhaustion Denial of Service in http-proxy-agent | |||
| CVE-2019-17557 | unknown | — | — | 5y ago | Cross-site scripting in Apache Syncome EndUser | |||
| CVE-2019-11328 | unknown | — | — | 5y ago | Incorrect Permission Assignment for Critical Resource in Singularity | |||
| CVE-2019-11254 | unknown | — | — | 5y ago | The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to c… | |||
| CVE-2019-10170 | unknown | — | — | 5y ago | Privilege Defined With Unsafe Actions in Keycloak | |||
| CVE-2019-5064 | unknown | — | — | 5y ago | Out-of-bounds Write in OpenCV | |||
| CVE-2019-5063 | unknown | — | — | 5y ago | Out-of-bounds Write in OpenCV | |||
| CVE-2019-19624 | unknown | — | — | 5y ago | Out-of-bounds Read in OpenCV | |||
| CVE-2019-9423 | unknown | — | — | 5y ago | Out-of-bounds Write in OpenCV | |||
| CVE-2019-16249 | unknown | — | — | 5y ago | Out-of-bounds Read in OpenCV | |||
| CVE-2019-15939 | unknown | — | — | 5y ago | Divide By Zero in OpenCV. | |||
| CVE-2019-14493 | unknown | — | — | 5y ago | An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp. | |||
| CVE-2019-14492 | unknown | — | — | 5y ago | Out-of-bounds Read and Out-of-bounds Write in OpenCV | |||
| CVE-2019-14491 | unknown | — | — | 5y ago | Out-of-bounds Read in OpenCV | |||
| CVE-2019-10061 | unknown | — | — | 5y ago | utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary comman… | |||
| CVE-2019-18413 | unknown | — | — | 5y ago | SQL Injection and Cross-site Scripting in class-validator | |||
| CVE-2019-10762 | unknown | — | — | 5y ago | SQL Injection in medoo | |||
| CVE-2019-10217 | unknown | — | — | 5y ago | A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_conte… | |||
| CVE-2019-20455 | unknown | — | — | 5y ago | Improper Certificate Validation in Heartland & Global Payments PHP SDK | |||
| CVE-2019-5444 | unknown | — | — | 5y ago | Path Traversal in serve-here.js | |||
| CVE-2019-14671 | unknown | — | — | 5y ago | Improper Input Validation in Firefly III | |||
| CVE-2019-10095 | unknown | — | — | 5y ago | Bash command injection in Apache Zeppelin | |||
| CVE-2019-20894 | unknown | — | — | 5y ago | Improper Authentication in github.com/containous/traefik | |||
| CVE-2019-16354 | unknown | — | — | 5y ago | Incorrect permissions for critical resource in github.com/astaxie/beego | |||
| CVE-2019-16355 | unknown | — | — | 5y ago | Incorrect permissions for critical resource in github.com/astaxie/beego | |||
| CVE-2019-25050 | unknown | — | — | 5y ago | netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and… | |||
| CVE-2019-20786 | unknown | — | — | 5y ago | Improper authentication in github.com/pion/dtls | |||
| CVE-2019-7725 | unknown | — | — | 5y ago | Deserialization of Untrusted Data in NukeViet | |||
| CVE-2019-7726 | unknown | — | — | 5y ago | SQL Injection in NukeViet | |||
| CVE-2019-20789 | unknown | — | — | 5y ago | Croos-site scripting in Croogo | |||
| CVE-2019-19794 | unknown | — | — | 5y ago | The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to res… | |||
| CVE-2019-19025 | unknown | — | — | 5y ago | Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor | |||
| CVE-2019-19026 | unknown | — | — | 5y ago | SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor | |||
| CVE-2019-19029 | unknown | — | — | 5y ago | SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor | |||
| CVE-2019-19023 | unknown | — | — | 5y ago | Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor | |||
| CVE-2019-20933 | unknown | — | — | 5y ago | InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret). | |||
| CVE-2019-19316 | unknown | — | — | 5y ago | Use of a Broken or Risky Cryptographic Algorithm in Terraform in github.com/hashicorp/terraform | |||
| CVE-2019-13126 | unknown | — | — | 5y ago | An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authe… | |||
| CVE-2019-14544 | unknown | — | — | 5y ago | Insecure Permissions in Gogs in gogs.io/gogs | |||
| CVE-2019-13209 | unknown | — | — | 5y ago | Cross-site request forgery in github.com/rancher/rancher | |||
| CVE-2019-12405 | unknown | — | — | 5y ago | Improper Authentication in Apache Traffic Control | |||
| CVE-2019-10223 | unknown | — | — | 5y ago | Exposure of sensitive information in k8s.io/kube-state-metrics | |||
| CVE-2019-17110 | unknown | — | — | 5y ago | Exposure of sensitive information in k8s.io/kube-state-metrics | |||
| CVE-2019-11253 | unknown | — | — | 5y ago | Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON paylo… | |||
| CVE-2019-0210 | unknown | — | — | 5y ago | In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. | |||
| CVE-2019-10743 | unknown | — | — | 5y ago | Path Traversal in MHolt Archiver | |||
| CVE-2019-11289 | unknown | — | — | 5y ago | Panic in decryption in code.cloudfoundry.org/gorouter | |||
| CVE-2019-19619 | unknown | — | — | 5y ago | Cross-site scripting in github.com/documize/community | |||
| CVE-2019-12999 | unknown | — | — | 5y ago | Improper Access Control in Lightning Network Daemon in github.com/lightningnetwork/lnd | |||
| CVE-2019-11251 | unknown | — | — | 5y ago | The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place… | |||
| CVE-2019-20921 | unknown | — | — | 5y ago | Cross-site scripting in bootstrap-select | |||
| CVE-2019-10806 | unknown | — | — | 5y ago | Improperly Controlled Modification of Dynamically-Determined Object Attributes in vega-util | |||
| CVE-2019-10808 | unknown | — | — | 5y ago | Improperly Controlled Modification of Dynamically-Determined Object Attributes in utilitify | |||
| CVE-2019-14905 | unknown | — | — | 5y ago | A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a f… | |||
| CVE-2019-14904 | unknown | — | — | 5y ago | A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' b… | |||
| CVE-2019-25027 | unknown | — | — | 5y ago | Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13 | |||
| CVE-2019-25028 | unknown | — | — | 5y ago | Stored cross-site scripting in Grid component in Vaadin 7 and 8 | |||
| CVE-2019-10789 | unknown | — | — | 5y ago | OS Command Injection in curling | |||
| CVE-2019-10792 | unknown | — | — | 5y ago | Injection in bodymen | |||
| CVE-2019-10796 | unknown | — | — | 5y ago | OS Command Injection in rpi | |||
| CVE-2019-10798 | unknown | — | — | 5y ago | Uncontrolled Resource Consumption in rdf-graph-array | |||
| CVE-2019-10799 | unknown | — | — | 5y ago | OS Command Injection in compile-sass | |||
| CVE-2019-10801 | unknown | — | — | 5y ago | OS Command Injection in enpeem | |||
| CVE-2019-10804 | unknown | — | — | 5y ago | OS Command Injection in serial-number | |||
| CVE-2019-10802 | unknown | — | — | 5y ago | OS Command Injection in giting | |||
| CVE-2019-10805 | unknown | — | — | 5y ago | Exposure of Resource to Wrong Sphere in valib | |||
| CVE-2019-17636 | unknown | — | — | 5y ago | Insufficient Verification of Data Authenticity in Eclipse Theia |