CVEs from 2019
Total
3,161
critical
critical 238
high
high 484
medium
medium 485
low
low 95
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-10783 | unknown | — | — | 5y ago | OS Command Injection in lsof | |||
| CVE-2019-10786 | unknown | — | — | 5y ago | Improper Input Validation in network-manager | |||
| CVE-2019-10788 | unknown | — | — | 5y ago | OS Command Injection in im-metadata | |||
| CVE-2019-10787 | unknown | — | — | 5y ago | OS Command Injection in im-resize | |||
| CVE-2019-0924 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-0922 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-0916 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-0923 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-0917 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-0913 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-0915 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-0914 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-0911 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-0912 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-1106 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-1103 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-1092 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-1062 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-0992 | unknown | — | — | 5y ago | Chakra Scripting Engine Out-of-bounds write | |||
| CVE-2019-1003 | unknown | — | — | 5y ago | Chakra Scripting Engine Out-of-bounds write | |||
| CVE-2019-0989 | unknown | — | — | 5y ago | Chakra Scripting Engine Memory Corruption Vulnerability | |||
| CVE-2019-0937 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-0933 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-0927 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-1196 | unknown | — | — | 5y ago | Out-of-bounds write in ChakraCore | |||
| CVE-2019-1195 | unknown | — | — | 5y ago | Out-of-bounds write in Microsoft.ChakraCore | |||
| CVE-2019-1141 | unknown | — | — | 5y ago | Out-of-bounds write in Microsoft.ChakraCore | |||
| CVE-2019-1139 | unknown | — | — | 5y ago | Out-of-bounds write in Microsoft.ChakraCore | |||
| CVE-2019-0993 | unknown | — | — | 5y ago | Chakra Scripting Engine Out-of-bounds write | |||
| CVE-2019-1140 | unknown | — | — | 5y ago | Out-of-bounds write in Microsoft.ChakraCore | |||
| CVE-2019-1131 | unknown | — | — | 5y ago | Out-of-bounds write in Microsoft.ChakraCore | |||
| CVE-2019-0991 | unknown | — | — | 5y ago | Chakra Scripting Engine Out-of-bounds write | |||
| CVE-2019-0925 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-1107 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-1197 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-1138 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-1217 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-1237 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-1298 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-1300 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-1308 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-1307 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-1335 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-1366 | unknown | — | — | 5y ago | Out-of-bounds write | |||
| CVE-2019-15151 | unknown | — | — | 5y ago | Double Free in Adplug | |||
| CVE-2019-25025 | unknown | — | — | 5y ago | Activerecord-session_store Vulnerable to Timing Attack | |||
| CVE-2019-10775 | unknown | — | — | 6y ago | Denial of Service in ecstatic | |||
| CVE-2019-0219 | unknown | — | — | 6y ago | Privilege Escalation in cordova-plugin-inappbrowser | |||
| CVE-2019-19723 | unknown | — | — | 6y ago | Improper Authorization in passport-cognito | |||
| CVE-2019-15599 | unknown | — | — | 6y ago | Command Injection in tree-kill | |||
| CVE-2019-10765 | unknown | — | — | 6y ago | Arbitrary File Write in iobroker.admin | |||
| CVE-2019-16728 | unknown | — | — | 6y ago | Cross-Site Scripting in dompurify | |||
| CVE-2019-17638 | unknown | — | — | 6y ago | Operation on a Resource after Expiration or Release in Jetty Server | |||
| CVE-2019-14273 | unknown | — | — | 6y ago | Broken access control on files | |||
| CVE-2019-13990 | unknown | — | — | 6y ago | XML external entity injection in Terracotta Quartz Scheduler | |||
| CVE-2019-17572 | unknown | — | — | 6y ago | Directory traversal in Apache RocketMQ | |||
| CVE-2019-2692 | unknown | — | — | 6y ago | Privilege escalation in mysql-connector-jav | |||
| CVE-2019-16303 | unknown | — | — | 6y ago | JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0 | |||
| CVE-2019-17267 | unknown | — | — | 6y ago | A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. | |||
| CVE-2019-10781 | unknown | — | — | 6y ago | Validation Bypass in schema-inspector | |||
| CVE-2019-17570 | unknown | — | — | 6y ago | Insecure Deserialization in Apache XML-RPC | |||
| CVE-2019-17573 | unknown | — | — | 6y ago | Reflected Cross-Site Scripting in Apache CXF | |||
| CVE-2019-10682 | unknown | — | — | 6y ago | django-nopassword before 5.0.0 stores cleartext secrets in the database. | |||
| CVE-2019-12423 | unknown | — | — | 6y ago | Private key leak in Apache CXF | |||
| CVE-2019-14893 | unknown | — | — | 6y ago | A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when u… | |||
| CVE-2019-14892 | unknown | — | — | 6y ago | A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 … | |||
| CVE-2019-12399 | unknown | — | — | 6y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Kafka | |||
| CVE-2019-1010091 | unknown | — | — | 6y ago | XSS in TinyMCE | |||
| CVE-2019-12398 | unknown | — | — | 6y ago | In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain … | |||
| CVE-2019-1000007 | unknown | — | — | 6y ago | aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can resu… | |||
| CVE-2019-14820 | unknown | — | — | 6y ago | Exposure of Sensitive Information to an Unauthorized Actor in Keycloak | |||
| CVE-2019-12186 | unknown | — | — | 6y ago | XSS injection in the Grid component of Sylius | |||
| CVE-2019-10778 | unknown | — | — | 6y ago | OS Command Injection in devcert-sanscache | |||
| CVE-2019-19911 | unknown | — | — | 6y ago | There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit … | |||
| CVE-2019-15603 | unknown | — | — | 6y ago | Cross-Site Scripting in seeftl | |||
| CVE-2019-15602 | unknown | — | — | 6y ago | Cross-Site Scripting in fileview | |||
| CVE-2019-14859 | unknown | — | — | 6y ago | A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted… | |||
| CVE-2019-14862 | unknown | — | — | 6y ago | There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynami… | |||
| CVE-2019-15600 | unknown | — | — | 6y ago | Cross-Site Scripting in http_server | |||
| CVE-2019-15596 | unknown | — | — | 6y ago | Path Traversal in statics-server | |||
| CVE-2019-20149 | unknown | — | — | 6y ago | ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafte… | |||
| CVE-2019-19135 | unknown | — | — | 6y ago | Insufficient Nonce Validation in Eclipse Milo Client | |||
| CVE-2019-10138 | unknown | — | — | 6y ago | A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone auth… | |||
| CVE-2019-17569 | unknown | — | — | 6y ago | The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were … | |||
| CVE-2019-19634 | unknown | — | — | 6y ago | class.upload.php in verot.net omits .pht from the set of dangerous file extensions | |||
| CVE-2019-10772 | unknown | — | — | 6y ago | Sanitizer bypass in svg-sanitizer | |||
| CVE-2019-12413 | unknown | — | — | 6y ago | In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query. | |||
| CVE-2019-12414 | unknown | — | — | 6y ago | In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab | |||
| CVE-2019-14864 | unknown | — | — | 6y ago | Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used… | |||
| CVE-2019-19325 | unknown | — | — | 6y ago | Reflected XSS in SilverStripe | |||
| CVE-2019-20444 | unknown | — | — | 6y ago | HTTP Request Smuggling in Netty | |||
| CVE-2019-20445 | unknown | — | — | 6y ago | HTTP Request Smuggling in Netty | |||
| CVE-2019-10790 | unknown | — | — | 6y ago | TaffyDB can allow access to any data items in the DB | |||
| CVE-2019-10773 | unknown | — | — | 6y ago | In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten… | |||
| CVE-2019-10777 | unknown | — | — | 6y ago | OS command injection in aws-lambda | |||
| CVE-2019-10776 | unknown | — | — | 6y ago | OS command injection in git-diff-apply | |||
| CVE-2019-15597 | unknown | — | — | 6y ago | Command Injection in node-df | |||
| CVE-2019-14863 | unknown | — | — | 6y ago | AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes | |||
| CVE-2019-10780 | unknown | — | — | 6y ago | BibTeX-Ruby vulnerable to OS command injection | |||
| CVE-2019-10785 | unknown | — | — | 6y ago | XSS in dojox due to insufficient escape in dojox.xmpp.util.xmlEncode |