CVEs from 2019
Total
3,164
critical
critical 238
high
high 485
medium
medium 485
low
low 94
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-18928 | medium | — | 5.5 | 6y ago | RHSA-2020:4655: cyrus-imapd security update (Moderate) | |||
| CVE-2019-19783 | medium | — | 5.5 | 6y ago | RHSA-2020:4655: cyrus-imapd security update (Moderate) | |||
| CVE-2019-5018 | medium | — | 5.5 | 6y ago | RHSA-2020:4442: sqlite security update (Moderate) | |||
| CVE-2019-20812 | medium | — | 5.5 | 6y ago | An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a cer… | |||
| CVE-2019-20218 | medium | — | 5.5 | 6y ago | RHSA-2020:4442: sqlite security update (Moderate) | |||
| CVE-2019-20387 | medium | — | 5.5 | 6y ago | repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. | |||
| CVE-2019-19479 | medium | — | 5.5 | 6y ago | RHSA-2020:4483: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-19481 | medium | — | 5.5 | 6y ago | RHSA-2020:4483: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20792 | medium | — | 5.5 | 6y ago | RHSA-2020:4483: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-7578 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7577 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7576 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7574 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7575 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7573 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7572 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-12420 | medium | — | 5.5 | 6y ago | RHSA-2020:4625: spamassassin security update (Moderate) | |||
| CVE-2019-14889 | medium | — | 5.5 | 6y ago | RHSA-2020:4545: libssh security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-15945 | medium | — | 5.5 | 6y ago | RHSA-2020:4483: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-13627 | medium | — | 5.5 | 6y ago | RHSA-2020:4482: libgcrypt security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-15946 | medium | — | 5.5 | 6y ago | RHSA-2020:4483: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-13225 | medium | — | 5.5 | 6y ago | RHSA-2020:4827: oniguruma security update (Moderate) | |||
| CVE-2019-0197 | medium | — | 5.5 | 6y ago | A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2… | |||
| CVE-2019-10081 | medium | — | 5.5 | 6y ago | HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copi… | |||
| CVE-2019-0196 | medium | — | 5.5 | 6y ago | A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining th… | |||
| CVE-2019-10082 | medium | — | 5.5 | 6y ago | In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. | |||
| CVE-2019-10097 | medium | — | 5.5 | 6y ago | In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buf… | |||
| CVE-2019-18860 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-18676 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-12520 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-12524 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-12521 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-12523 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-12526 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-12528 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-12529 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-12854 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-18677 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-18679 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-18678 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20446 | medium | — | 5.5 | 6y ago | RHSA-2020:4709: librsvg2 security update (Moderate) | |||
| CVE-2019-3833 | medium | — | 5.5 | 6y ago | RHSA-2020:4689: openwsman security update (Moderate) | |||
| CVE-2019-20485 | medium | — | 5.5 | 6y ago | RHSA-2020:4676: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-15890 | medium | — | 5.5 | 6y ago | libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. | |||
| CVE-2019-20907 | medium | — | 5.5 | 6y ago | In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. | |||
| CVE-2019-17546 | medium | — | 5.5 | 6y ago | tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, rela… | |||
| CVE-2019-2126 | medium | — | 5.5 | 6y ago | RHSA-2020:4629: libvpx security update (Moderate) | |||
| CVE-2019-9232 | medium | — | 5.5 | 6y ago | RHSA-2020:4629: libvpx security update (Moderate) | |||
| CVE-2019-9371 | medium | — | 5.5 | 6y ago | RHSA-2020:4629: libvpx security update (Moderate) | |||
| CVE-2019-9433 | medium | — | 5.5 | 6y ago | RHSA-2020:4629: libvpx security update (Moderate) | |||
| CVE-2019-20454 | medium | — | 5.5 | 6y ago | RHSA-2020:4539: pcre2 security and enhancement update (Moderate) | |||
| CVE-2019-19906 | medium | — | 5.5 | 6y ago | RHSA-2020:4497: cyrus-sasl security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-13050 | medium | — | 5.5 | 6y ago | RHSA-2020:4490: gnupg2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-8816 | medium | — | 5.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCl… | |||
| CVE-2019-8625 | medium | — | 5.5 | 6y ago | A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafte… | |||
| CVE-2019-8771 | medium | — | 5.5 | 6y ago | This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. | |||
| CVE-2019-8769 | medium | — | 5.5 | 6y ago | An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafte… | |||
| CVE-2019-8844 | medium | — | 5.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTun… | |||
| CVE-2019-8766 | medium | — | 5.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arb… | |||
| CVE-2019-8846 | medium | — | 5.5 | 6y ago | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, i… | |||
| CVE-2019-8811 | medium | — | 5.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCl… | |||
| CVE-2019-8783 | medium | — | 5.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windo… | |||
| CVE-2019-8782 | medium | — | 5.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windo… | |||
| CVE-2019-8814 | medium | — | 5.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windo… | |||
| CVE-2019-8813 | medium | — | 5.5 | 6y ago | A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing … | |||
| CVE-2019-8710 | medium | — | 5.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code e… | |||
| CVE-2019-8812 | medium | — | 5.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Pro… | |||
| CVE-2019-8808 | medium | — | 5.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Pro… | |||
| CVE-2019-8823 | medium | — | 5.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windo… | |||
| CVE-2019-8835 | medium | — | 5.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for … | |||
| CVE-2019-8764 | medium | — | 5.5 | 6y ago | A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting. | |||
| CVE-2019-8819 | medium | — | 5.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windo… | |||
| CVE-2019-8743 | medium | — | 5.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution. | |||
| CVE-2019-8815 | medium | — | 5.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windo… | |||
| CVE-2019-18609 | medium | — | 5.5 | 6y ago | RHSA-2020:4445: librabbitmq security update (Moderate) | |||
| CVE-2019-19221 | medium | — | 5.5 | 6y ago | RHSA-2020:4443: libarchive security update (Moderate) | |||
| CVE-2019-18808 | medium | — | 5.5 | 6y ago | A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429… | |||
| CVE-2019-9458 | medium | — | 5.5 | 6y ago | In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User inte… | |||
| CVE-2019-9455 | medium | — | 5.5 | 6y ago | In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User inte… | |||
| CVE-2019-20054 | medium | — | 5.5 | 6y ago | In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. | |||
| CVE-2019-19770 | medium | — | 5.5 | 6y ago | In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created … | |||
| CVE-2019-19767 | medium | — | 5.5 | 6y ago | The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext… | |||
| CVE-2019-19537 | medium | — | 5.5 | 6y ago | In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/… | |||
| CVE-2019-19533 | medium | — | 5.5 | 6y ago | In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. | |||
| CVE-2019-19602 | medium | — | 5.5 | 6y ago | fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or … | |||
| CVE-2019-19524 | medium | — | 5.5 | 6y ago | In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. | |||
| CVE-2019-19447 | medium | — | 5.5 | 6y ago | In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orp… | |||
| CVE-2019-19319 | medium | — | 5.5 | 6y ago | In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/x… | |||
| CVE-2019-19072 | medium | — | 5.5 | 6y ago | A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96… | |||
| CVE-2019-19068 | medium | — | 5.5 | 6y ago | A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memo… | |||
| CVE-2019-19062 | medium | — | 5.5 | 6y ago | A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_r… | |||
| CVE-2019-19056 | medium | — | 5.5 | 6y ago | A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory c… | |||
| CVE-2019-19046 | medium | — | 5.5 | 6y ago | A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by tri… | |||
| CVE-2019-18809 | medium | — | 5.5 | 6y ago | A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka C… | |||
| CVE-2019-20636 | medium | — | 5.5 | 6y ago | In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. | |||
| CVE-2019-19332 | medium | — | 5.5 | 6y ago | An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get … | |||
| CVE-2019-19543 | medium | — | 5.5 | 6y ago | In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c. | |||
| CVE-2019-19063 | medium | — | 5.5 | 6y ago | Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), ak… | |||
| CVE-2019-16231 | medium | — | 5.5 | 6y ago | drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | |||
| CVE-2019-15917 | medium | — | 5.5 | 6y ago | An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. |