CVEs from 2019
Total
3,165
critical
critical 231
high
high 484
medium
medium 483
low
low 94
% Critical
7.3%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-2687 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2625 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2626 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2879 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2592 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2507 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2695 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2636 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2494 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2486 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2797 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2530 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2785 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2529 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2780 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2528 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-10216 | high | — | 8.0 | 7y ago | RHSA-2019:2465: ghostscript security update (Important) | |||
| CVE-2019-10193 | high | — | 8.0 | 7y ago | RHSA-2019:2002: redis:5 security update (Important) | |||
| CVE-2019-10192 | high | — | 8.0 | 7y ago | RHSA-2019:2002: redis:5 security update (Important) | |||
| CVE-2019-10181 | high | — | 8.0 | 7y ago | RHSA-2019:2004: icedtea-web security update (Important) | |||
| CVE-2019-10182 | high | — | 8.0 | 7y ago | RHSA-2019:2004: icedtea-web security update (Important) | |||
| CVE-2019-10185 | high | — | 8.0 | 7y ago | RHSA-2019:2004: icedtea-web security update (Important) | |||
| CVE-2019-11811 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_… | |||
| CVE-2019-11085 | high | — | 8.0 | 7y ago | Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local acce… | |||
| CVE-2019-11810 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_bas… | |||
| CVE-2019-2769 | high | — | 8.0 | 7y ago | RHSA-2019:2590: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-2816 | high | — | 8.0 | 7y ago | RHSA-2019:2590: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-2786 | high | — | 8.0 | 7y ago | RHSA-2019:2590: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-2762 | high | — | 8.0 | 7y ago | RHSA-2019:2590: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-11356 | high | — | 8.0 | 7y ago | RHSA-2019:1771: cyrus-imapd security update (Important) | |||
| CVE-2019-6471 | high | — | 8.0 | 7y ago | RHSA-2019:1714: bind security update (Important) | |||
| CVE-2019-12384 | high | — | 8.0 | 7y ago | RHSA-2019:2720: pki-deps:10.6 security update (Important) | |||
| CVE-2019-12781 | high | — | 8.0 | 7y ago | An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT set… | |||
| CVE-2019-10167 | high | — | 8.0 | 7y ago | RHSA-2019:1580: virt:rhel security update (Important) | |||
| CVE-2019-10166 | high | — | 8.0 | 7y ago | RHSA-2019:1580: virt:rhel security update (Important) | |||
| CVE-2019-10168 | high | — | 8.0 | 7y ago | RHSA-2019:1580: virt:rhel security update (Important) | |||
| CVE-2019-10161 | high | — | 8.0 | 7y ago | RHSA-2019:1580: virt:rhel security update (Important) | |||
| CVE-2019-11479 | high | — | 8.0 | 7y ago | Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. … | |||
| CVE-2019-11478 | high | — | 8.0 | 7y ago | Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences… | |||
| CVE-2019-11477 | high | — | 8.0 | 7y ago | Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker c… | |||
| CVE-2019-3885 | high | — | 8.0 | 7y ago | RHSA-2019:1279: pacemaker security and bug fix update (Important) | |||
| CVE-2019-10132 | high | — | 8.0 | 7y ago | RHSA-2019:1268: virt:rhel security update (Important) | |||
| CVE-2019-0757 | high | — | 8.0 | 7y ago | RHSA-2019:1259: dotnet security, bug fix, and enhancement update (Important) | |||
| CVE-2019-3856 | high | — | 8.0 | 7y ago | RHSA-2019:1175: virt:rhel security update (Important) | |||
| CVE-2019-3863 | high | — | 8.0 | 7y ago | RHSA-2019:1175: virt:rhel security update (Important) | |||
| CVE-2019-9003 | high | — | 8.0 | 7y ago | In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by … | |||
| CVE-2019-3855 | high | — | 8.0 | 7y ago | RHSA-2019:1175: virt:rhel security update (Important) | |||
| CVE-2019-3857 | high | — | 8.0 | 7y ago | RHSA-2019:1175: virt:rhel security update (Important) | |||
| CVE-2019-5785 | high | — | 8.0 | 7y ago | Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | |||
| CVE-2019-10063 | high | — | 8.0 | 7y ago | RHSA-2019:1143: flatpak security update (Important) | |||
| CVE-2019-11235 | high | — | 8.0 | 7y ago | RHSA-2019:1142: freeradius:3.0 security update (Important) | |||
| CVE-2019-11234 | high | — | 8.0 | 7y ago | RHSA-2019:1142: freeradius:3.0 security update (Important) | |||
| CVE-2019-9636 | high | — | 8.0 | 7y ago | RHSA-2019:0997: python3 security update (Important) | |||
| CVE-2019-5953 | high | — | 8.0 | 7y ago | RHSA-2019:0983: wget security update (Important) | |||
| CVE-2019-3878 | high | — | 8.0 | 7y ago | RHSA-2019:0985: mod_auth_mellon security update (Important) | |||
| CVE-2019-0215 | high | — | 8.0 | 7y ago | In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restri… | |||
| CVE-2019-3838 | high | — | 8.0 | 7y ago | RHSA-2019:0971: ghostscript security update (Important) | |||
| CVE-2019-3835 | high | — | 8.0 | 7y ago | RHSA-2019:0971: ghostscript security update (Important) | |||
| CVE-2019-3839 | high | — | 8.0 | 7y ago | RHSA-2019:0971: ghostscript security update (Important) | |||
| CVE-2019-3816 | high | — | 8.0 | 7y ago | RHSA-2019:0972: openwsman security update (Important) | |||
| CVE-2019-10906 | high | — | 8.0 | 7y ago | RHSA-2019:1152: python-jinja2 security update (Important) | |||
| CVE-2019-8324 | high | — | 8.0 | 7y ago | RHSA-2019:1972: ruby:2.5 security update (Important) | |||
| CVE-2019-25634 | high | 7.8 | 7.8 | 2mo ago | Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers… | |||
| CVE-2019-19378 | high | 7.8 | 7.8 | 7y ago | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c. | |||
| CVE-2019-10996 | high | 7.8 | 7.8 | 7y ago | Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input … | |||
| CVE-2019-10984 | high | 7.8 | 7.8 | 7y ago | Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input … | |||
| CVE-2019-10978 | high | 7.8 | 7.8 | 7y ago | Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input … | |||
| CVE-2019-13106 | high | 7.8 | 7.8 | 7y ago | Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. | |||
| CVE-2019-13104 | high | 7.8 | 7.8 | 7y ago | In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. | |||
| CVE-2019-11687 | high | 7.8 | 7.8 | 7y ago | An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b and continuing in current implementations. The 128-byte preamble of a DICOM file that complies w… | |||
| CVE-2019-25722 | high | 7.6 | 7.6 | 3d ago | Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and r… | |||
| CVE-2019-18197 | high | 7.5 | 7.5 | 4y ago | RHSA-2020:4464: libxslt security update (Moderate) | |||
| CVE-2019-18336 | high | 7.5 | 7.5 | 6y ago | A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC TDC CP51M1 (All versions < V1.1.8), SIMATIC TDC CPU55… | |||
| CVE-2019-6857 | high | 7.5 | 7.5 | 7y ago | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) … | |||
| CVE-2019-6856 | high | 7.5 | 7.5 | 7y ago | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) … | |||
| CVE-2019-6852 | high | 7.5 | 7.5 | 7y ago | A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication mo… | |||
| CVE-2019-6829 | high | 7.5 | 7.5 | 7y ago | A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service… | |||
| CVE-2019-6819 | high | 7.5 | 7.5 | 7y ago | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the produ… | |||
| CVE-2019-10953 | high | 7.5 | 7.5 | 7y ago | ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due … | |||
| CVE-2019-6575 | high | 7.5 | 7.5 | 7y ago | A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdo… | |||
| CVE-2019-6568 | high | 7.5 | 7.5 | 7y ago | The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the we… | |||
| CVE-2019-25737 | high | 7.2 | 7.2 | 21h ago | Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit pay… | |||
| CVE-2019-25731 | high | 7.2 | 7.2 | 21h ago | Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inje… | |||
| CVE-2019-13103 | high | 7.1 | 7.1 | 7y ago | A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwr… | |||
| CVE-2019-8720 | medium | — | 7.0 | 4y ago | WebKitGTK contains a memory corruption vulnerability which can allow an attacker to perform remote code execution. | |||
| CVE-2019-6109 | medium | 6.8 | 6.8 | 7y ago | An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the… | |||
| CVE-2019-8341 | medium | — | 6.5 | — | An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then ret… | |||
| CVE-2019-25740 | medium | 6.5 | 6.5 | 21h ago | Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requ… | |||
| CVE-2019-25720 | medium | 6.5 | 6.5 | 2d ago | Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain a denial-of-service vulnerability in all software versions that allows unauthenticated attackers to reboot th… | |||
| CVE-2019-25724 | medium | 6.5 | 6.5 | 3d ago | Dräger Infinity M300 patient worn monitors with software version VG2.x and earlier contain a network-based denial of service vulnerability that allows attackers with access to the hospital or Infinit… | |||
| CVE-2019-25721 | medium | 6.5 | 6.5 | 3d ago | Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier contain a network-based denial of service vulnerability that allows network-adjacent attackers to repeatedly trigg… | |||
| CVE-2019-25716 | medium | 6.5 | 6.5 | 4d ago | Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet… | |||
| CVE-2019-15794 | medium | — | 6.5 | 5y ago | Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the or… | |||
| CVE-2019-16168 | medium | 6.5 | 6.5 | 5y ago | RHSA-2021:1968: mingw packages security and bug fix update (Moderate) | |||
| CVE-2019-3842 | medium | — | 6.5 | 5y ago | In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular config… | |||
| CVE-2019-10098 | medium | — | 6.5 | 6y ago | In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL wi… | |||
| CVE-2019-10092 | medium | — | 6.5 | 6y ago | In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instea… | |||
| CVE-2019-6977 | medium | — | 6.5 | 6y ago | RHSA-2020:4659: gd security update (Moderate) | |||
| CVE-2019-8820 | medium | — | 6.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCl… | |||
| CVE-2019-3843 | medium | — | 6.5 | 6y ago | It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminate… |