CVEs from 2019
Total
3,175
critical
critical 231
high
high 484
medium
medium 483
low
low 94
% Critical
7.3%
% with KEV
3.7%
% with exploit
7.9%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-3822 | medium | — | 5.5 | 7y ago | libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_mess… | |||
| CVE-2019-12749 | medium | — | 5.5 | 7y ago | dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofi… | |||
| CVE-2019-0220 | medium | — | 5.5 | 7y ago | A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule… | |||
| CVE-2019-15718 | medium | — | 5.5 | 7y ago | In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access… | |||
| CVE-2019-3814 | medium | — | 5.5 | 7y ago | It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could … | |||
| CVE-2019-3823 | medium | — | 5.5 | 7y ago | libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL termi… | |||
| CVE-2019-16942 | medium | — | 5.5 | 7y ago | RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-2999 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2992 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2989 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2962 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2945 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2978 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2988 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2983 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2981 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2975 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2973 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2964 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-16335 | medium | — | 5.5 | 7y ago | RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14540 | medium | — | 5.5 | 7y ago | RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-1301 | medium | — | 5.5 | 7y ago | RHSA-2019:2731: .NET Core on Red Hat Enterprise Linux security and bug fix update (Moderate) | |||
| CVE-2019-12293 | medium | — | 5.5 | 7y ago | In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. | |||
| CVE-2019-9959 | medium | — | 5.5 | 7y ago | The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory ch… | |||
| CVE-2019-9903 | medium | — | 5.5 | 7y ago | PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passin… | |||
| CVE-2019-10871 | medium | — | 5.5 | 7y ago | An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. | |||
| CVE-2019-9631 | medium | — | 5.5 | 7y ago | Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. | |||
| CVE-2019-9200 | medium | — | 5.5 | 7y ago | A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It al… | |||
| CVE-2019-7310 | medium | — | 5.5 | 7y ago | In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash… | |||
| CVE-2019-6978 | medium | — | 5.5 | 7y ago | RHSA-2020:4659: gd security update (Moderate) | |||
| CVE-2019-11733 | medium | — | 5.5 | 7y ago | When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the… | |||
| CVE-2019-10747 | medium | — | 5.5 | 7y ago | RHSA-2021:0549: nodejs:12 security update (Moderate) | |||
| CVE-2019-10746 | medium | — | 5.5 | 7y ago | RHSA-2021:0549: nodejs:12 security update (Moderate) | |||
| CVE-2019-14234 | medium | — | 5.5 | 7y ago | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.… | |||
| CVE-2019-2537 | medium | — | 5.5 | 7y ago | RHSA-2019:3708: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2019-2805 | medium | — | 5.5 | 7y ago | RHSA-2019:3708: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2019-2740 | medium | — | 5.5 | 7y ago | RHSA-2019:3708: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2019-2739 | medium | — | 5.5 | 7y ago | RHSA-2019:3708: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2019-2737 | medium | — | 5.5 | 7y ago | RHSA-2019:3708: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2019-2758 | medium | — | 5.5 | 7y ago | RHSA-2019:3708: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2019-2628 | medium | — | 5.5 | 7y ago | RHSA-2019:3708: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2019-2627 | medium | — | 5.5 | 7y ago | RHSA-2019:3708: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2019-2614 | medium | — | 5.5 | 7y ago | RHSA-2019:3708: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2019-14233 | medium | — | 5.5 | 7y ago | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremel… | |||
| CVE-2019-14235 | medium | — | 5.5 | 7y ago | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage… | |||
| CVE-2019-14232 | medium | — | 5.5 | 7y ago | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, … | |||
| CVE-2019-17007 | medium | — | 5.5 | 7y ago | In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. | |||
| CVE-2019-0816 | medium | — | 5.5 | 7y ago | RHBA-2019:1992: cloud-init bug fix and enhancement update (Moderate) | |||
| CVE-2019-2842 | medium | — | 5.5 | 7y ago | RHSA-2019:1816: java-1.8.0-openjdk security update (Moderate) | |||
| CVE-2019-2821 | medium | — | 5.5 | 7y ago | RHSA-2019:1817: java-11-openjdk security update (Moderate) | |||
| CVE-2019-2818 | medium | — | 5.5 | 7y ago | RHSA-2019:1817: java-11-openjdk security update (Moderate) | |||
| CVE-2019-2745 | medium | — | 5.5 | 7y ago | RHSA-2019:1817: java-11-openjdk security update (Moderate) | |||
| CVE-2019-12814 | medium | — | 5.5 | 7y ago | RHBA-2019:3416: pki-core:10.6 and pki-deps:10:6 bug fix and enhancement update (Moderate) | |||
| CVE-2019-13114 | medium | — | 5.5 | 7y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-3827 | medium | — | 5.5 | 7y ago | An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authe… | |||
| CVE-2019-0804 | medium | — | 5.5 | 7y ago | RHSA-2019:1527: WALinuxAgent security update (Moderate) | |||
| CVE-2019-9741 | medium | — | 5.5 | 7y ago | RHSA-2019:1519: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2019-12308 | medium | — | 5.5 | 7y ago | An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without… | |||
| CVE-2019-12086 | medium | — | 5.5 | 7y ago | RHBA-2019:3416: pki-core:10.6 and pki-deps:10:6 bug fix and enhancement update (Moderate) | |||
| CVE-2019-2684 | medium | — | 5.5 | 7y ago | RHSA-2019:1518: java-11-openjdk security update (Moderate) | |||
| CVE-2019-2602 | medium | — | 5.5 | 7y ago | RHSA-2019:1518: java-11-openjdk security update (Moderate) | |||
| CVE-2019-6454 | medium | — | 5.5 | 7y ago | An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming … | |||
| CVE-2019-11324 | medium | — | 5.5 | 7y ago | RHSA-2020:1916: python-pip security update (Moderate) | |||
| CVE-2019-7164 | medium | — | 5.5 | 7y ago | RHSA-2019:0984: python36:3.6 security update (Moderate) | |||
| CVE-2019-7548 | medium | — | 5.5 | 7y ago | RHSA-2019:0984: python36:3.6 security update (Moderate) | |||
| CVE-2019-8323 | medium | — | 5.5 | 7y ago | RHBA-2019:3384: ruby:2.5 bug fix and enhancement update (Moderate) | |||
| CVE-2019-8322 | medium | — | 5.5 | 7y ago | RHBA-2019:3384: ruby:2.5 bug fix and enhancement update (Moderate) | |||
| CVE-2019-8321 | medium | — | 5.5 | 7y ago | RHBA-2019:3384: ruby:2.5 bug fix and enhancement update (Moderate) | |||
| CVE-2019-8320 | medium | — | 5.5 | 7y ago | RHBA-2019:3384: ruby:2.5 bug fix and enhancement update (Moderate) | |||
| CVE-2019-8325 | medium | — | 5.5 | 7y ago | RHBA-2019:3384: ruby:2.5 bug fix and enhancement update (Moderate) | |||
| CVE-2019-8331 | medium | — | 5.5 | 7y ago | Bootstrap Vulnerable to Cross-Site Scripting | |||
| CVE-2019-6975 | medium | — | 5.5 | 7y ago | Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() func… | |||
| CVE-2019-3498 | medium | — | 5.5 | 8y ago | In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defa… | |||
| CVE-2019-3881 | medium | — | 5.5 | 8y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-13118 | medium | 5.3 | 5.3 | 4y ago | In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, … | |||
| CVE-2019-13117 | medium | 5.3 | 5.3 | 7y ago | In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte o… | |||
| CVE-2019-7317 | medium | 5.3 | 5.3 | 7y ago | png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | |||
| CVE-2019-16230 | medium | 4.7 | 4.7 | 7y ago | drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer stat… | |||
| CVE-2019-14360 | medium | 4.6 | 4.6 | 7y ago | On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allow… | |||
| CVE-2019-15213 | medium | 4.6 | 4.6 | 7y ago | An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver. | |||
| CVE-2019-25717 | medium | 4.3 | 4.3 | 3d ago | Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection… | |||
| CVE-2019-25734 | medium | 4.0 | 4.0 | 13h ago | Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanit… | |||
| CVE-2019-25723 | medium | 4.0 | 4.0 | 2d ago | Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted n… |