CVEs from 2019
Total
3,156
critical
critical 227
high
high 474
medium
medium 476
low
low 94
% Critical
7.2%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-3880 | medium | — | 5.5 | 7y ago | RHSA-2019:3582: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-16942 | medium | — | 5.5 | 7y ago | RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-2999 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2945 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2964 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2962 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2973 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2978 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2983 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2992 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2981 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2975 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2989 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2988 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-16335 | medium | — | 5.5 | 7y ago | RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14540 | medium | — | 5.5 | 7y ago | RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-1301 | medium | — | 5.5 | 7y ago | RHSA-2019:2731: .NET Core on Red Hat Enterprise Linux security and bug fix update (Moderate) | |||
| CVE-2019-9959 | medium | — | 5.5 | 7y ago | The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory ch… | |||
| CVE-2019-9903 | medium | — | 5.5 | 7y ago | PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passin… | |||
| CVE-2019-9631 | medium | — | 5.5 | 7y ago | Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. | |||
| CVE-2019-9200 | medium | — | 5.5 | 7y ago | A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It al… | |||
| CVE-2019-7310 | medium | — | 5.5 | 7y ago | In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash… | |||
| CVE-2019-12293 | medium | — | 5.5 | 7y ago | In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. | |||
| CVE-2019-10871 | medium | — | 5.5 | 7y ago | An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. | |||
| CVE-2019-6978 | medium | — | 5.5 | 7y ago | RHSA-2020:4659: gd security update (Moderate) | |||
| CVE-2019-11733 | medium | — | 5.5 | 7y ago | When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the… | |||
| CVE-2019-10747 | medium | — | 5.5 | 7y ago | RHSA-2021:0549: nodejs:12 security update (Moderate) | |||
| CVE-2019-10746 | medium | — | 5.5 | 7y ago | RHSA-2021:0549: nodejs:12 security update (Moderate) | |||
| CVE-2019-14234 | medium | — | 5.5 | 7y ago | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.… | |||
| CVE-2019-2627 | medium | — | 5.5 | 7y ago | RHSA-2019:3708: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2019-2737 | medium | — | 5.5 | 7y ago | RHSA-2019:3708: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2019-2628 | medium | — | 5.5 | 7y ago | RHSA-2019:3708: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2019-2758 | medium | — | 5.5 | 7y ago | RHSA-2019:3708: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2019-2739 | medium | — | 5.5 | 7y ago | RHSA-2019:3708: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2019-2740 | medium | — | 5.5 | 7y ago | RHSA-2019:3708: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2019-2537 | medium | — | 5.5 | 7y ago | RHSA-2019:3708: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2019-2614 | medium | — | 5.5 | 7y ago | RHSA-2019:3708: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2019-2805 | medium | — | 5.5 | 7y ago | RHSA-2019:3708: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2019-14233 | medium | — | 5.5 | 7y ago | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremel… | |||
| CVE-2019-14235 | medium | — | 5.5 | 7y ago | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage… | |||
| CVE-2019-14232 | medium | — | 5.5 | 7y ago | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, … | |||
| CVE-2019-17007 | medium | — | 5.5 | 7y ago | In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. | |||
| CVE-2019-0816 | medium | — | 5.5 | 7y ago | RHBA-2019:1992: cloud-init bug fix and enhancement update (Moderate) | |||
| CVE-2019-2821 | medium | — | 5.5 | 7y ago | RHSA-2019:1817: java-11-openjdk security update (Moderate) | |||
| CVE-2019-2842 | medium | — | 5.5 | 7y ago | RHSA-2019:1816: java-1.8.0-openjdk security update (Moderate) | |||
| CVE-2019-2818 | medium | — | 5.5 | 7y ago | RHSA-2019:1817: java-11-openjdk security update (Moderate) | |||
| CVE-2019-2745 | medium | — | 5.5 | 7y ago | RHSA-2019:1817: java-11-openjdk security update (Moderate) | |||
| CVE-2019-12814 | medium | — | 5.5 | 7y ago | RHBA-2019:3416: pki-core:10.6 and pki-deps:10:6 bug fix and enhancement update (Moderate) | |||
| CVE-2019-13114 | medium | — | 5.5 | 7y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-0804 | medium | — | 5.5 | 7y ago | RHSA-2019:1527: WALinuxAgent security update (Moderate) | |||
| CVE-2019-3827 | medium | — | 5.5 | 7y ago | An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authe… | |||
| CVE-2019-9741 | medium | — | 5.5 | 7y ago | RHSA-2019:1519: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2019-12308 | medium | — | 5.5 | 7y ago | An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without… | |||
| CVE-2019-12086 | medium | — | 5.5 | 7y ago | RHBA-2019:3416: pki-core:10.6 and pki-deps:10:6 bug fix and enhancement update (Moderate) | |||
| CVE-2019-2602 | medium | — | 5.5 | 7y ago | RHSA-2019:1518: java-11-openjdk security update (Moderate) | |||
| CVE-2019-2684 | medium | — | 5.5 | 7y ago | RHSA-2019:1518: java-11-openjdk security update (Moderate) | |||
| CVE-2019-6454 | medium | — | 5.5 | 7y ago | RHSA-2019:0990: systemd security and bug fix update (Moderate) | |||
| CVE-2019-11324 | medium | — | 5.5 | 7y ago | RHSA-2020:1916: python-pip security update (Moderate) | |||
| CVE-2019-7164 | medium | — | 5.5 | 7y ago | RHSA-2019:0984: python36:3.6 security update (Moderate) | |||
| CVE-2019-7548 | medium | — | 5.5 | 7y ago | RHSA-2019:0984: python36:3.6 security update (Moderate) | |||
| CVE-2019-8325 | medium | — | 5.5 | 7y ago | RHBA-2019:3384: ruby:2.5 bug fix and enhancement update (Moderate) | |||
| CVE-2019-8323 | medium | — | 5.5 | 7y ago | RHBA-2019:3384: ruby:2.5 bug fix and enhancement update (Moderate) | |||
| CVE-2019-8322 | medium | — | 5.5 | 7y ago | RHBA-2019:3384: ruby:2.5 bug fix and enhancement update (Moderate) | |||
| CVE-2019-8321 | medium | — | 5.5 | 7y ago | RHBA-2019:3384: ruby:2.5 bug fix and enhancement update (Moderate) | |||
| CVE-2019-8320 | medium | — | 5.5 | 7y ago | RHBA-2019:3384: ruby:2.5 bug fix and enhancement update (Moderate) | |||
| CVE-2019-8331 | medium | — | 5.5 | 7y ago | Bootstrap Vulnerable to Cross-Site Scripting | |||
| CVE-2019-6975 | medium | — | 5.5 | 7y ago | Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() func… | |||
| CVE-2019-3498 | medium | — | 5.5 | 8y ago | In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defa… | |||
| CVE-2019-3881 | medium | — | 5.5 | 8y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-13118 | medium | 5.3 | 5.3 | 4y ago | In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, … | |||
| CVE-2019-13117 | medium | 5.3 | 5.3 | 7y ago | In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte o… | |||
| CVE-2019-7317 | medium | 5.3 | 5.3 | 7y ago | png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | |||
| CVE-2019-16230 | medium | 4.7 | 4.7 | 7y ago | drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer stat… | |||
| CVE-2019-15213 | medium | 4.6 | 4.6 | 7y ago | An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver. | |||
| CVE-2019-25717 | medium | 4.3 | 4.3 | 2d ago | Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection… | |||
| CVE-2019-25723 | medium | 4.0 | 4.0 | 2d ago | Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted n… | |||
| CVE-2019-9621 | unknown | — | 2.5 | 11mo ago | Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery (SSRF) vulnerability via the ProxyServlet component. | |||
| CVE-2019-16278 | unknown | — | 2.5 | 2y ago | Nostromo nhttpd contains a directory traversal vulnerability in the http_verify() function in a non-chrooted nhttpd server allowing for remote code execution. | |||
| CVE-2019-7256 | unknown | — | 2.5 | 2y ago | Nice Linear eMerge E3-Series contains an OS command injection vulnerability that allows an attacker to conduct remote code execution. | |||
| CVE-2019-20500 | unknown | — | 2.5 | 3y ago | D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?act… | |||
| CVE-2019-17621 | unknown | — | 2.5 | 3y ago | D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by send… | |||
| CVE-2019-8605 | unknown | — | 2.5 | 4y ago | A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges. | |||
| CVE-2019-7195 | unknown | — | 2.5 | 4y ago | QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files. | |||
| CVE-2019-7194 | unknown | — | 2.5 | 4y ago | QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files. | |||
| CVE-2019-7192 | unknown | — | 2.5 | 4y ago | QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system. | |||
| CVE-2019-5825 | unknown | — | 2.5 | 4y ago | Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect m… | |||
| CVE-2019-3010 | unknown | — | 2.5 | 4y ago | Oracle Solaris component: XScreenSaver contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2019-18426 | unknown | — | 2.5 | 4y ago | A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading. | |||
| CVE-2019-7286 | unknown | — | 2.5 | 4y ago | Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation. | |||
| CVE-2019-1003030 | unknown | — | 2.5 | 4y ago | Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution. | |||
| CVE-2019-1003029 | unknown | — | 2.5 | 4y ago | Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox. | |||
| CVE-2019-3929 | unknown | — | 2.5 | 4y ago | Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system comma… | |||
| CVE-2019-2616 | unknown | — | 2.5 | 4y ago | Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attributes this vulnerability to allowing for au… | |||
| CVE-2019-12991 | unknown | — | 2.5 | 4y ago | Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance. | |||
| CVE-2019-12989 | unknown | — | 2.5 | 4y ago | Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection. | |||
| CVE-2019-15107 | unknown | — | 2.5 | 4y ago | An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability. | |||
| CVE-2019-10068 | unknown | — | 2.5 | 4y ago | Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution. | |||
| CVE-2019-1322 | unknown | — | 2.5 | 4y ago | A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated conte… | |||
| CVE-2019-1405 | unknown | — | 2.5 | 4y ago | A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation. | |||
| CVE-2019-0841 | unknown | — | 2.5 | 4y ago | A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. |