CVEs from 2019
Total
3,164
critical
critical 238
high
high 485
medium
medium 485
low
low 94
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-19543 | medium | — | 5.5 | 6y ago | In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c. | |||
| CVE-2019-16231 | medium | — | 5.5 | 6y ago | drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | |||
| CVE-2019-19533 | medium | — | 5.5 | 6y ago | In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. | |||
| CVE-2019-11041 | medium | — | 5.5 | 6y ago | RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-11042 | medium | — | 5.5 | 6y ago | RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-19246 | medium | — | 5.5 | 6y ago | RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-11040 | medium | — | 5.5 | 6y ago | RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-11048 | medium | — | 5.5 | 6y ago | RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-11045 | medium | — | 5.5 | 6y ago | RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-11047 | medium | — | 5.5 | 6y ago | RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-11039 | medium | — | 5.5 | 6y ago | RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-11050 | medium | — | 5.5 | 6y ago | RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-17006 | medium | — | 5.5 | 6y ago | In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the in… | |||
| CVE-2019-20908 | medium | — | 5.5 | 6y ago | An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or s… | |||
| CVE-2019-14857 | medium | — | 5.5 | 6y ago | RHSA-2020:3032: mod_auth_openidc:2.3 security and bug fix update (Moderate) | |||
| CVE-2019-20479 | medium | — | 5.5 | 6y ago | RHSA-2020:3032: mod_auth_openidc:2.3 security and bug fix update (Moderate) | |||
| CVE-2019-18281 | medium | — | 5.5 | 6y ago | RHSA-2020:1665: qt5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14822 | medium | — | 5.5 | 6y ago | RHSA-2020:1880: ibus and glib2 security and bug fix update (Moderate) | |||
| CVE-2019-13636 | medium | — | 5.5 | 6y ago | RHSA-2020:1852: patch security and bug fix update (Moderate) | |||
| CVE-2019-3825 | medium | — | 5.5 | 6y ago | RHSA-2020:1766: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-12448 | medium | — | 5.5 | 6y ago | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write. | |||
| CVE-2019-12449 | medium | — | 5.5 | 6y ago | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations fro… | |||
| CVE-2019-12447 | medium | — | 5.5 | 6y ago | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. | |||
| CVE-2019-11036 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-11034 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-11035 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9020 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9639 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9640 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9021 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9637 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9638 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9024 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9022 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9023 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-16935 | medium | — | 5.5 | 6y ago | RHSA-2020:4433: python3 security and bug fix update (Moderate) | |||
| CVE-2019-16056 | medium | — | 5.5 | 6y ago | RHSA-2020:1764: python3 security and bug fix update (Moderate) | |||
| CVE-2019-13111 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-13109 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-13112 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9143 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20421 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-13113 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14563 | medium | — | 5.5 | 6y ago | RHSA-2020:1712: edk2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-13038 | medium | — | 5.5 | 6y ago | RHSA-2020:1660: mod_auth_mellon security and bug fix update (Moderate) | |||
| CVE-2019-17042 | medium | — | 5.5 | 6y ago | RHSA-2020:1702: rsyslog security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9850 | medium | — | 5.5 | 6y ago | LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice… | |||
| CVE-2019-14907 | medium | — | 5.5 | 6y ago | RHSA-2020:1878: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-15043 | medium | — | 5.5 | 6y ago | denial of service in grafana | |||
| CVE-2019-9849 | medium | — | 5.5 | 6y ago | LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who w… | |||
| CVE-2019-11596 | medium | — | 5.5 | 6y ago | RHSA-2020:1576: memcached security update (Moderate) | |||
| CVE-2019-17041 | medium | — | 5.5 | 6y ago | RHSA-2020:1702: rsyslog security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-19234 | medium | — | 5.5 | 6y ago | In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to… | |||
| CVE-2019-8457 | medium | — | 5.5 | 6y ago | RHSA-2020:1810: sqlite security and bug fix update (Moderate) | |||
| CVE-2019-10218 | medium | — | 5.5 | 6y ago | RHSA-2020:1878: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-19923 | medium | — | 5.5 | 6y ago | flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or inc… | |||
| CVE-2019-19924 | medium | — | 5.5 | 6y ago | RHSA-2020:1810: sqlite security and bug fix update (Moderate) | |||
| CVE-2019-19925 | medium | — | 5.5 | 6y ago | zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. | |||
| CVE-2019-19959 | medium | — | 5.5 | 6y ago | RHSA-2020:1810: sqlite security and bug fix update (Moderate) | |||
| CVE-2019-9853 | medium | — | 5.5 | 6y ago | LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw exis… | |||
| CVE-2019-15847 | medium | — | 5.5 | 6y ago | RHSA-2020:1864: gcc security and bug fix update (Moderate) | |||
| CVE-2019-9852 | medium | — | 5.5 | 6y ago | LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to … | |||
| CVE-2019-9854 | medium | — | 5.5 | 6y ago | LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to … | |||
| CVE-2019-19232 | medium | — | 5.5 | 6y ago | In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The so… | |||
| CVE-2019-10197 | medium | — | 5.5 | 6y ago | RHSA-2020:1878: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-5188 | medium | — | 5.5 | 6y ago | RHSA-2020:1913: e2fsprogs security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-19330 | medium | — | 5.5 | 6y ago | RHSA-2020:1725: haproxy security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-6477 | medium | — | 5.5 | 6y ago | RHSA-2020:1845: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14818 | medium | — | 5.5 | 6y ago | RHSA-2020:1735: dpdk security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-13753 | medium | — | 5.5 | 6y ago | Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2019-5482 | medium | — | 5.5 | 6y ago | Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. | |||
| CVE-2019-1547 | medium | — | 5.5 | 6y ago | RHSA-2020:1840: openssl security and bug fix update (Moderate) | |||
| CVE-2019-1563 | medium | — | 5.5 | 6y ago | RHSA-2020:1840: openssl security and bug fix update (Moderate) | |||
| CVE-2019-13752 | medium | — | 5.5 | 6y ago | Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2019-5094 | medium | — | 5.5 | 6y ago | RHSA-2020:1913: e2fsprogs security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-5436 | medium | — | 5.5 | 6y ago | A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. | |||
| CVE-2019-1549 | medium | — | 5.5 | 6y ago | RHSA-2020:1840: openssl security and bug fix update (Moderate) | |||
| CVE-2019-1010180 | medium | — | 5.5 | 6y ago | RHSA-2020:1635: gdb security and bug fix update (Moderate) | |||
| CVE-2019-13456 | medium | — | 5.5 | 6y ago | RHSA-2020:1672: freeradius:3.0 security update (Moderate) | |||
| CVE-2019-18277 | medium | — | 5.5 | 6y ago | RHSA-2020:1725: haproxy security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14973 | medium | — | 5.5 | 6y ago | RHSA-2020:1688: libtiff security update (Moderate) | |||
| CVE-2019-18934 | medium | — | 5.5 | 6y ago | RHSA-2020:1716: unbound security update (Moderate) | |||
| CVE-2019-5481 | medium | — | 5.5 | 6y ago | Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. | |||
| CVE-2019-15695 | medium | — | 5.5 | 6y ago | RHSA-2020:1497: tigervnc security update (Moderate) | |||
| CVE-2019-15691 | medium | — | 5.5 | 6y ago | RHSA-2020:1497: tigervnc security update (Moderate) | |||
| CVE-2019-15692 | medium | — | 5.5 | 6y ago | RHSA-2020:1497: tigervnc security update (Moderate) | |||
| CVE-2019-15693 | medium | — | 5.5 | 6y ago | RHSA-2020:1497: tigervnc security update (Moderate) | |||
| CVE-2019-15694 | medium | — | 5.5 | 6y ago | RHSA-2020:1497: tigervnc security update (Moderate) | |||
| CVE-2019-15031 | medium | — | 5.5 | 6y ago | In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a trans… | |||
| CVE-2019-18660 | medium | — | 5.5 | 6y ago | The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/… | |||
| CVE-2019-20892 | medium | — | 5.5 | 6y ago | RHBA-2020:1376: net-snmp bug fix and enhancement update (Moderate) | |||
| CVE-2019-19527 | medium | — | 5.5 | 6y ago | In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. | |||
| CVE-2019-15030 | medium | — | 5.5 | 6y ago | In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local… | |||
| CVE-2019-18874 | medium | — | 5.5 | 6y ago | RHSA-2021:4324: python-psutil security update (Moderate) | |||
| CVE-2019-20330 | medium | — | 5.5 | 6y ago | RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-10164 | medium | — | 5.5 | 6y ago | RHSA-2020:3669: postgresql:10 security and bug fix update (Moderate) | |||
| CVE-2019-14865 | medium | — | 5.5 | 6y ago | RHSA-2020:0335: grub2 security update (Moderate) | |||
| CVE-2019-2996 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-17631 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-8658 | medium | — | 5.5 | 7y ago | A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows… |