CVEs from 2019
Total
3,163
critical
critical 231
high
high 484
medium
medium 483
low
low 94
% Critical
7.3%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-11039 | medium | — | 5.5 | 6y ago | RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-11048 | medium | — | 5.5 | 6y ago | RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-11047 | medium | — | 5.5 | 6y ago | RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-11050 | medium | — | 5.5 | 6y ago | RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-17006 | medium | — | 5.5 | 6y ago | In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the in… | |||
| CVE-2019-20908 | medium | — | 5.5 | 6y ago | An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or s… | |||
| CVE-2019-20479 | medium | — | 5.5 | 6y ago | RHSA-2020:3032: mod_auth_openidc:2.3 security and bug fix update (Moderate) | |||
| CVE-2019-14857 | medium | — | 5.5 | 6y ago | RHSA-2020:3032: mod_auth_openidc:2.3 security and bug fix update (Moderate) | |||
| CVE-2019-18281 | medium | — | 5.5 | 6y ago | RHSA-2020:1665: qt5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14822 | medium | — | 5.5 | 6y ago | RHSA-2020:1880: ibus and glib2 security and bug fix update (Moderate) | |||
| CVE-2019-13636 | medium | — | 5.5 | 6y ago | RHSA-2020:1852: patch security and bug fix update (Moderate) | |||
| CVE-2019-12447 | medium | — | 5.5 | 6y ago | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. | |||
| CVE-2019-12449 | medium | — | 5.5 | 6y ago | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations fro… | |||
| CVE-2019-12448 | medium | — | 5.5 | 6y ago | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write. | |||
| CVE-2019-3825 | medium | — | 5.5 | 6y ago | RHSA-2020:1766: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-11034 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-11035 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9020 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9021 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-11036 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9022 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9640 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9639 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9638 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9637 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9024 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9023 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-16935 | medium | — | 5.5 | 6y ago | RHSA-2020:4433: python3 security and bug fix update (Moderate) | |||
| CVE-2019-16056 | medium | — | 5.5 | 6y ago | RHSA-2020:1764: python3 security and bug fix update (Moderate) | |||
| CVE-2019-13112 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20421 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9143 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-13111 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-13113 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-13109 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9852 | medium | — | 5.5 | 6y ago | LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to … | |||
| CVE-2019-19959 | medium | — | 5.5 | 6y ago | RHSA-2020:1810: sqlite security and bug fix update (Moderate) | |||
| CVE-2019-8457 | medium | — | 5.5 | 6y ago | RHSA-2020:1810: sqlite security and bug fix update (Moderate) | |||
| CVE-2019-9853 | medium | — | 5.5 | 6y ago | LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw exis… | |||
| CVE-2019-9850 | medium | — | 5.5 | 6y ago | LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice… | |||
| CVE-2019-9849 | medium | — | 5.5 | 6y ago | LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who w… | |||
| CVE-2019-10218 | medium | — | 5.5 | 6y ago | RHSA-2020:1878: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-11596 | medium | — | 5.5 | 6y ago | RHSA-2020:1576: memcached security update (Moderate) | |||
| CVE-2019-5094 | medium | — | 5.5 | 6y ago | RHSA-2020:1913: e2fsprogs security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-5188 | medium | — | 5.5 | 6y ago | RHSA-2020:1913: e2fsprogs security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-5481 | medium | — | 5.5 | 6y ago | Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. | |||
| CVE-2019-5482 | medium | — | 5.5 | 6y ago | Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. | |||
| CVE-2019-13038 | medium | — | 5.5 | 6y ago | RHSA-2020:1660: mod_auth_mellon security and bug fix update (Moderate) | |||
| CVE-2019-19234 | medium | — | 5.5 | 6y ago | In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to… | |||
| CVE-2019-19232 | medium | — | 5.5 | 6y ago | In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The so… | |||
| CVE-2019-14563 | medium | — | 5.5 | 6y ago | RHSA-2020:1712: edk2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-18934 | medium | — | 5.5 | 6y ago | RHSA-2020:1716: unbound security update (Moderate) | |||
| CVE-2019-19330 | medium | — | 5.5 | 6y ago | RHSA-2020:1725: haproxy security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14818 | medium | — | 5.5 | 6y ago | RHSA-2020:1735: dpdk security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-15043 | medium | — | 5.5 | 6y ago | denial of service in grafana | |||
| CVE-2019-1010180 | medium | — | 5.5 | 6y ago | RHSA-2020:1635: gdb security and bug fix update (Moderate) | |||
| CVE-2019-5436 | medium | — | 5.5 | 6y ago | A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. | |||
| CVE-2019-6477 | medium | — | 5.5 | 6y ago | RHSA-2020:1845: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-13753 | medium | — | 5.5 | 6y ago | Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2019-9854 | medium | — | 5.5 | 6y ago | LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to … | |||
| CVE-2019-19923 | medium | — | 5.5 | 6y ago | flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or inc… | |||
| CVE-2019-15847 | medium | — | 5.5 | 6y ago | RHSA-2020:1864: gcc security and bug fix update (Moderate) | |||
| CVE-2019-10197 | medium | — | 5.5 | 6y ago | RHSA-2020:1878: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14907 | medium | — | 5.5 | 6y ago | RHSA-2020:1878: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-1549 | medium | — | 5.5 | 6y ago | RHSA-2020:1840: openssl security and bug fix update (Moderate) | |||
| CVE-2019-19925 | medium | — | 5.5 | 6y ago | zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. | |||
| CVE-2019-13456 | medium | — | 5.5 | 6y ago | RHSA-2020:1672: freeradius:3.0 security update (Moderate) | |||
| CVE-2019-18277 | medium | — | 5.5 | 6y ago | RHSA-2020:1725: haproxy security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-1547 | medium | — | 5.5 | 6y ago | RHSA-2020:1840: openssl security and bug fix update (Moderate) | |||
| CVE-2019-13752 | medium | — | 5.5 | 6y ago | Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2019-14973 | medium | — | 5.5 | 6y ago | RHSA-2020:1688: libtiff security update (Moderate) | |||
| CVE-2019-17041 | medium | — | 5.5 | 6y ago | RHSA-2020:1702: rsyslog security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-1563 | medium | — | 5.5 | 6y ago | RHSA-2020:1840: openssl security and bug fix update (Moderate) | |||
| CVE-2019-19924 | medium | — | 5.5 | 6y ago | RHSA-2020:1810: sqlite security and bug fix update (Moderate) | |||
| CVE-2019-17042 | medium | — | 5.5 | 6y ago | RHSA-2020:1702: rsyslog security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-15691 | medium | — | 5.5 | 6y ago | RHSA-2020:1497: tigervnc security update (Moderate) | |||
| CVE-2019-15692 | medium | — | 5.5 | 6y ago | RHSA-2020:1497: tigervnc security update (Moderate) | |||
| CVE-2019-15694 | medium | — | 5.5 | 6y ago | RHSA-2020:1497: tigervnc security update (Moderate) | |||
| CVE-2019-15695 | medium | — | 5.5 | 6y ago | RHSA-2020:1497: tigervnc security update (Moderate) | |||
| CVE-2019-15693 | medium | — | 5.5 | 6y ago | RHSA-2020:1497: tigervnc security update (Moderate) | |||
| CVE-2019-15030 | medium | — | 5.5 | 6y ago | In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local… | |||
| CVE-2019-20892 | medium | — | 5.5 | 6y ago | RHBA-2020:1376: net-snmp bug fix and enhancement update (Moderate) | |||
| CVE-2019-18660 | medium | — | 5.5 | 6y ago | The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/… | |||
| CVE-2019-19527 | medium | — | 5.5 | 6y ago | In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. | |||
| CVE-2019-15031 | medium | — | 5.5 | 6y ago | In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a trans… | |||
| CVE-2019-18874 | medium | — | 5.5 | 6y ago | RHSA-2021:4324: python-psutil security update (Moderate) | |||
| CVE-2019-20330 | medium | — | 5.5 | 6y ago | RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-10164 | medium | — | 5.5 | 6y ago | RHSA-2020:3669: postgresql:10 security and bug fix update (Moderate) | |||
| CVE-2019-14865 | medium | — | 5.5 | 6y ago | RHSA-2020:0335: grub2 security update (Moderate) | |||
| CVE-2019-2996 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-17631 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-8678 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for … | |||
| CVE-2019-8680 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for … | |||
| CVE-2019-8683 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6… | |||
| CVE-2019-8684 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6… | |||
| CVE-2019-8688 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6… | |||
| CVE-2019-8707 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processin… | |||
| CVE-2019-8822 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windo… | |||
| CVE-2019-8821 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windo… | |||
| CVE-2019-8644 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for … |