CVEs from 2019
Total
3,163
critical
critical 238
high
high 485
medium
medium 485
low
low 94
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-7256 | unknown | — | 2.5 | 2y ago | Nice Linear eMerge E3-Series contains an OS command injection vulnerability that allows an attacker to conduct remote code execution. | |||
| CVE-2019-17621 | unknown | — | 2.5 | 3y ago | D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by send… | |||
| CVE-2019-20500 | unknown | — | 2.5 | 3y ago | D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?act… | |||
| CVE-2019-8605 | unknown | — | 2.5 | 4y ago | A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges. | |||
| CVE-2019-7192 | unknown | — | 2.5 | 4y ago | QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system. | |||
| CVE-2019-5825 | unknown | — | 2.5 | 4y ago | Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect m… | |||
| CVE-2019-7194 | unknown | — | 2.5 | 4y ago | QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files. | |||
| CVE-2019-7195 | unknown | — | 2.5 | 4y ago | QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files. | |||
| CVE-2019-3010 | unknown | — | 2.5 | 4y ago | Oracle Solaris component: XScreenSaver contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2019-18426 | unknown | — | 2.5 | 4y ago | A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading. | |||
| CVE-2019-7286 | unknown | — | 2.5 | 4y ago | Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation. | |||
| CVE-2019-1003030 | unknown | — | 2.5 | 4y ago | Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution. | |||
| CVE-2019-1003029 | unknown | — | 2.5 | 4y ago | Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox. | |||
| CVE-2019-3929 | unknown | — | 2.5 | 4y ago | Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system comma… | |||
| CVE-2019-15107 | unknown | — | 2.5 | 4y ago | An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability. | |||
| CVE-2019-12991 | unknown | — | 2.5 | 4y ago | Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance. | |||
| CVE-2019-12989 | unknown | — | 2.5 | 4y ago | Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection. | |||
| CVE-2019-2616 | unknown | — | 2.5 | 4y ago | Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attributes this vulnerability to allowing for au… | |||
| CVE-2019-10068 | unknown | — | 2.5 | 4y ago | Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution. | |||
| CVE-2019-1322 | unknown | — | 2.5 | 4y ago | A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated conte… | |||
| CVE-2019-1132 | unknown | — | 2.5 | 4y ago | A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. | |||
| CVE-2019-1405 | unknown | — | 2.5 | 4y ago | A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation. | |||
| CVE-2019-0841 | unknown | — | 2.5 | 4y ago | A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. | |||
| CVE-2019-0543 | unknown | — | 2.5 | 4y ago | A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated conte… | |||
| CVE-2019-1253 | unknown | — | 2.5 | 4y ago | A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. | |||
| CVE-2019-1652 | unknown | — | 2.5 | 4y ago | A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges… | |||
| CVE-2019-0752 | unknown | — | 2.5 | 4y ago | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer | |||
| CVE-2019-7609 | unknown | — | 2.5 | 5y ago | Kibana contain an arbitrary code execution flaw in the Timelion visualizer. | |||
| CVE-2019-1458 | unknown | — | 2.5 | 5y ago | A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP. | |||
| CVE-2019-2725 | unknown | — | 2.5 | 5y ago | Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). | |||
| CVE-2019-9670 | unknown | — | 2.5 | 5y ago | Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component. | |||
| CVE-2019-20838 | low | — | 2.5 | 5y ago | RHSA-2021:4373: pcre security update (Low) | |||
| CVE-2019-0604 | unknown | — | 2.5 | 5y ago | Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of the SharePoint applica… | |||
| CVE-2019-15949 | unknown | — | 2.5 | 5y ago | Nagios XI contains a remote code execution vulnerability in which a user can modify the check_plugin executable and insert malicious commands to execute as root. | |||
| CVE-2019-0863 | unknown | — | 2.5 | 5y ago | Microsoft Windows Error Reporting (WER) contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode. | |||
| CVE-2019-18988 | unknown | — | 2.5 | 5y ago | TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt p… | |||
| CVE-2019-4716 | unknown | — | 2.5 | 5y ago | IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. | |||
| CVE-2019-2215 | unknown | — | 2.5 | 5y ago | Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-… | |||
| CVE-2019-15752 | unknown | — | 2.5 | 5y ago | Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop… | |||
| CVE-2019-0808 | unknown | — | 2.5 | 5y ago | Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run code in kernel mode. | |||
| CVE-2019-20085 | unknown | — | 2.5 | 5y ago | TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests. | |||
| CVE-2019-11510 | unknown | — | 2.5 | 5y ago | Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI. | |||
| CVE-2019-16759 | unknown | — | 2.5 | 5y ago | The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. | |||
| CVE-2019-0708 | unknown | — | 2.5 | 5y ago | Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send… | |||
| CVE-2019-3398 | unknown | — | 2.5 | 5y ago | Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can… | |||
| CVE-2019-0803 | unknown | — | 2.5 | 5y ago | Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in k… | |||
| CVE-2019-18935 | unknown | — | 2.5 | 5y ago | Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe proce… | |||
| CVE-2019-1653 | unknown | — | 2.5 | 5y ago | Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diag… | |||
| CVE-2019-3396 | unknown | — | 2.5 | 5y ago | Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution. | |||
| CVE-2019-19781 | unknown | — | 2.5 | 5y ago | Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution. | |||
| CVE-2019-9978 | unknown | — | 2.5 | 5y ago | WordPress Social Warfare plugin contains a cross-site scripting (XSS) vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social Warfare Pro. | |||
| CVE-2019-11580 | unknown | — | 2.5 | 5y ago | Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds. | |||
| CVE-2019-1215 | unknown | — | 2.5 | 5y ago | Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys (Winsock) handles objects in memory, allowing for privilege escalation. Successful exploitation allows an attacker t… | |||
| CVE-2019-8394 | unknown | — | 2.5 | 5y ago | Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization. | |||
| CVE-2019-9082 | unknown | — | 2.5 | 5y ago | ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by… | |||
| CVE-2019-1429 | unknown | — | 2.5 | 5y ago | Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user. | |||
| CVE-2019-11539 | unknown | — | 2.5 | 5y ago | Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands. | |||
| CVE-2019-0541 | unknown | — | 2.5 | 5y ago | Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability. | |||
| CVE-2019-17402 | low | — | 2.5 | 5y ago | RHSA-2021:1758: exiv2 security, bug fix, and enhancement update (Low) | |||
| CVE-2019-2708 | low | — | 2.5 | 5y ago | RHSA-2021:1675: libdb security update (Low) | |||
| CVE-2019-18276 | low | — | 2.5 | 5y ago | RHSA-2021:1679: bash security and bug fix update (Low) | |||
| CVE-2019-20386 | low | — | 2.5 | 6y ago | An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. | |||
| CVE-2019-1551 | low | — | 2.5 | 6y ago | RHSA-2020:4514: openssl security, bug fix, and enhancement update (Low) | |||
| CVE-2019-17450 | low | — | 2.5 | 6y ago | RHSA-2020:4465: binutils security update (Low) | |||
| CVE-2019-16167 | low | — | 2.5 | 6y ago | RHSA-2020:4638: sysstat security update (Low) | |||
| CVE-2019-14494 | low | — | 2.5 | 6y ago | An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. | |||
| CVE-2019-15165 | low | — | 2.5 | 6y ago | RHSA-2020:4547: libpcap security, bug fix, and enhancement update (Low) | |||
| CVE-2019-1010305 | low | — | 2.5 | 6y ago | RHSA-2020:1686: libmspack security and bug fix update (Low) | |||
| CVE-2019-13045 | low | — | 2.5 | 6y ago | RHSA-2020:1616: irssi security update (Low) | |||
| CVE-2019-1010317 | low | — | 2.5 | 6y ago | RHSA-2020:1581: wavpack security update (Low) | |||
| CVE-2019-1010315 | low | — | 2.5 | 6y ago | RHSA-2020:1581: wavpack security update (Low) | |||
| CVE-2019-11498 | low | — | 2.5 | 6y ago | RHSA-2020:1581: wavpack security update (Low) | |||
| CVE-2019-1010319 | low | — | 2.5 | 6y ago | RHSA-2020:1581: wavpack security update (Low) | |||
| CVE-2019-8696 | low | — | 2.5 | 6y ago | RHSA-2020:1765: cups security and bug fix update (Low) | |||
| CVE-2019-3696 | low | — | 2.5 | 6y ago | RHBA-2020:1628: pcp bug fix and enhancement update (Low) | |||
| CVE-2019-13232 | low | — | 2.5 | 6y ago | RHSA-2020:1787: unzip security update (Low) | |||
| CVE-2019-19126 | low | — | 2.5 | 6y ago | RHSA-2020:1828: glibc security, bug fix, and enhancement update (Low) | |||
| CVE-2019-3695 | low | — | 2.5 | 6y ago | RHBA-2020:1628: pcp bug fix and enhancement update (Low) | |||
| CVE-2019-8675 | low | — | 2.5 | 6y ago | RHSA-2020:1765: cups security and bug fix update (Low) | |||
| CVE-2019-17451 | low | — | 2.5 | 6y ago | RHSA-2020:1797: binutils security and bug fix update (Low) | |||
| CVE-2019-14834 | low | — | 2.5 | 6y ago | RHSA-2020:1715: dnsmasq security, bug fix, and enhancement update (Low) | |||
| CVE-2019-1010204 | low | — | 2.5 | 6y ago | RHSA-2020:1797: binutils security and bug fix update (Low) | |||
| CVE-2019-17558 | unknown | — | 2.5 | 6y ago | The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution. | |||
| CVE-2019-19118 | low | — | 2.5 | 7y ago | Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but ed… | |||
| CVE-2019-8610 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for … | |||
| CVE-2019-8595 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for … | |||
| CVE-2019-11459 | low | — | 2.5 | 7y ago | RHSA-2019:3553: GNOME security, bug fix, and enhancement update (Low) | |||
| CVE-2019-3820 | low | — | 2.5 | 7y ago | RHSA-2019:3553: GNOME security, bug fix, and enhancement update (Low) | |||
| CVE-2019-8687 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for … | |||
| CVE-2019-8686 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for … | |||
| CVE-2019-8681 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for … | |||
| CVE-2019-8679 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for … | |||
| CVE-2019-8676 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6… | |||
| CVE-2019-8609 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for … | |||
| CVE-2019-8608 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for … | |||
| CVE-2019-8607 | low | — | 2.5 | 7y ago | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud f… | |||
| CVE-2019-8601 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9… | |||
| CVE-2019-8596 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for … | |||
| CVE-2019-8597 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for … | |||
| CVE-2019-8594 | low | — | 2.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for … |