CVEs from 2019
Total
3,164
critical
critical 231
high
high 484
medium
medium 484
low
low 94
% Critical
7.3%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-2584 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2531 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2530 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2529 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2528 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2795 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2808 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2815 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2834 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2819 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2774 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2757 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2780 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2784 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2789 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2796 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2800 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2801 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2802 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2803 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2814 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2950 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-3003 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2533 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2534 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2535 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2536 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2539 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2580 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2606 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2581 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2585 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2587 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2623 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2589 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2617 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2626 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2630 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2695 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2636 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2681 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2689 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2691 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2694 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2755 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2420 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2879 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-10216 | high | — | 8.0 | 7y ago | RHSA-2019:2465: ghostscript security update (Important) | |||
| CVE-2019-10193 | high | — | 8.0 | 7y ago | RHSA-2019:2002: redis:5 security update (Important) | |||
| CVE-2019-10192 | high | — | 8.0 | 7y ago | RHSA-2019:2002: redis:5 security update (Important) | |||
| CVE-2019-10181 | high | — | 8.0 | 7y ago | RHSA-2019:2004: icedtea-web security update (Important) | |||
| CVE-2019-10182 | high | — | 8.0 | 7y ago | RHSA-2019:2004: icedtea-web security update (Important) | |||
| CVE-2019-10185 | high | — | 8.0 | 7y ago | RHSA-2019:2004: icedtea-web security update (Important) | |||
| CVE-2019-11810 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_bas… | |||
| CVE-2019-11085 | high | — | 8.0 | 7y ago | Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local acce… | |||
| CVE-2019-11811 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_… | |||
| CVE-2019-2769 | high | — | 8.0 | 7y ago | RHSA-2019:2590: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-2786 | high | — | 8.0 | 7y ago | RHSA-2019:2590: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-2762 | high | — | 8.0 | 7y ago | RHSA-2019:2590: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-2816 | high | — | 8.0 | 7y ago | RHSA-2019:2590: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-11356 | high | — | 8.0 | 7y ago | RHSA-2019:1771: cyrus-imapd security update (Important) | |||
| CVE-2019-6471 | high | — | 8.0 | 7y ago | RHSA-2019:1714: bind security update (Important) | |||
| CVE-2019-12384 | high | — | 8.0 | 7y ago | RHSA-2019:2720: pki-deps:10.6 security update (Important) | |||
| CVE-2019-12781 | high | — | 8.0 | 7y ago | An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT set… | |||
| CVE-2019-10161 | high | — | 8.0 | 7y ago | RHSA-2019:1580: virt:rhel security update (Important) | |||
| CVE-2019-10167 | high | — | 8.0 | 7y ago | RHSA-2019:1580: virt:rhel security update (Important) | |||
| CVE-2019-10166 | high | — | 8.0 | 7y ago | RHSA-2019:1580: virt:rhel security update (Important) | |||
| CVE-2019-10168 | high | — | 8.0 | 7y ago | RHSA-2019:1580: virt:rhel security update (Important) | |||
| CVE-2019-11479 | high | — | 8.0 | 7y ago | Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. … | |||
| CVE-2019-11478 | high | — | 8.0 | 7y ago | Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences… | |||
| CVE-2019-11477 | high | — | 8.0 | 7y ago | Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker c… | |||
| CVE-2019-3885 | high | — | 8.0 | 7y ago | RHSA-2019:1279: pacemaker security and bug fix update (Important) | |||
| CVE-2019-10132 | high | — | 8.0 | 7y ago | RHSA-2019:1268: virt:rhel security update (Important) | |||
| CVE-2019-0757 | high | — | 8.0 | 7y ago | RHSA-2019:1259: dotnet security, bug fix, and enhancement update (Important) | |||
| CVE-2019-3856 | high | — | 8.0 | 7y ago | RHSA-2019:1175: virt:rhel security update (Important) | |||
| CVE-2019-3855 | high | — | 8.0 | 7y ago | RHSA-2019:1175: virt:rhel security update (Important) | |||
| CVE-2019-3857 | high | — | 8.0 | 7y ago | RHSA-2019:1175: virt:rhel security update (Important) | |||
| CVE-2019-9003 | high | — | 8.0 | 7y ago | In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by … | |||
| CVE-2019-3863 | high | — | 8.0 | 7y ago | RHSA-2019:1175: virt:rhel security update (Important) | |||
| CVE-2019-5785 | high | — | 8.0 | 7y ago | Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | |||
| CVE-2019-11235 | high | — | 8.0 | 7y ago | RHSA-2019:1142: freeradius:3.0 security update (Important) | |||
| CVE-2019-10063 | high | — | 8.0 | 7y ago | RHSA-2019:1143: flatpak security update (Important) | |||
| CVE-2019-11234 | high | — | 8.0 | 7y ago | RHSA-2019:1142: freeradius:3.0 security update (Important) | |||
| CVE-2019-9636 | high | — | 8.0 | 7y ago | RHSA-2019:0997: python3 security update (Important) | |||
| CVE-2019-0215 | high | — | 8.0 | 7y ago | In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restri… | |||
| CVE-2019-5953 | high | — | 8.0 | 7y ago | RHSA-2019:0983: wget security update (Important) | |||
| CVE-2019-3878 | high | — | 8.0 | 7y ago | RHSA-2019:0985: mod_auth_mellon security update (Important) | |||
| CVE-2019-3838 | high | — | 8.0 | 7y ago | RHSA-2019:0971: ghostscript security update (Important) | |||
| CVE-2019-3816 | high | — | 8.0 | 7y ago | RHSA-2019:0972: openwsman security update (Important) | |||
| CVE-2019-3839 | high | — | 8.0 | 7y ago | RHSA-2019:0971: ghostscript security update (Important) | |||
| CVE-2019-3835 | high | — | 8.0 | 7y ago | RHSA-2019:0971: ghostscript security update (Important) | |||
| CVE-2019-10906 | high | — | 8.0 | 7y ago | RHSA-2019:1152: python-jinja2 security update (Important) | |||
| CVE-2019-8324 | high | — | 8.0 | 7y ago | RHSA-2019:1972: ruby:2.5 security update (Important) | |||
| CVE-2019-25634 | high | 7.8 | 7.8 | 2mo ago | Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers… | |||
| CVE-2019-19378 | high | 7.8 | 7.8 | 7y ago | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c. | |||
| CVE-2019-10996 | high | 7.8 | 7.8 | 7y ago | Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input … | |||
| CVE-2019-10984 | high | 7.8 | 7.8 | 7y ago | Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input … | |||
| CVE-2019-10978 | high | 7.8 | 7.8 | 7y ago | Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input … | |||
| CVE-2019-13106 | high | 7.8 | 7.8 | 7y ago | Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. | |||
| CVE-2019-13104 | high | 7.8 | 7.8 | 7y ago | In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. |