CVEs from 2019
Total
3,165
critical
critical 231
high
high 484
medium
medium 483
low
low 94
% Critical
7.3%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-16254 | medium | — | 5.5 | 5y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-16255 | medium | — | 5.5 | 5y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20916 | medium | — | 5.5 | 5y ago | The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwr… | |||
| CVE-2019-20395 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20394 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20393 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20392 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20391 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20396 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20397 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20398 | medium | — | 5.5 | 5y ago | RHEA-2021:1906: libyang bug fix and enhancement update (Moderate) | |||
| CVE-2019-20839 | medium | — | 5.5 | 5y ago | libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. | |||
| CVE-2019-13012 | medium | — | 5.5 | 5y ago | RHSA-2021:1586: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9169 | medium | — | 5.5 | 5y ago | RHSA-2021:1585: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25013 | medium | — | 5.5 | 5y ago | RHSA-2021:1585: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25040 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25034 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14866 | medium | — | 5.5 | 5y ago | RHSA-2021:1582: cpio security update (Moderate) | |||
| CVE-2019-25038 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25039 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25041 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25037 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25036 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25035 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25032 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-25042 | medium | — | 5.5 | 5y ago | RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20477 | medium | — | 5.5 | 5y ago | RHSA-2020:4641: python38:3.8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20372 | medium | — | 5.5 | 6y ago | RHSA-2020:5495: nginx:1.16 security update (Moderate) | |||
| CVE-2019-14559 | medium | — | 5.5 | 6y ago | RHSA-2020:4805: edk2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-17185 | medium | — | 5.5 | 6y ago | RHSA-2020:4799: freeradius:3.0 security and bug fix update (Moderate) | |||
| CVE-2019-20218 | medium | — | 5.5 | 6y ago | RHSA-2020:4442: sqlite security update (Moderate) | |||
| CVE-2019-5018 | medium | — | 5.5 | 6y ago | RHSA-2020:4442: sqlite security update (Moderate) | |||
| CVE-2019-19956 | medium | — | 5.5 | 6y ago | RHSA-2020:4479: libxml2 security update (Moderate) | |||
| CVE-2019-20812 | medium | — | 5.5 | 6y ago | An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a cer… | |||
| CVE-2019-15892 | medium | — | 5.5 | 6y ago | An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests… | |||
| CVE-2019-10221 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-10179 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-10146 | medium | — | 5.5 | 6y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9278 | medium | — | 5.5 | 6y ago | RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-15166 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-18928 | medium | — | 5.5 | 6y ago | RHSA-2020:4655: cyrus-imapd security update (Moderate) | |||
| CVE-2019-19783 | medium | — | 5.5 | 6y ago | RHSA-2020:4655: cyrus-imapd security update (Moderate) | |||
| CVE-2019-7638 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7637 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7636 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7635 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7578 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7577 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7576 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7574 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7575 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-7573 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-15945 | medium | — | 5.5 | 6y ago | RHSA-2020:4483: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20388 | medium | — | 5.5 | 6y ago | RHSA-2020:4479: libxml2 security update (Moderate) | |||
| CVE-2019-20807 | medium | — | 5.5 | 6y ago | RHSA-2020:4453: vim security update (Moderate) | |||
| CVE-2019-14889 | medium | — | 5.5 | 6y ago | RHSA-2020:4545: libssh security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-7572 | medium | — | 5.5 | 6y ago | RHSA-2020:4627: SDL security update (Moderate) | |||
| CVE-2019-20637 | medium | — | 5.5 | 6y ago | An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next re… | |||
| CVE-2019-12420 | medium | — | 5.5 | 6y ago | RHSA-2020:4625: spamassassin security update (Moderate) | |||
| CVE-2019-20792 | medium | — | 5.5 | 6y ago | RHSA-2020:4483: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-19481 | medium | — | 5.5 | 6y ago | RHSA-2020:4483: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-19479 | medium | — | 5.5 | 6y ago | RHSA-2020:4483: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20387 | medium | — | 5.5 | 6y ago | repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. | |||
| CVE-2019-15946 | medium | — | 5.5 | 6y ago | RHSA-2020:4483: opensc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-13627 | medium | — | 5.5 | 6y ago | RHSA-2020:4482: libgcrypt security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-16680 | medium | — | 5.5 | 6y ago | RHSA-2020:4820: file-roller security update (Moderate) | |||
| CVE-2019-13225 | medium | — | 5.5 | 6y ago | RHSA-2020:4827: oniguruma security update (Moderate) | |||
| CVE-2019-0197 | medium | — | 5.5 | 6y ago | A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2… | |||
| CVE-2019-0196 | medium | — | 5.5 | 6y ago | A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining th… | |||
| CVE-2019-10082 | medium | — | 5.5 | 6y ago | In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. | |||
| CVE-2019-10081 | medium | — | 5.5 | 6y ago | HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copi… | |||
| CVE-2019-10097 | medium | — | 5.5 | 6y ago | In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buf… | |||
| CVE-2019-12854 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-18679 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-18677 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-18860 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-12528 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-12526 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-18678 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-12529 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-18676 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-12521 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-12524 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-12523 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-12520 | medium | — | 5.5 | 6y ago | RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-20446 | medium | — | 5.5 | 6y ago | RHSA-2020:4709: librsvg2 security update (Moderate) | |||
| CVE-2019-3833 | medium | — | 5.5 | 6y ago | RHSA-2020:4689: openwsman security update (Moderate) | |||
| CVE-2019-20485 | medium | — | 5.5 | 6y ago | RHSA-2020:4676: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-15890 | medium | — | 5.5 | 6y ago | libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. | |||
| CVE-2019-20907 | medium | — | 5.5 | 6y ago | In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. | |||
| CVE-2019-17546 | medium | — | 5.5 | 6y ago | RHSA-2020:4634: libtiff security update (Moderate) | |||
| CVE-2019-9433 | medium | — | 5.5 | 6y ago | RHSA-2020:4629: libvpx security update (Moderate) | |||
| CVE-2019-9232 | medium | — | 5.5 | 6y ago | RHSA-2020:4629: libvpx security update (Moderate) | |||
| CVE-2019-2126 | medium | — | 5.5 | 6y ago | RHSA-2020:4629: libvpx security update (Moderate) | |||
| CVE-2019-9371 | medium | — | 5.5 | 6y ago | RHSA-2020:4629: libvpx security update (Moderate) | |||
| CVE-2019-20454 | medium | — | 5.5 | 6y ago | RHSA-2020:4539: pcre2 security and enhancement update (Moderate) | |||
| CVE-2019-19906 | medium | — | 5.5 | 6y ago | RHSA-2020:4497: cyrus-sasl security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-13050 | medium | — | 5.5 | 6y ago | RHSA-2020:4490: gnupg2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-8782 | medium | — | 5.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windo… | |||
| CVE-2019-8835 | medium | — | 5.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for … |