CVEs from 2019
Total
3,165
critical
critical 231
high
high 484
medium
medium 483
low
low 94
% Critical
7.3%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-12976 | unknown | — | — | — | ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. | |||
| CVE-2019-12978 | unknown | — | — | — | ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c. | |||
| CVE-2019-13300 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. | |||
| CVE-2019-19952 | unknown | — | — | — | In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage. | |||
| CVE-2019-10162 | unknown | — | — | — | A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zo… | |||
| CVE-2019-14980 | unknown | — | — | — | In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafte… | |||
| CVE-2019-10131 | unknown | — | — | — | An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end… | |||
| CVE-2019-10650 | unknown | — | — | — | In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure vi… | |||
| CVE-2019-11598 | unknown | — | — | — | In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclo… | |||
| CVE-2019-12975 | unknown | — | — | — | ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c. | |||
| CVE-2019-12979 | unknown | — | — | — | ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c. | |||
| CVE-2019-13134 | unknown | — | — | — | ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. | |||
| CVE-2019-13135 | unknown | — | — | — | ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c. | |||
| CVE-2019-13137 | unknown | — | — | — | ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c. | |||
| CVE-2019-13295 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. | |||
| CVE-2019-13296 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value. | |||
| CVE-2019-13301 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error. | |||
| CVE-2019-13297 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. | |||
| CVE-2019-13298 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error. | |||
| CVE-2019-13299 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel. | |||
| CVE-2019-13307 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. | |||
| CVE-2019-13311 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error. | |||
| CVE-2019-13303 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage. | |||
| CVE-2019-13308 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage. | |||
| CVE-2019-13310 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. | |||
| CVE-2019-13454 | unknown | — | — | — | ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c. | |||
| CVE-2019-17547 | unknown | — | — | — | In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free. | |||
| CVE-2019-15139 | unknown | — | — | — | The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read… | |||
| CVE-2019-15141 | unknown | — | — | — | WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image fil… | |||
| CVE-2019-16710 | unknown | — | — | — | ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. | |||
| CVE-2019-16712 | unknown | — | — | — | ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. | |||
| CVE-2019-16713 | unknown | — | — | — | ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. | |||
| CVE-2019-19948 | unknown | — | — | — | In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. | |||
| CVE-2019-7397 | unknown | — | — | — | In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. | |||
| CVE-2019-7175 | unknown | — | — | — | In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. | |||
| CVE-2019-7395 | unknown | — | — | — | In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. | |||
| CVE-2019-7396 | unknown | — | — | — | In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. | |||
| CVE-2019-7398 | unknown | — | — | — | In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. | |||
| CVE-2019-15133 | unknown | — | — | — | In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to z… | |||
| CVE-2019-14383 | unknown | — | — | — | J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. | |||
| CVE-2019-14382 | unknown | — | — | — | DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. | |||
| CVE-2019-17113 | unknown | — | — | — | In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API,… | |||
| CVE-2019-13133 | unknown | — | — | — | ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c. | |||
| CVE-2019-5826 | unknown | — | — | — | Use after free in IndexedDB in Google Chrome prior to 73.0.3683.86 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2019-14380 | unknown | — | — | — | libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files. | |||
| CVE-2019-14381 | unknown | — | — | — | libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot. | |||
| CVE-2019-16708 | unknown | — | — | — | ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. | |||
| CVE-2019-12435 | unknown | — | — | — | Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process. | |||
| CVE-2019-11754 | unknown | — | — | — | When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users. This vuln… | |||
| CVE-2019-20840 | unknown | — | — | — | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode. | |||
| CVE-2019-12383 | unknown | — | — | — | Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my lan… | |||
| CVE-2019-9794 | unknown | — | — | — | A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files… | |||
| CVE-2019-9798 | unknown | — | — | — | On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle a… | |||
| CVE-2019-25136 | unknown | — | — | — | A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70. | |||
| CVE-2019-1010228 | unknown | — | — | — | OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h,… | |||
| CVE-2019-14745 | unknown | — | — | — | In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the … | |||
| CVE-2019-17015 | unknown | — | — | — | During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. *Note: this issue only … | |||
| CVE-2019-11753 | unknown | — | — | — | The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service … | |||
| CVE-2019-6216 | unknown | — | — | — | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Win… | |||
| CVE-2019-12929 | unknown | — | — | — | The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a c… | |||
| CVE-2019-13722 | unknown | — | — | — | Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2019-14870 | unknown | — | — | — | All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clie… | |||
| CVE-2019-9818 | unknown | — | — | — | A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploi… | |||
| CVE-2019-19344 | unknown | — | — | — | There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc()… | |||
| CVE-2019-25059 | unknown | — | — | — | Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. | |||
| CVE-2019-6212 | unknown | — | — | — | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Proc… | |||
| CVE-2019-6234 | unknown | — | — | — | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing ma… | |||
| CVE-2019-14861 | unknown | — | — | — | All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS reco… | |||
| CVE-2019-7285 | unknown | — | — | — | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing malicious… | |||
| CVE-2019-9847 | unknown | — | — | — | A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the h… | |||
| CVE-2019-3466 | unknown | — | — | — | The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation. | |||
| CVE-2019-18837 | unknown | — | — | — | An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in li… | |||
| CVE-2019-3826 | unknown | — | — | 3y ago | A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prome… | |||
| CVE-2019-19040 | unknown | — | — | 4y ago | Reflected Cross site scripting (XSS) in kairosdb | |||
| CVE-2019-25075 | unknown | — | — | 4y ago | Path Traversal in Gravitee API Management | |||
| CVE-2019-17352 | unknown | — | — | 4y ago | JFinal file validation vulnerability | |||
| CVE-2019-10169 | unknown | — | — | 4y ago | Keycloak code execution via UMA policy abuse | |||
| CVE-2019-17560 | unknown | — | — | 4y ago | Improper Certificate Validation in Apache Netbeans | |||
| CVE-2019-20366 | unknown | — | — | 4y ago | XSS in Ignite Realtime Openfire via isTrustStore | |||
| CVE-2019-19899 | unknown | — | — | 4y ago | Pebble Templates Improper Input Validation vulnerability | |||
| CVE-2019-17598 | unknown | — | — | 4y ago | Play Framework Inadequate Encryption Strength vulnerability | |||
| CVE-2019-10428 | unknown | — | — | 4y ago | Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form | |||
| CVE-2019-10427 | unknown | — | — | 4y ago | Jenkins Aqua MicroScanner Plugin showed plain text credential in configuration form | |||
| CVE-2019-10406 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2019-10430 | unknown | — | — | 4y ago | Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text | |||
| CVE-2019-10407 | unknown | — | — | 4y ago | Project Inheritance Plugin showed secret environment variables defined in Mask Passwords Plugin | |||
| CVE-2019-10426 | unknown | — | — | 4y ago | Jenkins Gem Publisher Plugin stores credentials as plaintext | |||
| CVE-2019-10401 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2019-10404 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2019-10402 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2019-10403 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2019-10405 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2019-0195 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Apache Tapestry | |||
| CVE-2019-12401 | unknown | — | — | 4y ago | Apache Solr vulnerable to XML Bomb | |||
| CVE-2019-1010206 | unknown | — | — | 4y ago | kevinsawicki/http-request Missing certificate validation | |||
| CVE-2019-10324 | unknown | — | — | 4y ago | Cross-site request forgery vulnerability in Jenkins Artifactory Plugin | |||
| CVE-2019-10328 | unknown | — | — | 4y ago | Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin | |||
| CVE-2019-10325 | unknown | — | — | 4y ago | Jenkins Warnings NG Plugin Cross-site scripting vulnerability | |||
| CVE-2019-10327 | unknown | — | — | 4y ago | XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin | |||
| CVE-2019-10326 | unknown | — | — | 4y ago | Jenkins Warnings NG Plugin cross-site request forgery vulnerability |