CVEs from 2019
Total
3,157
critical
critical 227
high
high 474
medium
medium 476
low
low 94
% Critical
7.2%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-2802 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2800 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2606 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2691 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2789 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2481 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2436 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2879 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2420 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2624 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2757 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2784 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2785 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2795 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2797 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2811 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2815 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2819 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-3003 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2693 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2686 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2685 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2636 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2688 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2630 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2625 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2503 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2502 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2495 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2507 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2494 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2486 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2482 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2434 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2455 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-10216 | high | — | 8.0 | 7y ago | RHSA-2019:2465: ghostscript security update (Important) | |||
| CVE-2019-10193 | high | — | 8.0 | 7y ago | RHSA-2019:2002: redis:5 security update (Important) | |||
| CVE-2019-10192 | high | — | 8.0 | 7y ago | RHSA-2019:2002: redis:5 security update (Important) | |||
| CVE-2019-10182 | high | — | 8.0 | 7y ago | RHSA-2019:2004: icedtea-web security update (Important) | |||
| CVE-2019-10185 | high | — | 8.0 | 7y ago | RHSA-2019:2004: icedtea-web security update (Important) | |||
| CVE-2019-10181 | high | — | 8.0 | 7y ago | RHSA-2019:2004: icedtea-web security update (Important) | |||
| CVE-2019-11811 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_… | |||
| CVE-2019-11085 | high | — | 8.0 | 7y ago | Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local acce… | |||
| CVE-2019-11810 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_bas… | |||
| CVE-2019-2786 | high | — | 8.0 | 7y ago | RHSA-2019:2590: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-2816 | high | — | 8.0 | 7y ago | RHSA-2019:2590: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-2762 | high | — | 8.0 | 7y ago | RHSA-2019:2590: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-2769 | high | — | 8.0 | 7y ago | RHSA-2019:2590: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-11356 | high | — | 8.0 | 7y ago | RHSA-2019:1771: cyrus-imapd security update (Important) | |||
| CVE-2019-6471 | high | — | 8.0 | 7y ago | RHSA-2019:1714: bind security update (Important) | |||
| CVE-2019-12384 | high | — | 8.0 | 7y ago | RHSA-2019:2720: pki-deps:10.6 security update (Important) | |||
| CVE-2019-12781 | high | — | 8.0 | 7y ago | An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT set… | |||
| CVE-2019-10168 | high | — | 8.0 | 7y ago | RHSA-2019:1580: virt:rhel security update (Important) | |||
| CVE-2019-10161 | high | — | 8.0 | 7y ago | RHSA-2019:1580: virt:rhel security update (Important) | |||
| CVE-2019-10166 | high | — | 8.0 | 7y ago | RHSA-2019:1580: virt:rhel security update (Important) | |||
| CVE-2019-10167 | high | — | 8.0 | 7y ago | RHSA-2019:1580: virt:rhel security update (Important) | |||
| CVE-2019-11478 | high | — | 8.0 | 7y ago | Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences… | |||
| CVE-2019-11479 | high | — | 8.0 | 7y ago | Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. … | |||
| CVE-2019-11477 | high | — | 8.0 | 7y ago | Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker c… | |||
| CVE-2019-3885 | high | — | 8.0 | 7y ago | RHSA-2019:1279: pacemaker security and bug fix update (Important) | |||
| CVE-2019-10132 | high | — | 8.0 | 7y ago | RHSA-2019:1268: virt:rhel security update (Important) | |||
| CVE-2019-0757 | high | — | 8.0 | 7y ago | RHSA-2019:1259: dotnet security, bug fix, and enhancement update (Important) | |||
| CVE-2019-3863 | high | — | 8.0 | 7y ago | RHSA-2019:1175: virt:rhel security update (Important) | |||
| CVE-2019-3857 | high | — | 8.0 | 7y ago | RHSA-2019:1175: virt:rhel security update (Important) | |||
| CVE-2019-3855 | high | — | 8.0 | 7y ago | RHSA-2019:1175: virt:rhel security update (Important) | |||
| CVE-2019-9003 | high | — | 8.0 | 7y ago | In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by … | |||
| CVE-2019-3856 | high | — | 8.0 | 7y ago | RHSA-2019:1175: virt:rhel security update (Important) | |||
| CVE-2019-11235 | high | — | 8.0 | 7y ago | RHSA-2019:1142: freeradius:3.0 security update (Important) | |||
| CVE-2019-10063 | high | — | 8.0 | 7y ago | RHSA-2019:1143: flatpak security update (Important) | |||
| CVE-2019-11234 | high | — | 8.0 | 7y ago | RHSA-2019:1142: freeradius:3.0 security update (Important) | |||
| CVE-2019-5785 | high | — | 8.0 | 7y ago | Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | |||
| CVE-2019-9636 | high | — | 8.0 | 7y ago | RHSA-2019:0997: python3 security update (Important) | |||
| CVE-2019-3878 | high | — | 8.0 | 7y ago | RHSA-2019:0985: mod_auth_mellon security update (Important) | |||
| CVE-2019-5953 | high | — | 8.0 | 7y ago | RHSA-2019:0983: wget security update (Important) | |||
| CVE-2019-0215 | high | — | 8.0 | 7y ago | In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restri… | |||
| CVE-2019-3835 | high | — | 8.0 | 7y ago | RHSA-2019:0971: ghostscript security update (Important) | |||
| CVE-2019-3838 | high | — | 8.0 | 7y ago | RHSA-2019:0971: ghostscript security update (Important) | |||
| CVE-2019-3839 | high | — | 8.0 | 7y ago | RHSA-2019:0971: ghostscript security update (Important) | |||
| CVE-2019-3816 | high | — | 8.0 | 7y ago | RHSA-2019:0972: openwsman security update (Important) | |||
| CVE-2019-10906 | high | — | 8.0 | 7y ago | RHSA-2019:1152: python-jinja2 security update (Important) | |||
| CVE-2019-8324 | high | — | 8.0 | 7y ago | RHSA-2019:1972: ruby:2.5 security update (Important) | |||
| CVE-2019-25634 | high | 7.8 | 7.8 | 2mo ago | Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers… | |||
| CVE-2019-19378 | high | 7.8 | 7.8 | 7y ago | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c. | |||
| CVE-2019-10996 | high | 7.8 | 7.8 | 7y ago | Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input … | |||
| CVE-2019-10984 | high | 7.8 | 7.8 | 7y ago | Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input … | |||
| CVE-2019-10978 | high | 7.8 | 7.8 | 7y ago | Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input … | |||
| CVE-2019-13106 | high | 7.8 | 7.8 | 7y ago | Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. | |||
| CVE-2019-13104 | high | 7.8 | 7.8 | 7y ago | In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. | |||
| CVE-2019-11687 | high | 7.8 | 7.8 | 7y ago | An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b and continuing in current implementations. The 128-byte preamble of a DICOM file that complies w… | |||
| CVE-2019-25722 | high | 7.6 | 7.6 | 2d ago | Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and r… | |||
| CVE-2019-18197 | high | 7.5 | 7.5 | 4y ago | RHSA-2020:4464: libxslt security update (Moderate) | |||
| CVE-2019-18336 | high | 7.5 | 7.5 | 6y ago | A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC TDC CP51M1 (All versions < V1.1.8), SIMATIC TDC CPU55… | |||
| CVE-2019-6857 | high | 7.5 | 7.5 | 7y ago | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) … | |||
| CVE-2019-6856 | high | 7.5 | 7.5 | 7y ago | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) … | |||
| CVE-2019-6852 | high | 7.5 | 7.5 | 7y ago | A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication mo… | |||
| CVE-2019-6829 | high | 7.5 | 7.5 | 7y ago | A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service… | |||
| CVE-2019-6819 | high | 7.5 | 7.5 | 7y ago | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the produ… | |||
| CVE-2019-10953 | high | 7.5 | 7.5 | 7y ago | ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due … | |||
| CVE-2019-6575 | high | 7.5 | 7.5 | 7y ago | A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdo… | |||
| CVE-2019-6568 | high | 7.5 | 7.5 | 7y ago | The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the we… |