CVEs from 2019
Total
3,165
critical
critical 231
high
high 484
medium
medium 483
low
low 94
% Critical
7.3%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-9853 | medium | — | 5.5 | 6y ago | LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw exis… | |||
| CVE-2019-5482 | medium | — | 5.5 | 6y ago | Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. | |||
| CVE-2019-9852 | medium | — | 5.5 | 6y ago | LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to … | |||
| CVE-2019-9850 | medium | — | 5.5 | 6y ago | LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice… | |||
| CVE-2019-9849 | medium | — | 5.5 | 6y ago | LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who w… | |||
| CVE-2019-11596 | medium | — | 5.5 | 6y ago | RHSA-2020:1576: memcached security update (Moderate) | |||
| CVE-2019-19925 | medium | — | 5.5 | 6y ago | zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. | |||
| CVE-2019-13753 | medium | — | 5.5 | 6y ago | Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2019-13752 | medium | — | 5.5 | 6y ago | Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2019-15043 | medium | — | 5.5 | 6y ago | denial of service in grafana | |||
| CVE-2019-9854 | medium | — | 5.5 | 6y ago | LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to … | |||
| CVE-2019-5481 | medium | — | 5.5 | 6y ago | Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. | |||
| CVE-2019-19923 | medium | — | 5.5 | 6y ago | flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or inc… | |||
| CVE-2019-10197 | medium | — | 5.5 | 6y ago | RHSA-2020:1878: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-6477 | medium | — | 5.5 | 6y ago | RHSA-2020:1845: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-15847 | medium | — | 5.5 | 6y ago | RHSA-2020:1864: gcc security and bug fix update (Moderate) | |||
| CVE-2019-19232 | medium | — | 5.5 | 6y ago | In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The so… | |||
| CVE-2019-19234 | medium | — | 5.5 | 6y ago | In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to… | |||
| CVE-2019-19959 | medium | — | 5.5 | 6y ago | RHSA-2020:1810: sqlite security and bug fix update (Moderate) | |||
| CVE-2019-5188 | medium | — | 5.5 | 6y ago | RHSA-2020:1913: e2fsprogs security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-5436 | medium | — | 5.5 | 6y ago | A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. | |||
| CVE-2019-1563 | medium | — | 5.5 | 6y ago | RHSA-2020:1840: openssl security and bug fix update (Moderate) | |||
| CVE-2019-10218 | medium | — | 5.5 | 6y ago | RHSA-2020:1878: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-1549 | medium | — | 5.5 | 6y ago | RHSA-2020:1840: openssl security and bug fix update (Moderate) | |||
| CVE-2019-5094 | medium | — | 5.5 | 6y ago | RHSA-2020:1913: e2fsprogs security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-19924 | medium | — | 5.5 | 6y ago | RHSA-2020:1810: sqlite security and bug fix update (Moderate) | |||
| CVE-2019-1547 | medium | — | 5.5 | 6y ago | RHSA-2020:1840: openssl security and bug fix update (Moderate) | |||
| CVE-2019-8457 | medium | — | 5.5 | 6y ago | RHSA-2020:1810: sqlite security and bug fix update (Moderate) | |||
| CVE-2019-15692 | medium | — | 5.5 | 6y ago | RHSA-2020:1497: tigervnc security update (Moderate) | |||
| CVE-2019-15694 | medium | — | 5.5 | 6y ago | RHSA-2020:1497: tigervnc security update (Moderate) | |||
| CVE-2019-15695 | medium | — | 5.5 | 6y ago | RHSA-2020:1497: tigervnc security update (Moderate) | |||
| CVE-2019-15691 | medium | — | 5.5 | 6y ago | RHSA-2020:1497: tigervnc security update (Moderate) | |||
| CVE-2019-15693 | medium | — | 5.5 | 6y ago | RHSA-2020:1497: tigervnc security update (Moderate) | |||
| CVE-2019-18660 | medium | — | 5.5 | 6y ago | The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/… | |||
| CVE-2019-15031 | medium | — | 5.5 | 6y ago | In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a trans… | |||
| CVE-2019-20892 | medium | — | 5.5 | 6y ago | RHBA-2020:1376: net-snmp bug fix and enhancement update (Moderate) | |||
| CVE-2019-19527 | medium | — | 5.5 | 6y ago | In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. | |||
| CVE-2019-15030 | medium | — | 5.5 | 6y ago | In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local… | |||
| CVE-2019-18874 | medium | — | 5.5 | 6y ago | RHSA-2021:4324: python-psutil security update (Moderate) | |||
| CVE-2019-20330 | medium | — | 5.5 | 6y ago | RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-10164 | medium | — | 5.5 | 6y ago | RHSA-2020:3669: postgresql:10 security and bug fix update (Moderate) | |||
| CVE-2019-14865 | medium | — | 5.5 | 6y ago | RHSA-2020:0335: grub2 security update (Moderate) | |||
| CVE-2019-2996 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-17631 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-8674 | medium | — | 5.5 | 7y ago | A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting. | |||
| CVE-2019-8644 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for … | |||
| CVE-2019-8658 | medium | — | 5.5 | 7y ago | A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows… | |||
| CVE-2019-8669 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6… | |||
| CVE-2019-8822 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windo… | |||
| CVE-2019-8763 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13, Safari 13.0.1, iTunes for Windows 12.10.1, iCloud for Windows… | |||
| CVE-2019-8733 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processin… | |||
| CVE-2019-8719 | medium | — | 5.5 | 7y ago | A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafte… | |||
| CVE-2019-8707 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processin… | |||
| CVE-2019-8688 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6… | |||
| CVE-2019-8684 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6… | |||
| CVE-2019-8683 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6… | |||
| CVE-2019-8680 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for … | |||
| CVE-2019-8678 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for … | |||
| CVE-2019-8821 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windo… | |||
| CVE-2019-17531 | medium | — | 5.5 | 7y ago | RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-16943 | medium | — | 5.5 | 7y ago | RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-18224 | medium | — | 5.5 | 7y ago | RHBA-2019:3621: libidn2 bug fix and enhancement update (Moderate) | |||
| CVE-2019-13345 | medium | — | 5.5 | 7y ago | RHSA-2019:3476: squid:4 security and bug fix update (Moderate) | |||
| CVE-2019-9947 | medium | — | 5.5 | 7y ago | RHSA-2019:3520: python3 security and bug fix update (Moderate) | |||
| CVE-2019-9740 | medium | — | 5.5 | 7y ago | RHSA-2019:3520: python3 security and bug fix update (Moderate) | |||
| CVE-2019-9948 | medium | — | 5.5 | 7y ago | RHSA-2019:3520: python3 security and bug fix update (Moderate) | |||
| CVE-2019-0160 | medium | — | 5.5 | 7y ago | RHSA-2019:3338: edk2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-0220 | medium | — | 5.5 | 7y ago | A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule… | |||
| CVE-2019-3877 | medium | — | 5.5 | 7y ago | RHSA-2019:3421: mod_auth_mellon security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-0217 | medium | — | 5.5 | 7y ago | In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another usern… | |||
| CVE-2019-15718 | medium | — | 5.5 | 7y ago | In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access… | |||
| CVE-2019-12450 | medium | — | 5.5 | 7y ago | RHSA-2019:3530: glib2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-6470 | medium | — | 5.5 | 7y ago | RHSA-2019:3525: dhcp security and bug fix update (Moderate) | |||
| CVE-2019-3823 | medium | — | 5.5 | 7y ago | libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL termi… | |||
| CVE-2019-0161 | medium | — | 5.5 | 7y ago | RHSA-2019:3338: edk2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-5010 | medium | — | 5.5 | 7y ago | RHSA-2019:3520: python3 security and bug fix update (Moderate) | |||
| CVE-2019-10143 | medium | — | 5.5 | 7y ago | RHSA-2019:3353: freeradius:3.0 security and bug fix update (Moderate) | |||
| CVE-2019-2510 | medium | — | 5.5 | 7y ago | RHSA-2019:3708: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2019-12749 | medium | — | 5.5 | 7y ago | dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofi… | |||
| CVE-2019-3880 | medium | — | 5.5 | 7y ago | RHSA-2019:3582: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-3890 | medium | — | 5.5 | 7y ago | RHSA-2019:3699: evolution security and bug fix update (Moderate) | |||
| CVE-2019-3822 | medium | — | 5.5 | 7y ago | libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_mess… | |||
| CVE-2019-12779 | medium | — | 5.5 | 7y ago | RHSA-2019:3610: libqb security and bug fix update (Moderate) | |||
| CVE-2019-9893 | medium | — | 5.5 | 7y ago | RHSA-2019:3624: libseccomp security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-1000019 | medium | — | 5.5 | 7y ago | RHSA-2019:3698: libarchive security and bug fix update (Moderate) | |||
| CVE-2019-1000020 | medium | — | 5.5 | 7y ago | RHSA-2019:3698: libarchive security and bug fix update (Moderate) | |||
| CVE-2019-3836 | medium | — | 5.5 | 7y ago | RHSA-2019:3600: gnutls security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-3829 | medium | — | 5.5 | 7y ago | RHSA-2019:3600: gnutls security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-3817 | medium | — | 5.5 | 7y ago | RHSA-2019:3583: yum security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-3814 | medium | — | 5.5 | 7y ago | It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could … | |||
| CVE-2019-16942 | medium | — | 5.5 | 7y ago | RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-2945 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2981 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2975 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2973 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2964 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2978 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2962 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2983 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2989 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) |