CVEs from 2019
Total
3,163
critical
critical 231
high
high 484
medium
medium 483
low
low 94
% Critical
7.3%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-13038 | medium | — | 5.5 | 6y ago | RHSA-2020:1660: mod_auth_mellon security and bug fix update (Moderate) | |||
| CVE-2019-13456 | medium | — | 5.5 | 6y ago | RHSA-2020:1672: freeradius:3.0 security update (Moderate) | |||
| CVE-2019-18277 | medium | — | 5.5 | 6y ago | RHSA-2020:1725: haproxy security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14973 | medium | — | 5.5 | 6y ago | RHSA-2020:1688: libtiff security update (Moderate) | |||
| CVE-2019-5481 | medium | — | 5.5 | 6y ago | Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. | |||
| CVE-2019-14907 | medium | — | 5.5 | 6y ago | RHSA-2020:1878: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-19924 | medium | — | 5.5 | 6y ago | RHSA-2020:1810: sqlite security and bug fix update (Moderate) | |||
| CVE-2019-19959 | medium | — | 5.5 | 6y ago | RHSA-2020:1810: sqlite security and bug fix update (Moderate) | |||
| CVE-2019-5188 | medium | — | 5.5 | 6y ago | RHSA-2020:1913: e2fsprogs security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-8457 | medium | — | 5.5 | 6y ago | RHSA-2020:1810: sqlite security and bug fix update (Moderate) | |||
| CVE-2019-1547 | medium | — | 5.5 | 6y ago | RHSA-2020:1840: openssl security and bug fix update (Moderate) | |||
| CVE-2019-1549 | medium | — | 5.5 | 6y ago | RHSA-2020:1840: openssl security and bug fix update (Moderate) | |||
| CVE-2019-1563 | medium | — | 5.5 | 6y ago | RHSA-2020:1840: openssl security and bug fix update (Moderate) | |||
| CVE-2019-6477 | medium | — | 5.5 | 6y ago | RHSA-2020:1845: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-15847 | medium | — | 5.5 | 6y ago | RHSA-2020:1864: gcc security and bug fix update (Moderate) | |||
| CVE-2019-5094 | medium | — | 5.5 | 6y ago | RHSA-2020:1913: e2fsprogs security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-10197 | medium | — | 5.5 | 6y ago | RHSA-2020:1878: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-10218 | medium | — | 5.5 | 6y ago | RHSA-2020:1878: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-17042 | medium | — | 5.5 | 6y ago | RHSA-2020:1702: rsyslog security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-19923 | medium | — | 5.5 | 6y ago | flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or inc… | |||
| CVE-2019-17041 | medium | — | 5.5 | 6y ago | RHSA-2020:1702: rsyslog security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14563 | medium | — | 5.5 | 6y ago | RHSA-2020:1712: edk2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-18934 | medium | — | 5.5 | 6y ago | RHSA-2020:1716: unbound security update (Moderate) | |||
| CVE-2019-19330 | medium | — | 5.5 | 6y ago | RHSA-2020:1725: haproxy security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14818 | medium | — | 5.5 | 6y ago | RHSA-2020:1735: dpdk security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-5436 | medium | — | 5.5 | 6y ago | A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. | |||
| CVE-2019-19232 | medium | — | 5.5 | 6y ago | In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The so… | |||
| CVE-2019-19234 | medium | — | 5.5 | 6y ago | In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to… | |||
| CVE-2019-15695 | medium | — | 5.5 | 6y ago | RHSA-2020:1497: tigervnc security update (Moderate) | |||
| CVE-2019-15691 | medium | — | 5.5 | 6y ago | RHSA-2020:1497: tigervnc security update (Moderate) | |||
| CVE-2019-15693 | medium | — | 5.5 | 6y ago | RHSA-2020:1497: tigervnc security update (Moderate) | |||
| CVE-2019-15694 | medium | — | 5.5 | 6y ago | RHSA-2020:1497: tigervnc security update (Moderate) | |||
| CVE-2019-15692 | medium | — | 5.5 | 6y ago | RHSA-2020:1497: tigervnc security update (Moderate) | |||
| CVE-2019-19527 | medium | — | 5.5 | 6y ago | In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. | |||
| CVE-2019-18660 | medium | — | 5.5 | 6y ago | The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/… | |||
| CVE-2019-15031 | medium | — | 5.5 | 6y ago | In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a trans… | |||
| CVE-2019-15030 | medium | — | 5.5 | 6y ago | In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local… | |||
| CVE-2019-20892 | medium | — | 5.5 | 6y ago | RHBA-2020:1376: net-snmp bug fix and enhancement update (Moderate) | |||
| CVE-2019-18874 | medium | — | 5.5 | 6y ago | RHSA-2021:4324: python-psutil security update (Moderate) | |||
| CVE-2019-20330 | medium | — | 5.5 | 6y ago | RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-10164 | medium | — | 5.5 | 6y ago | RHSA-2020:3669: postgresql:10 security and bug fix update (Moderate) | |||
| CVE-2019-14865 | medium | — | 5.5 | 6y ago | RHSA-2020:0335: grub2 security update (Moderate) | |||
| CVE-2019-17631 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2996 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-8688 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6… | |||
| CVE-2019-8644 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for … | |||
| CVE-2019-8707 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processin… | |||
| CVE-2019-8658 | medium | — | 5.5 | 7y ago | A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows… | |||
| CVE-2019-8683 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6… | |||
| CVE-2019-8821 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windo… | |||
| CVE-2019-8763 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13, Safari 13.0.1, iTunes for Windows 12.10.1, iCloud for Windows… | |||
| CVE-2019-8684 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6… | |||
| CVE-2019-8822 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windo… | |||
| CVE-2019-8680 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for … | |||
| CVE-2019-8733 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processin… | |||
| CVE-2019-8678 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for … | |||
| CVE-2019-8674 | medium | — | 5.5 | 7y ago | A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting. | |||
| CVE-2019-8719 | medium | — | 5.5 | 7y ago | A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafte… | |||
| CVE-2019-8669 | medium | — | 5.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6… | |||
| CVE-2019-17531 | medium | — | 5.5 | 7y ago | RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-16943 | medium | — | 5.5 | 7y ago | RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-18224 | medium | — | 5.5 | 7y ago | RHBA-2019:3621: libidn2 bug fix and enhancement update (Moderate) | |||
| CVE-2019-13345 | medium | — | 5.5 | 7y ago | RHSA-2019:3476: squid:4 security and bug fix update (Moderate) | |||
| CVE-2019-9947 | medium | — | 5.5 | 7y ago | RHSA-2019:3520: python3 security and bug fix update (Moderate) | |||
| CVE-2019-9948 | medium | — | 5.5 | 7y ago | RHSA-2019:3520: python3 security and bug fix update (Moderate) | |||
| CVE-2019-9740 | medium | — | 5.5 | 7y ago | RHSA-2019:3520: python3 security and bug fix update (Moderate) | |||
| CVE-2019-0160 | medium | — | 5.5 | 7y ago | RHSA-2019:3338: edk2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-1000019 | medium | — | 5.5 | 7y ago | RHSA-2019:3698: libarchive security and bug fix update (Moderate) | |||
| CVE-2019-3880 | medium | — | 5.5 | 7y ago | RHSA-2019:3582: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-0161 | medium | — | 5.5 | 7y ago | RHSA-2019:3338: edk2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-1000020 | medium | — | 5.5 | 7y ago | RHSA-2019:3698: libarchive security and bug fix update (Moderate) | |||
| CVE-2019-15718 | medium | — | 5.5 | 7y ago | In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access… | |||
| CVE-2019-6470 | medium | — | 5.5 | 7y ago | RHSA-2019:3525: dhcp security and bug fix update (Moderate) | |||
| CVE-2019-2510 | medium | — | 5.5 | 7y ago | RHSA-2019:3708: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2019-5010 | medium | — | 5.5 | 7y ago | RHSA-2019:3520: python3 security and bug fix update (Moderate) | |||
| CVE-2019-3822 | medium | — | 5.5 | 7y ago | libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_mess… | |||
| CVE-2019-12749 | medium | — | 5.5 | 7y ago | dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofi… | |||
| CVE-2019-3814 | medium | — | 5.5 | 7y ago | It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could … | |||
| CVE-2019-0220 | medium | — | 5.5 | 7y ago | A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule… | |||
| CVE-2019-10143 | medium | — | 5.5 | 7y ago | RHSA-2019:3353: freeradius:3.0 security and bug fix update (Moderate) | |||
| CVE-2019-3890 | medium | — | 5.5 | 7y ago | RHSA-2019:3699: evolution security and bug fix update (Moderate) | |||
| CVE-2019-12779 | medium | — | 5.5 | 7y ago | RHSA-2019:3610: libqb security and bug fix update (Moderate) | |||
| CVE-2019-3829 | medium | — | 5.5 | 7y ago | RHSA-2019:3600: gnutls security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-3877 | medium | — | 5.5 | 7y ago | RHSA-2019:3421: mod_auth_mellon security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-0217 | medium | — | 5.5 | 7y ago | In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another usern… | |||
| CVE-2019-3836 | medium | — | 5.5 | 7y ago | RHSA-2019:3600: gnutls security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-12450 | medium | — | 5.5 | 7y ago | RHSA-2019:3530: glib2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9893 | medium | — | 5.5 | 7y ago | RHSA-2019:3624: libseccomp security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-3817 | medium | — | 5.5 | 7y ago | RHSA-2019:3583: yum security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-3823 | medium | — | 5.5 | 7y ago | libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL termi… | |||
| CVE-2019-16942 | medium | — | 5.5 | 7y ago | RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-2973 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2964 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2978 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2999 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2962 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2945 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2989 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2992 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2019-2988 | medium | — | 5.5 | 7y ago | RHSA-2020:0046: java-1.8.0-ibm security update (Moderate) |