CVEs from 2019
Total
3,162
critical
critical 238
high
high 485
medium
medium 485
low
low 94
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-1069 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations. | |||
| CVE-2019-1064 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. | |||
| CVE-2019-1315 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted fi… | |||
| CVE-2019-1129 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. | |||
| CVE-2019-11581 | unknown | — | 1.5 | 4y ago | Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution. | |||
| CVE-2019-1297 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory. | |||
| CVE-2019-1579 | unknown | — | 1.5 | 5y ago | Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled. | |||
| CVE-2019-7238 | unknown | — | 1.5 | 5y ago | Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution. | |||
| CVE-2019-18187 | unknown | — | 1.5 | 5y ago | Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution. | |||
| CVE-2019-0859 | unknown | — | 1.5 | 5y ago | Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode. | |||
| CVE-2019-1214 | unknown | — | 1.5 | 5y ago | Microsoft Windows Common Log File System (CLFS) driver improperly handles objects in memory which can allow for privilege escalation. | |||
| CVE-2019-5544 | unknown | — | 1.5 | 5y ago | VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the Op… | |||
| CVE-2019-6223 | unknown | — | 1.5 | 5y ago | Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user interaction. | |||
| CVE-2019-11634 | unknown | — | 1.5 | 5y ago | Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives. | |||
| CVE-2019-13608 | unknown | — | 1.5 | 5y ago | Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information. | |||
| CVE-2019-19356 | unknown | — | 1.5 | 5y ago | Netis WF2419 devices contains an unspecified vulnerability that allows an attacker to perform remote code execution as root through the router's web management page. | |||
| CVE-2019-1367 | unknown | — | 1.5 | 5y ago | Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context o… | |||
| CVE-2019-5591 | unknown | — | 1.5 | 5y ago | Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Direc… | |||
| CVE-2019-16256 | unknown | — | 1.5 | 5y ago | SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other attacks by modifying th… | |||
| CVE-2019-7481 | unknown | — | 1.5 | 5y ago | SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources. | |||
| CVE-2019-0797 | unknown | — | 1.5 | 5y ago | Microsoft Win32k contains a privilege escalation vulnerability when the Win32k component fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kern… | |||
| CVE-2019-10758 | unknown | — | 1.5 | 7y ago | mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. | |||
| CVE-2019-0193 | unknown | — | 1.5 | 7y ago | The optional Apache Solr module DataImportHandler contains a code injection vulnerability. | |||
| CVE-2019-6110 | unknown | — | 1.0 | — | In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI c… | |||
| CVE-2019-12928 | unknown | — | 1.0 | — | The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosu… | |||
| CVE-2019-6215 | unknown | — | 1.0 | — | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing malic… | |||
| CVE-2019-7303 | unknown | — | 1.0 | — | A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to ma… | |||
| CVE-2019-8375 | unknown | — | 1.0 | — | The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, whi… | |||
| CVE-2019-15791 | unknown | — | 1.0 | — | In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem wit… | |||
| CVE-2019-7304 | unknown | — | 1.0 | — | Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37… | |||
| CVE-2019-15793 | unknown | — | 1.0 | — | In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the l… | |||
| CVE-2019-15792 | unknown | — | 1.0 | — | In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resu… | |||
| CVE-2019-9162 | unknown | — | 1.0 | — | In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and w… | |||
| CVE-2019-1999 | unknown | — | 1.0 | — | In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privi… | |||
| CVE-2019-19241 | unknown | — | 1.0 | — | In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and n… | |||
| CVE-2019-2025 | unknown | — | 1.0 | — | In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges n… | |||
| CVE-2019-10475 | unknown | — | 1.0 | 4y ago | Jenkins build-metrics Plugin reflected cross-site scripting vulnerability | |||
| CVE-2019-11932 | unknown | — | 1.0 | 4y ago | android-gif-drawable Double Free vulnerability | |||
| CVE-2019-10349 | unknown | — | 1.0 | 4y ago | Jenkins Dependency Graph Viewer Plugin contains Cross-site Scripting | |||
| CVE-2019-6588 | unknown | — | 1.0 | 4y ago | Liferay Portal Allows Cross-Site Scripting (XSS) via the SimpleCaptcha API | |||
| CVE-2019-0186 | unknown | — | 1.0 | 4y ago | Cross-site Scripting in Apache Pluto Chatroom demo | |||
| CVE-2019-1003001 | unknown | — | 1.0 | 4y ago | Jenkins Groovy Plugin sandbox bypass vulnerability | |||
| CVE-2019-1003002 | unknown | — | 1.0 | 4y ago | Jenkins Pipeline Declarative Plugin sandbox bypass vulnerability | |||
| CVE-2019-1003000 | unknown | — | 1.0 | 4y ago | Protection Mechanism Failure in Jenkins Script Security Plugin | |||
| CVE-2019-6804 | unknown | — | 1.0 | 4y ago | Rundeck Community Edition vulnerable to Cross-site Scripting | |||
| CVE-2019-1003005 | unknown | — | 1.0 | 4y ago | Sandbox Bypass in Script Security Plugin | |||
| CVE-2019-0230 | unknown | — | 1.0 | 5y ago | Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts | |||
| CVE-2019-17554 | unknown | — | 1.0 | 6y ago | Improper Restriction of XML External Entity Reference in Apache Olingo | |||
| CVE-2019-13236 | unknown | — | 1.0 | 7y ago | XSS issues in the management interface | |||
| CVE-2019-13235 | unknown | — | 1.0 | 7y ago | XSS in login form | |||
| CVE-2019-13237 | unknown | — | 1.0 | 7y ago | Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms | |||
| CVE-2019-13234 | unknown | — | 1.0 | 7y ago | XSS in search engine | |||
| CVE-2019-11269 | unknown | — | 1.0 | 7y ago | Open Redirect in Spring Security OAuth | |||
| CVE-2019-0221 | unknown | — | 1.0 | 7y ago | The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by… | |||
| CVE-2019-3799 | unknown | — | 1.0 | 7y ago | Path Traversal in Spring Cloud Config | |||
| CVE-2019-0227 | unknown | — | 1.0 | 7y ago | Server Side Request Forgery in Apache Axis | |||
| CVE-2019-0232 | unknown | — | 1.0 | 7y ago | When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a b… | |||
| CVE-2019-3778 | unknown | — | 1.0 | 7y ago | spring-security-oauth and spring-security-oauth2 Open Redirect vulnerability | |||
| CVE-2019-11754 | unknown | — | — | — | When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users. This vuln… | |||
| CVE-2019-17541 | unknown | — | — | — | ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. | |||
| CVE-2019-11470 | unknown | — | — | — | The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image s… | |||
| CVE-2019-11472 | unknown | — | — | — | ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which… | |||
| CVE-2019-12974 | unknown | — | — | — | A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service … | |||
| CVE-2019-13136 | unknown | — | — | — | ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c. | |||
| CVE-2019-13302 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages. | |||
| CVE-2019-13304 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment. | |||
| CVE-2019-13305 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. | |||
| CVE-2019-13306 | unknown | — | — | — | ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. | |||
| CVE-2019-13391 | unknown | — | — | — | In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels. | |||
| CVE-2019-16709 | unknown | — | — | — | ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. | |||
| CVE-2019-14981 | unknown | — | — | — | In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a cr… | |||
| CVE-2019-15140 | unknown | — | — | — | coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab ima… | |||
| CVE-2019-16711 | unknown | — | — | — | ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. | |||
| CVE-2019-17540 | unknown | — | — | — | ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c. | |||
| CVE-2019-18853 | unknown | — | — | — | ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2. | |||
| CVE-2019-19949 | unknown | — | — | — | In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. | |||
| CVE-2019-16159 | unknown | — | — | — | BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included… | |||
| CVE-2019-17021 | unknown | — | — | — | During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windo… | |||
| CVE-2019-17019 | unknown | — | — | — | When Python was installed on Windows, a python file being served with the MIME type of text/plain could be executed by Python instead of being opened as a text file when the Open option was selected … | |||
| CVE-2019-17018 | unknown | — | — | — | When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affects Firefox < 72. | |||
| CVE-2019-11751 | unknown | — | — | — | Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used t… | |||
| CVE-2019-5020 | unknown | — | — | — | An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, res… | |||
| CVE-2019-3815 | unknown | — | — | — | A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_i… | |||
| CVE-2019-5871 | unknown | — | — | — | Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2019-5817 | unknown | — | — | — | Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2019-5870 | unknown | — | — | — | Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2019-5845 | unknown | — | — | — | Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2019-5816 | unknown | — | — | — | Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page. | |||
| CVE-2019-15219 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. | |||
| CVE-2019-13683 | unknown | — | — | — | Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2019-3870 | unknown | — | — | — | A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the insta… | |||
| CVE-2019-15098 | unknown | — | — | — | drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. | |||
| CVE-2019-15117 | unknown | — | — | — | parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access. | |||
| CVE-2019-15239 | unknown | — | — | — | In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability … | |||
| CVE-2019-15220 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. | |||
| CVE-2019-15222 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.2.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver. | |||
| CVE-2019-3824 | unknown | — | — | — | A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the L… | |||
| CVE-2019-15291 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop… | |||
| CVE-2019-15538 | unknown | — | — | — | An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsi… | |||
| CVE-2019-14902 | unknown | — | — | — | There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a… |