CVEs from 2019
Total
3,158
critical
critical 227
high
high 474
medium
medium 476
low
low 94
% Critical
7.2%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-8720 | medium | — | 7.0 | 4y ago | WebKitGTK contains a memory corruption vulnerability which can allow an attacker to perform remote code execution. | |||
| CVE-2019-6109 | medium | 6.8 | 6.8 | 7y ago | An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the… | |||
| CVE-2019-8341 | medium | — | 6.5 | — | An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then ret… | |||
| CVE-2019-25720 | medium | 6.5 | 6.5 | 13h ago | Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain a denial-of-service vulnerability in all software versions that allows unauthenticated attackers to reboot th… | |||
| CVE-2019-25724 | medium | 6.5 | 6.5 | 1d ago | Dräger Infinity M300 patient worn monitors with software version VG2.x and earlier contain a network-based denial of service vulnerability that allows attackers with access to the hospital or Infinit… | |||
| CVE-2019-25721 | medium | 6.5 | 6.5 | 1d ago | Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier contain a network-based denial of service vulnerability that allows network-adjacent attackers to repeatedly trigg… | |||
| CVE-2019-25716 | medium | 6.5 | 6.5 | 2d ago | Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet… | |||
| CVE-2019-15794 | medium | — | 6.5 | 5y ago | Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the or… | |||
| CVE-2019-16168 | medium | 6.5 | 6.5 | 5y ago | RHSA-2021:1968: mingw packages security and bug fix update (Moderate) | |||
| CVE-2019-3842 | medium | — | 6.5 | 5y ago | RHSA-2021:1611: systemd security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-10098 | medium | — | 6.5 | 6y ago | In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL wi… | |||
| CVE-2019-10092 | medium | — | 6.5 | 6y ago | In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instea… | |||
| CVE-2019-6977 | medium | — | 6.5 | 6y ago | RHSA-2020:4659: gd security update (Moderate) | |||
| CVE-2019-8820 | medium | — | 6.5 | 6y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCl… | |||
| CVE-2019-3843 | medium | — | 6.5 | 6y ago | RHSA-2020:1794: systemd security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9851 | medium | — | 6.5 | 6y ago | LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection … | |||
| CVE-2019-3844 | medium | — | 6.5 | 6y ago | RHSA-2020:1794: systemd security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-11135 | medium | 6.5 | 6.5 | 6y ago | TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. | |||
| CVE-2019-8649 | medium | — | 6.5 | 7y ago | A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1… | |||
| CVE-2019-8765 | medium | — | 6.5 | 7y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution. | |||
| CVE-2019-6706 | medium | — | 6.5 | 7y ago | RHSA-2019:3706: lua security and bug fix update (Moderate) | |||
| CVE-2019-6111 | medium | — | 6.5 | 7y ago | An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only perf… | |||
| CVE-2019-10990 | medium | 6.5 | 6.5 | 7y ago | Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to… | |||
| CVE-2019-6576 | medium | 6.5 | 6.5 | 7y ago | A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KT… | |||
| CVE-2019-6129 | medium | 6.5 | 6.5 | 8y ago | png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer. | |||
| CVE-2019-25648 | medium | 6.2 | 6.2 | 2mo ago | MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field. A… | |||
| CVE-2019-10955 | medium | 6.1 | 6.1 | 7y ago | In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and e… | |||
| CVE-2019-11840 | medium | 5.9 | 5.9 | 7y ago | An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/… | |||
| CVE-2019-11091 | medium | 5.6 | 5.6 | 7y ago | Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable informati… | |||
| CVE-2019-10209 | medium | — | 5.5 | — | multiple issues in postgresql-libs, postgresql | |||
| CVE-2019-6988 | medium | — | 5.5 | — | An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_… | |||
| CVE-2019-19918 | medium | — | 5.5 | — | arbitrary code execution in lout | |||
| CVE-2019-5717 | medium | — | 5.5 | — | In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero. | |||
| CVE-2019-5719 | medium | — | 5.5 | — | In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data blo… | |||
| CVE-2019-20093 | medium | — | 5.5 | — | The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtrac… | |||
| CVE-2019-11499 | medium | — | 5.5 | — | In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message. | |||
| CVE-2019-9199 | medium | — | 5.5 | — | PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose bi… | |||
| CVE-2019-3832 | medium | — | 5.5 | — | It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this… | |||
| CVE-2019-7663 | medium | — | 5.5 | — | An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote… | |||
| CVE-2019-3807 | medium | — | 5.5 | — | An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properl… | |||
| CVE-2019-8398 | medium | — | 5.5 | — | An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c. | |||
| CVE-2019-5718 | medium | — | 5.5 | — | In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check. | |||
| CVE-2019-8397 | medium | — | 5.5 | — | An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c. | |||
| CVE-2019-6128 | medium | — | 5.5 | — | The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. | |||
| CVE-2019-10691 | medium | — | 5.5 | — | The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username. | |||
| CVE-2019-11494 | medium | — | 5.5 | — | In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command. | |||
| CVE-2019-6291 | medium | — | 5.5 | — | An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself … | |||
| CVE-2019-13615 | medium | — | 5.5 | — | libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement. | |||
| CVE-2019-12210 | medium | — | 5.5 | — | In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descr… | |||
| CVE-2019-6290 | medium | — | 5.5 | — | An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, be… | |||
| CVE-2019-6476 | medium | — | 5.5 | — | A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.… | |||
| CVE-2019-17498 | medium | — | 5.5 | — | In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a s… | |||
| CVE-2019-14847 | medium | — | 5.5 | — | A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not po… | |||
| CVE-2019-19480 | medium | — | 5.5 | — | An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry. | |||
| CVE-2019-9687 | medium | — | 5.5 | — | PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. | |||
| CVE-2019-14833 | medium | — | 5.5 | — | A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Sam… | |||
| CVE-2019-12209 | medium | — | 5.5 | — | Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks syml… | |||
| CVE-2019-6475 | medium | — | 5.5 | — | Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to D… | |||
| CVE-2019-20790 | medium | — | 5.5 | — | OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM fi… | |||
| CVE-2019-19917 | medium | — | 5.5 | — | arbitrary code execution in lout | |||
| CVE-2019-10723 | medium | — | 5.5 | — | An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated. | |||
| CVE-2019-19721 | medium | — | 5.5 | — | An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted i… | |||
| CVE-2019-5716 | medium | — | 5.5 | — | In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. | |||
| CVE-2019-16927 | medium | — | 5.5 | — | Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. | |||
| CVE-2019-16378 | medium | — | 5.5 | — | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be rel… | |||
| CVE-2019-7148 | medium | — | 5.5 | — | An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denia… | |||
| CVE-2019-3806 | medium | — | 5.5 | — | An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly… | |||
| CVE-2019-17567 | medium | — | 5.5 | — | Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing … | |||
| CVE-2019-6502 | medium | — | 5.5 | — | sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. | |||
| CVE-2019-8396 | medium | — | 5.5 | — | A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while rep… | |||
| CVE-2019-25597 | medium | 5.5 | 5.5 | 2mo ago | NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers … | |||
| CVE-2019-17543 | medium | — | 5.5 | 11mo ago | RHSA-2025:11035: lz4 security update (Moderate) | |||
| CVE-2019-19012 | medium | — | 5.5 | 1y ago | RHSA-2025:7539: ruby:2.5 security update (Moderate) | |||
| CVE-2019-12900 | medium | — | 5.5 | 1y ago | RHSA-2025:0733: bzip2 security and bug fix update (Moderate) | |||
| CVE-2019-25162 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device… | |||
| CVE-2019-15505 | medium | — | 5.5 | 2y ago | drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). | |||
| CVE-2019-13631 | medium | — | 5.5 | 2y ago | In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation o… | |||
| CVE-2019-19204 | medium | — | 5.5 | 2y ago | RHSA-2024:0889: oniguruma security update (Moderate) | |||
| CVE-2019-13224 | medium | — | 5.5 | 2y ago | RHSA-2024:0889: oniguruma security update (Moderate) | |||
| CVE-2019-19203 | medium | — | 5.5 | 2y ago | RHSA-2024:0889: oniguruma security update (Moderate) | |||
| CVE-2019-16163 | medium | — | 5.5 | 2y ago | RHSA-2024:0889: oniguruma security update (Moderate) | |||
| CVE-2019-19499 | medium | — | 5.5 | 2y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14560 | medium | — | 5.5 | 3y ago | RHSA-2023:6919: edk2 security and bug fix update (Moderate) | |||
| CVE-2019-19921 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2019-25058 | medium | — | 5.5 | 3y ago | RHSA-2023:0087: usbguard security update (Moderate) | |||
| CVE-2019-25033 | medium | — | 5.5 | 4y ago | RHSA-2022:7622: unbound security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-14809 | medium | — | 5.5 | 4y ago | RHSA-2019:3433: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-6446 | medium | — | 5.5 | 4y ago | RHSA-2019:3704: numpy security update (Moderate) | |||
| CVE-2019-17596 | medium | — | 5.5 | 4y ago | RHSA-2020:0329: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2019-10384 | medium | — | 5.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2019-10383 | medium | — | 5.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2019-6486 | medium | — | 5.5 | 4y ago | Denial of service affecting P-521 and P-384 curves in crypto/elliptic | |||
| CVE-2019-16276 | medium | — | 5.5 | 4y ago | RHSA-2020:0329: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2019-11236 | medium | — | 5.5 | 4y ago | RHSA-2020:1916: python-pip security update (Moderate) | |||
| CVE-2019-1003049 | medium | — | 5.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2019-1003050 | medium | — | 5.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2019-25051 | medium | — | 5.5 | 4y ago | RHSA-2022:1808: aspell security update (Moderate) | |||
| CVE-2019-19005 | medium | — | 5.5 | 5y ago | RHSA-2021:4519: autotrace security update (Moderate) | |||
| CVE-2019-19004 | medium | — | 5.5 | 5y ago | RHSA-2021:4519: autotrace security update (Moderate) | |||
| CVE-2019-17595 | medium | — | 5.5 | 5y ago | RHSA-2021:4426: ncurses security update (Moderate) |