CVEs from 2019
Total
3,413
critical
critical 232
high
high 332
medium
medium 301
low
low 72
% Critical
6.8%
% with KEV
3.5%
% with exploit
3.5%
Top products
- u-boot 20
- nsauditor 1
- crypto 1
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2019-13720 | critical | — | 10.0 | 4y ago | arbitrary code execution in chromium | |
| CVE-2019-11707 | critical | — | 10.0 | 4y ago | Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash. | |
| CVE-2019-11043 | critical | — | 10.0 | 4y ago | Critical: php:7.2 security update | |
| CVE-2019-16928 | critical | — | 10.0 | 4y ago | Exim contains an out-of-bounds write vulnerability which can allow for remote code execution. | |
| CVE-2019-10149 | critical | — | 10.0 | 4y ago | Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. | |
| CVE-2019-17026 | critical | — | 10.0 | 5y ago | Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements. | |
| CVE-2019-0211 | critical | — | 10.0 | 5y ago | Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute c… | |
| CVE-2019-11708 | high | — | 9.5 | 4y ago | Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution. | |
| CVE-2019-5786 | high | — | 9.5 | 6y ago | arbitrary code execution in chromium | |
| CVE-2019-8720 | medium | — | 7.0 | 4y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8506 | low | — | 4.0 | 4y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-2215 | unknown | — | 2.5 | 5y ago | A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require… | |
| CVE-2019-5418 | unknown | — | 2.5 | 7y ago | Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server… | |
| CVE-2019-19006 | unknown | — | 1.5 | 4mo ago | Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services provided by the FreePBX admin. | |
| CVE-2019-9621 | unknown | — | 1.5 | 11mo ago | Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery (SSRF) vulnerability via the ProxyServlet component. | |
| CVE-2019-6693 | unknown | — | 1.5 | 11mo ago | Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key. | |
| CVE-2019-9874 | unknown | — | 1.5 | 1y ago | Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an unauthenticated attacker to execute arbitrary code by sending… | |
| CVE-2019-9875 | unknown | — | 1.5 | 1y ago | Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an authenticated attacker to execute arbitrary code by sending a… | |
| CVE-2019-11001 | unknown | — | 1.5 | 2y ago | Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the "TestEmail… | |
| CVE-2019-16278 | unknown | — | 1.5 | 2y ago | Nostromo nhttpd contains a directory traversal vulnerability in the http_verify() function in a non-chrooted nhttpd server allowing for remote code execution. | |
| CVE-2019-0344 | unknown | — | 1.5 | 2y ago | SAP Commerce Cloud (formerly known as Hybris) contains a deserialization of untrusted data vulnerability within the mediaconversion and virtualjdbc extension that allows for code injection. | |
| CVE-2019-7256 | unknown | — | 1.5 | 2y ago | Nice Linear eMerge E3-Series contains an OS command injection vulnerability that allows an attacker to conduct remote code execution. | |
| CVE-2019-20500 | unknown | — | 1.5 | 3y ago | D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?act… | |
| CVE-2019-17621 | unknown | — | 1.5 | 3y ago | D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by send… | |
| CVE-2019-8526 | unknown | — | 1.5 | 3y ago | Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. | |
| CVE-2019-1388 | unknown | — | 1.5 | 3y ago | Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context. | |
| CVE-2019-8605 | unknown | — | 1.5 | 4y ago | A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges. | |
| CVE-2019-15271 | unknown | — | 1.5 | 4y ago | A deserialization of untrusted data vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an attacker to execute code with root privileges. | |
| CVE-2019-7193 | unknown | — | 1.5 | 4y ago | QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system. | |
| CVE-2019-7192 | unknown | — | 1.5 | 4y ago | QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system. | |
| CVE-2019-5825 | unknown | — | 1.5 | 4y ago | Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect m… | |
| CVE-2019-7194 | unknown | — | 1.5 | 4y ago | QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files. | |
| CVE-2019-7195 | unknown | — | 1.5 | 4y ago | QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files. | |
| CVE-2019-3010 | unknown | — | 1.5 | 4y ago | Oracle Solaris component: XScreenSaver contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2019-1385 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. | |
| CVE-2019-7287 | unknown | — | 1.5 | 4y ago | Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution. | |
| CVE-2019-0703 | unknown | — | 1.5 | 4y ago | An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, which could lead to information disclosure from the server. | |
| CVE-2019-1130 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. | |
| CVE-2019-0880 | unknown | — | 1.5 | 4y ago | A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system … | |
| CVE-2019-7286 | unknown | — | 1.5 | 4y ago | Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation. | |
| CVE-2019-18426 | unknown | — | 1.5 | 4y ago | A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading. | |
| CVE-2019-0676 | unknown | — | 1.5 | 4y ago | An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of fi… | |
| CVE-2019-1003030 | unknown | — | 1.5 | 4y ago | Sandbox bypass in Jenkins Pipeline: Groovy Plugin | |
| CVE-2019-1003029 | unknown | — | 1.5 | 4y ago | Sandbox bypass in Script Security Plugin | |
| CVE-2019-3568 | unknown | — | 1.5 | 4y ago | A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. | |
| CVE-2019-3929 | unknown | — | 1.5 | 4y ago | Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system comma… | |
| CVE-2019-16057 | unknown | — | 1.5 | 4y ago | The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution. | |
| CVE-2019-7483 | unknown | — | 1.5 | 4y ago | In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. | |
| CVE-2019-15107 | unknown | — | 1.5 | 4y ago | An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability. | |
| CVE-2019-12991 | unknown | — | 1.5 | 4y ago | Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance. | |
| CVE-2019-12989 | unknown | — | 1.5 | 4y ago | Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection. | |
| CVE-2019-16920 | unknown | — | 1.5 | 4y ago | Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise. | |
| CVE-2019-0903 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could… | |
| CVE-2019-10068 | unknown | — | 1.5 | 4y ago | Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution. | |
| CVE-2019-2616 | unknown | — | 1.5 | 4y ago | Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attributes this vulnerability to allowing for au… | |
| CVE-2019-1129 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. | |
| CVE-2019-1405 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation. | |
| CVE-2019-0841 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. | |
| CVE-2019-0543 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated conte… | |
| CVE-2019-1069 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations. | |
| CVE-2019-1132 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. | |
| CVE-2019-1064 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. | |
| CVE-2019-1315 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted fi… | |
| CVE-2019-1322 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated conte… | |
| CVE-2019-1253 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. | |
| CVE-2019-11581 | unknown | — | 1.5 | 4y ago | Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution. | |
| CVE-2019-1297 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory. | |
| CVE-2019-1652 | unknown | — | 1.5 | 4y ago | A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges… | |
| CVE-2019-0752 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer | |
| CVE-2019-7609 | unknown | — | 1.5 | 4y ago | Kibana contain an arbitrary code execution flaw in the Timelion visualizer. | |
| CVE-2019-2725 | unknown | — | 1.5 | 4y ago | Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). | |
| CVE-2019-9670 | unknown | — | 1.5 | 4y ago | Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component. | |
| CVE-2019-1458 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP. | |
| CVE-2019-1579 | unknown | — | 1.5 | 4y ago | Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled. | |
| CVE-2019-7238 | unknown | — | 1.5 | 5y ago | Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution. | |
| CVE-2019-13272 | unknown | — | 1.5 | 5y ago | In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obta… | |
| CVE-2019-13608 | unknown | — | 1.5 | 5y ago | Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information. | |
| CVE-2019-19781 | unknown | — | 1.5 | 5y ago | Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution. | |
| CVE-2019-4716 | unknown | — | 1.5 | 5y ago | IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. | |
| CVE-2019-5544 | unknown | — | 1.5 | 5y ago | VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the Op… | |
| CVE-2019-0541 | unknown | — | 1.5 | 5y ago | Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability. | |
| CVE-2019-0708 | unknown | — | 1.5 | 5y ago | Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send… | |
| CVE-2019-0797 | unknown | — | 1.5 | 5y ago | Microsoft Win32k contains a privilege escalation vulnerability when the Win32k component fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kern… | |
| CVE-2019-18187 | unknown | — | 1.5 | 5y ago | Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution. | |
| CVE-2019-1367 | unknown | — | 1.5 | 5y ago | Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context o… | |
| CVE-2019-3398 | unknown | — | 1.5 | 5y ago | Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can… | |
| CVE-2019-1653 | unknown | — | 1.5 | 5y ago | Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diag… | |
| CVE-2019-0808 | unknown | — | 1.5 | 5y ago | Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run code in kernel mode. | |
| CVE-2019-9082 | unknown | — | 1.5 | 5y ago | ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by… | |
| CVE-2019-15752 | unknown | — | 1.5 | 5y ago | Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop… | |
| CVE-2019-7481 | unknown | — | 1.5 | 5y ago | SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources. | |
| CVE-2019-0803 | unknown | — | 1.5 | 5y ago | Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in k… | |
| CVE-2019-11510 | unknown | — | 1.5 | 5y ago | Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI. | |
| CVE-2019-16759 | unknown | — | 1.5 | 5y ago | The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. | |
| CVE-2019-11634 | unknown | — | 1.5 | 5y ago | Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives. | |
| CVE-2019-11539 | unknown | — | 1.5 | 5y ago | Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands. | |
| CVE-2019-16256 | unknown | — | 1.5 | 5y ago | SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other attacks by modifying th… | |
| CVE-2019-19356 | unknown | — | 1.5 | 5y ago | Netis WF2419 devices contains an unspecified vulnerability that allows an attacker to perform remote code execution as root through the router's web management page. | |
| CVE-2019-0863 | unknown | — | 1.5 | 5y ago | Microsoft Windows Error Reporting (WER) contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode. | |
| CVE-2019-5591 | unknown | — | 1.5 | 5y ago | Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Direc… |