CVEs from 2019
Total
4,212
critical
critical 232
high
high 331
medium
medium 302
low
low 72
% Critical
5.5%
% with KEV
2.8%
% with exploit
2.9%
Top products
- u-boot 20
- nsauditor 1
- crypto 1
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2019-7481 | unknown | — | 1.5 | 5y ago | SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources. | |
| CVE-2019-18988 | unknown | — | 1.5 | 5y ago | TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt p… | |
| CVE-2019-8394 | unknown | — | 1.5 | 5y ago | Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization. | |
| CVE-2019-20085 | unknown | — | 1.5 | 5y ago | TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests. | |
| CVE-2019-1367 | unknown | — | 1.5 | 5y ago | Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context o… | |
| CVE-2019-11580 | unknown | — | 1.5 | 5y ago | Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds. | |
| CVE-2019-1653 | unknown | — | 1.5 | 5y ago | Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diag… | |
| CVE-2019-0708 | unknown | — | 1.5 | 5y ago | Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send… | |
| CVE-2019-6223 | unknown | — | 1.5 | 5y ago | Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user interaction. | |
| CVE-2019-3396 | unknown | — | 1.5 | 5y ago | Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution. | |
| CVE-2019-18935 | unknown | — | 1.5 | 5y ago | Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe proce… | |
| CVE-2019-0604 | unknown | — | 1.5 | 5y ago | Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of the SharePoint applica… | |
| CVE-2019-3398 | unknown | — | 1.5 | 5y ago | Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can… | |
| CVE-2019-0808 | unknown | — | 1.5 | 5y ago | Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run code in kernel mode. | |
| CVE-2019-17558 | unknown | — | 1.5 | 6y ago | The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution. | |
| CVE-2019-10758 | unknown | — | 1.5 | 7y ago | mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. | |
| CVE-2019-0193 | unknown | — | 1.5 | 7y ago | The optional Apache Solr module DataImportHandler contains a code injection vulnerability. | |
| CVE-2019-6340 | unknown | — | 1.5 | 7y ago | In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases. | |
| CVE-2019-10226 | unknown | — | 1.0 | 4y ago | Fat Free CRM Cross-site Scripting vulnerability | |
| CVE-2019-1999 | unknown | — | — | — | In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privi… | |
| CVE-2019-2025 | unknown | — | — | — | In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges n… |