VIR Vulnerability Intelligence Relay

CVEs from 2019

3,602 normalized CVEs published or assigned in this year.

Total
3,602
critical
critical 232
high
high 332
medium
medium 301
low
low 72
% Critical
6.4%
% with KEV
3.3%
% with exploit
3.4%

Top vendors

Top products

  • u-boot 20
  • nsauditor 1
  • crypto 1

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2019-25036 medium 5.5 Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound i… suserockylinuxdebian
CVE-2019-25039 medium 5.5 Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unboun… suserockylinuxdebian
CVE-2019-25041 medium 5.5 Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unboun… suserockylinuxdebian
CVE-2019-15945 medium 5.5 OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. archsusedebian
CVE-2019-6502 medium 5.5 sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. archsusedebian
CVE-2019-6128 medium 5.5 The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. archsusedebian
CVE-2019-6476 medium 5.5 A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.… debianarchsuse
CVE-2019-8396 medium 5.5 A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while rep… archsusedebian
CVE-2019-7663 medium 5.5 An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote… archsusedebian
CVE-2019-15946 medium 5.5 OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. archsusedebian
CVE-2019-16927 medium 5.5 Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. archsusedebian
CVE-2019-14833 medium 5.5 A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Sam… archsusedebian
CVE-2019-3842 medium 5.5 In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular config… suserockylinuxdebian
CVE-2019-10146 medium 5.5 Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update debianrockylinux
CVE-2019-11494 medium 5.5 In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command. archdebian
CVE-2019-25034 medium 5.5 Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be… suserockylinuxdebian
CVE-2019-18281 medium 5.5 An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an a… rockylinuxdebian
CVE-2019-15166 medium 5.5 lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. suserockylinuxdebian
CVE-2019-7149 medium 5.5 A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-servi… archdebian
CVE-2019-7148 medium 5.5 An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denia… archdebian
CVE-2019-10691 medium 5.5 The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username. archsusedebian
CVE-2019-11499 medium 5.5 In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message. archdebian
CVE-2019-25042 medium 5.5 Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound … suserockylinuxdebian
CVE-2019-15892 medium 5.5 An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests… rockylinuxdebian
CVE-2019-20637 medium 5.5 An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next re… rockylinuxdebian
CVE-2019-25597 medium 5.5 5.5 2mo ago NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers …
CVE-2019-17543 medium 5.5 11mo ago Moderate: lz4 security update rockylinuxsusedebian
CVE-2019-19012 medium 5.5 1y ago Moderate: oniguruma security update rockylinuxdebian
CVE-2019-12900 medium 5.5 1y ago Moderate: bzip2 security update redhatdebianrockylinuxsuse
CVE-2019-25162 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device… redhatrockylinuxsusedebian
CVE-2019-15505 medium 5.5 2y ago drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). rockylinuxsusedebian
CVE-2019-13631 medium 5.5 2y ago In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation o… suserockylinuxdebian
CVE-2019-16163 medium 5.5 2y ago Moderate: php:7.3 security, bug fix, and enhancement update susedebianrockylinux
CVE-2019-19204 medium 5.5 2y ago Moderate: php:7.3 security, bug fix, and enhancement update susedebianrockylinux
CVE-2019-13224 medium 5.5 2y ago Moderate: php:7.3 security, bug fix, and enhancement update susedebianrockylinux
CVE-2019-19203 medium 5.5 2y ago Moderate: php:7.3 security, bug fix, and enhancement update susedebianrockylinux
CVE-2019-19499 medium 5.5 2y ago Moderate: grafana security, bug fix, and enhancement update susegolang
CVE-2019-14560 medium 5.5 3y ago Moderate: edk2 security, bug fix, and enhancement update archredhatsuse
CVE-2019-19921 medium 5.5 3y ago Moderate: container-tools:rhel8 security, bug fix, and enhancement update rockylinuxredhatdebiangolang
CVE-2019-25058 medium 5.5 3y ago An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future. redhatsuserockylinuxdebian
CVE-2019-14809 medium 5.5 4y ago Incorrect parsing validation in net/url archgolang
CVE-2019-6446 medium 5.5 4y ago Moderate: python27:2.7 security and bug fix update suserockylinuxpython
CVE-2019-17596 medium 5.5 4y ago Panic on invalid DSA public keys in crypto/dsa archsusegolang
CVE-2019-10383 medium 5.5 4y ago Improper Neutralization of Input During Web Page Generation in Jenkins archjava
CVE-2019-10384 medium 5.5 4y ago Cross-Site Request Forgery in Jenkins archjava
CVE-2019-6486 medium 5.5 4y ago Denial of service affecting P-521 and P-384 curves in crypto/elliptic archsusegolang
CVE-2019-11236 medium 5.5 4y ago Moderate: python27:2.7 security, bug fix, and enhancement update rockylinuxdebianpython
CVE-2019-1003049 medium 5.5 4y ago Insufficient Session Expiration in Jenkins archjava
CVE-2019-1003050 medium 5.5 4y ago Improper Neutralization of Input During Web Page Generation in Jenkins archjava
CVE-2019-25051 medium 5.5 4y ago Moderate: aspell security update debianarchsuserockylinux
CVE-2019-19004 medium 5.5 5y ago Moderate: autotrace security update
CVE-2019-19005 medium 5.5 5y ago Moderate: autotrace security update
CVE-2019-17594 medium 5.5 5y ago Moderate: ncurses security update suserockylinuxdebian
CVE-2019-17595 medium 5.5 5y ago Moderate: ncurses security update suserockylinuxdebian
CVE-2019-13750 medium 5.5 5y ago Moderate: sqlite security update archdebianrockylinux
CVE-2019-5827 medium 5.5 5y ago Moderate: sqlite security update debianrockylinux
CVE-2019-13751 medium 5.5 5y ago Moderate: sqlite security update archdebianrockylinux
CVE-2019-19603 medium 5.5 5y ago Moderate: sqlite security update suserockylinuxdebian
CVE-2019-18218 medium 5.5 5y ago Moderate: file security update archsusedebianrockylinux
CVE-2019-14615 medium 5.5 5y ago Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via l… susedebian
CVE-2019-12973 medium 5.5 5y ago Moderate: openjpeg2 security update archsuserockylinuxdebian
CVE-2019-15845 medium 5.5 5y ago Moderate: ruby:2.5 security, bug fix, and enhancement update archsuserockylinuxdebian
CVE-2019-16201 medium 5.5 5y ago Moderate: ruby:2.6 security, bug fix, and enhancement update archsuserockylinuxdebian
CVE-2019-16254 medium 5.5 5y ago Moderate: ruby:2.6 security, bug fix, and enhancement update archsuserockylinuxdebian
CVE-2019-16255 medium 5.5 5y ago Moderate: ruby:2.6 security, bug fix, and enhancement update archsuserockylinuxdebian
CVE-2019-20916 medium 5.5 5y ago Moderate: python27:2.7 security update suserockylinuxdebianpython
CVE-2019-16168 medium 5.5 5y ago Moderate: mingw packages security and bug fix update rockylinuxsusedebian
CVE-2019-20839 medium 5.5 5y ago Moderate: libvncserver security update suserockylinuxdebian
CVE-2019-13012 medium 5.5 5y ago Moderate: GNOME security, bug fix, and enhancement update susedebianrockylinux
CVE-2019-9169 medium 5.5 5y ago Moderate: glibc security, bug fix, and enhancement update archsusedebianrockylinux
CVE-2019-25013 medium 5.5 5y ago Moderate: glibc security, bug fix, and enhancement update archsusedebianrockylinux
CVE-2019-20477 medium 5.5 5y ago Moderate: python38:3.8 security, bug fix, and enhancement update rockylinuxdebianpython
CVE-2019-13225 medium 5.5 6y ago Moderate: php:7.3 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-10097 medium 5.5 6y ago Moderate: httpd:2.4 security, bug fix, and enhancement update debiansuserockylinux
CVE-2019-10098 medium 5.5 6y ago Moderate: httpd:2.4 security, bug fix, and enhancement update debiansuserockylinux
CVE-2019-0197 medium 5.5 6y ago Moderate: httpd:2.4 security, bug fix, and enhancement update debianarchrockylinux
CVE-2019-10081 medium 5.5 6y ago Moderate: httpd:2.4 security, bug fix, and enhancement update debiansuserockylinux
CVE-2019-10092 medium 5.5 6y ago Moderate: httpd:2.4 security, bug fix, and enhancement update debiansuserockylinux
CVE-2019-0196 medium 5.5 6y ago Moderate: httpd:2.4 security, bug fix, and enhancement update debianarchsuserockylinux
CVE-2019-10082 medium 5.5 6y ago Moderate: httpd:2.4 security, bug fix, and enhancement update debiansuserockylinux
CVE-2019-12520 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-18677 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-12521 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update archsuserockylinuxdebian
CVE-2019-12529 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-12528 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-12854 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-18676 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-12526 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update archsuserockylinuxdebian
CVE-2019-12523 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-18678 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update archsuserockylinuxdebian
CVE-2019-12524 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-18860 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-18679 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update archsuserockylinuxdebian
CVE-2019-20446 medium 5.5 6y ago Moderate: librsvg2 security update suserockylinuxdebian
CVE-2019-3833 medium 5.5 6y ago Moderate: openwsman security update suserockylinux
CVE-2019-20485 medium 5.5 6y ago Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-6977 medium 5.5 6y ago Moderate: gd security update archsusedebianrockylinux
CVE-2019-20907 medium 5.5 6y ago Moderate: python38:3.8 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-17546 medium 5.5 6y ago tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, rela… susedebianrockylinux
CVE-2019-9232 medium 5.5 6y ago Moderate: libvpx security update suserockylinuxdebian