CVEs from 2019
Total
3,412
critical
critical 232
high
high 332
medium
medium 301
low
low 72
% Critical
6.8%
% with KEV
3.5%
% with exploit
3.5%
Top products
- u-boot 20
- nsauditor 1
- crypto 1
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2019-7149 | medium | — | 5.5 | — | A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-servi… | |
| CVE-2019-17498 | medium | — | 5.5 | — | In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a s… | |
| CVE-2019-8341 | medium | — | 5.5 | — | An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then ret… | |
| CVE-2019-3842 | medium | — | 5.5 | — | In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular config… | |
| CVE-2019-15946 | medium | — | 5.5 | — | OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. | |
| CVE-2019-7663 | medium | — | 5.5 | — | An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote… | |
| CVE-2019-13232 | medium | — | 5.5 | — | Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue. | |
| CVE-2019-20790 | medium | — | 5.5 | — | OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM fi… | |
| CVE-2019-6128 | medium | — | 5.5 | — | The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. | |
| CVE-2019-17006 | medium | — | 5.5 | — | In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the in… | |
| CVE-2019-16680 | medium | — | 5.5 | — | Moderate: file-roller security update | |
| CVE-2019-7664 | medium | — | 5.5 | — | In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial… | |
| CVE-2019-6475 | medium | — | 5.5 | — | Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to D… | |
| CVE-2019-7150 | medium | — | 5.5 | — | An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn dat… | |
| CVE-2019-12210 | medium | — | 5.5 | — | In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descr… | |
| CVE-2019-14847 | medium | — | 5.5 | — | A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not po… | |
| CVE-2019-14889 | medium | — | 5.5 | — | A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided… | |
| CVE-2019-12209 | medium | — | 5.5 | — | Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks syml… | |
| CVE-2019-17567 | medium | — | 5.5 | — | multiple issues in apache | |
| CVE-2019-15892 | medium | — | 5.5 | — | An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests… | |
| CVE-2019-5482 | medium | — | 5.5 | — | Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. | |
| CVE-2019-25042 | medium | — | 5.5 | — | Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound … | |
| CVE-2019-13627 | medium | — | 5.5 | — | Moderate: libgcrypt security, bug fix, and enhancement update | |
| CVE-2019-17023 | medium | — | 5.5 | — | After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state,… | |
| CVE-2019-6988 | medium | — | 5.5 | — | An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_… | |
| CVE-2019-25597 | medium | 5.5 | 5.5 | 2mo ago | NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers … | |
| CVE-2019-17543 | medium | — | 5.5 | 11mo ago | Moderate: lz4 security update | |
| CVE-2019-19012 | medium | — | 5.5 | 1y ago | Moderate: oniguruma security update | |
| CVE-2019-12900 | medium | — | 5.5 | 1y ago | Moderate: bzip2 security update | |
| CVE-2019-25162 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device… | |
| CVE-2019-15505 | medium | — | 5.5 | 2y ago | drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). | |
| CVE-2019-13631 | medium | — | 5.5 | 2y ago | In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation o… | |
| CVE-2019-19203 | medium | — | 5.5 | 2y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |
| CVE-2019-13224 | medium | — | 5.5 | 2y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |
| CVE-2019-19204 | medium | — | 5.5 | 2y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |
| CVE-2019-16163 | medium | — | 5.5 | 2y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |
| CVE-2019-19499 | medium | — | 5.5 | 2y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2019-19921 | medium | — | 5.5 | 3y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |
| CVE-2019-14560 | medium | — | 5.5 | 3y ago | Moderate: edk2 security, bug fix, and enhancement update | |
| CVE-2019-25058 | medium | — | 5.5 | 3y ago | Moderate: usbguard security update | |
| CVE-2019-14809 | medium | — | 5.5 | 4y ago | Incorrect parsing validation in net/url | |
| CVE-2019-6446 | medium | — | 5.5 | 4y ago | Moderate: python27:2.7 security and bug fix update | |
| CVE-2019-17596 | medium | — | 5.5 | 4y ago | Panic on invalid DSA public keys in crypto/dsa | |
| CVE-2019-10384 | medium | — | 5.5 | 4y ago | Cross-Site Request Forgery in Jenkins | |
| CVE-2019-10383 | medium | — | 5.5 | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |
| CVE-2019-6486 | medium | — | 5.5 | 4y ago | Denial of service affecting P-521 and P-384 curves in crypto/elliptic | |
| CVE-2019-11236 | medium | — | 5.5 | 4y ago | Moderate: python27:2.7 security, bug fix, and enhancement update | |
| CVE-2019-1003049 | medium | — | 5.5 | 4y ago | Insufficient Session Expiration in Jenkins | |
| CVE-2019-1003050 | medium | — | 5.5 | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |
| CVE-2019-25051 | medium | — | 5.5 | 4y ago | Moderate: aspell security update | |
| CVE-2019-19004 | medium | — | 5.5 | 5y ago | Moderate: autotrace security update | |
| CVE-2019-19005 | medium | — | 5.5 | 5y ago | Moderate: autotrace security update | |
| CVE-2019-17594 | medium | — | 5.5 | 5y ago | Moderate: ncurses security update | |
| CVE-2019-17595 | medium | — | 5.5 | 5y ago | Moderate: ncurses security update | |
| CVE-2019-19603 | medium | — | 5.5 | 5y ago | Moderate: sqlite security update | |
| CVE-2019-13751 | medium | — | 5.5 | 5y ago | Moderate: sqlite security update | |
| CVE-2019-13750 | medium | — | 5.5 | 5y ago | Moderate: sqlite security update | |
| CVE-2019-5827 | medium | — | 5.5 | 5y ago | Moderate: sqlite security update | |
| CVE-2019-18218 | medium | — | 5.5 | 5y ago | Moderate: file security update | |
| CVE-2019-14615 | medium | — | 5.5 | 5y ago | Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via l… | |
| CVE-2019-12973 | medium | — | 5.5 | 5y ago | Moderate: openjpeg2 security update | |
| CVE-2019-15845 | medium | — | 5.5 | 5y ago | Moderate: ruby:2.5 security, bug fix, and enhancement update | |
| CVE-2019-16254 | medium | — | 5.5 | 5y ago | Moderate: ruby:2.6 security, bug fix, and enhancement update | |
| CVE-2019-16255 | medium | — | 5.5 | 5y ago | Moderate: ruby:2.6 security, bug fix, and enhancement update | |
| CVE-2019-16201 | medium | — | 5.5 | 5y ago | Moderate: ruby:2.6 security, bug fix, and enhancement update | |
| CVE-2019-20916 | medium | — | 5.5 | 5y ago | Moderate: python27:2.7 security update | |
| CVE-2019-16168 | medium | — | 5.5 | 5y ago | Moderate: mingw packages security and bug fix update | |
| CVE-2019-20839 | medium | — | 5.5 | 5y ago | Moderate: libvncserver security update | |
| CVE-2019-13012 | medium | — | 5.5 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2019-25013 | medium | — | 5.5 | 5y ago | Moderate: glibc security, bug fix, and enhancement update | |
| CVE-2019-9169 | medium | — | 5.5 | 5y ago | Moderate: glibc security, bug fix, and enhancement update | |
| CVE-2019-20477 | medium | — | 5.5 | 5y ago | Moderate: python38:3.8 security, bug fix, and enhancement update | |
| CVE-2019-13225 | medium | — | 5.5 | 6y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |
| CVE-2019-0197 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-10092 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-10097 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-10082 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-0196 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-10098 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-10081 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-18678 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12524 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-18860 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-18676 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-18679 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12854 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12529 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12523 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12520 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12526 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12528 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-18677 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12521 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-20446 | medium | — | 5.5 | 6y ago | Moderate: librsvg2 security update | |
| CVE-2019-3833 | medium | — | 5.5 | 6y ago | Moderate: openwsman security update | |
| CVE-2019-20485 | medium | — | 5.5 | 6y ago | Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update | |
| CVE-2019-6977 | medium | — | 5.5 | 6y ago | Moderate: gd security update | |
| CVE-2019-20907 | medium | — | 5.5 | 6y ago | Moderate: python38:3.8 security, bug fix, and enhancement update | |
| CVE-2019-17546 | medium | — | 5.5 | 6y ago | tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, rela… | |
| CVE-2019-2126 | medium | — | 5.5 | 6y ago | Moderate: libvpx security update |