CVEs from 2019
Total
3,413
critical
critical 232
high
high 332
medium
medium 301
low
low 72
% Critical
6.8%
% with KEV
3.5%
% with exploit
3.5%
Top products
- u-boot 20
- nsauditor 1
- crypto 1
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2019-7150 | medium | — | 5.5 | — | An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn dat… | |
| CVE-2019-6290 | medium | — | 5.5 | — | An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, be… | |
| CVE-2019-12210 | medium | — | 5.5 | — | In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descr… | |
| CVE-2019-14847 | medium | — | 5.5 | — | A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not po… | |
| CVE-2019-10218 | medium | — | 5.5 | — | A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the cl… | |
| CVE-2019-16378 | medium | — | 5.5 | — | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be rel… | |
| CVE-2019-12420 | medium | — | 5.5 | — | In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publ… | |
| CVE-2019-14889 | medium | — | 5.5 | — | A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided… | |
| CVE-2019-5719 | medium | — | 5.5 | — | In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data blo… | |
| CVE-2019-5717 | medium | — | 5.5 | — | In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero. | |
| CVE-2019-12209 | medium | — | 5.5 | — | Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks syml… | |
| CVE-2019-5716 | medium | — | 5.5 | — | In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. | |
| CVE-2019-5481 | medium | — | 5.5 | — | Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. | |
| CVE-2019-25040 | medium | — | 5.5 | — | Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound in… | |
| CVE-2019-25037 | medium | — | 5.5 | — | Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulner… | |
| CVE-2019-25032 | medium | — | 5.5 | — | Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Un… | |
| CVE-2019-19480 | medium | — | 5.5 | — | An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry. | |
| CVE-2019-10208 | medium | — | 5.5 | — | multiple issues in postgresql-libs, postgresql | |
| CVE-2019-13615 | medium | — | 5.5 | — | libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement. | |
| CVE-2019-7665 | medium | — | 5.5 | — | In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of s… | |
| CVE-2019-17567 | medium | — | 5.5 | — | multiple issues in apache | |
| CVE-2019-7149 | medium | — | 5.5 | — | A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-servi… | |
| CVE-2019-3807 | medium | — | 5.5 | — | An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properl… | |
| CVE-2019-3806 | medium | — | 5.5 | — | An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly… | |
| CVE-2019-15166 | medium | — | 5.5 | — | lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. | |
| CVE-2019-25597 | medium | 5.5 | 5.5 | 2mo ago | NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers … | |
| CVE-2019-17543 | medium | — | 5.5 | 11mo ago | Moderate: lz4 security update | |
| CVE-2019-19012 | medium | — | 5.5 | 1y ago | Moderate: oniguruma security update | |
| CVE-2019-12900 | medium | — | 5.5 | 1y ago | Moderate: bzip2 security update | |
| CVE-2019-25162 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device… | |
| CVE-2019-13631 | medium | — | 5.5 | 2y ago | In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation o… | |
| CVE-2019-15505 | medium | — | 5.5 | 2y ago | drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). | |
| CVE-2019-19204 | medium | — | 5.5 | 2y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |
| CVE-2019-13224 | medium | — | 5.5 | 2y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |
| CVE-2019-16163 | medium | — | 5.5 | 2y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |
| CVE-2019-19203 | medium | — | 5.5 | 2y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |
| CVE-2019-19499 | medium | — | 5.5 | 2y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2019-14560 | medium | — | 5.5 | 3y ago | Moderate: edk2 security, bug fix, and enhancement update | |
| CVE-2019-19921 | medium | — | 5.5 | 3y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |
| CVE-2019-25058 | medium | — | 5.5 | 3y ago | An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future. | |
| CVE-2019-14809 | medium | — | 5.5 | 4y ago | Incorrect parsing validation in net/url | |
| CVE-2019-6446 | medium | — | 5.5 | 4y ago | Moderate: python27:2.7 security and bug fix update | |
| CVE-2019-17596 | medium | — | 5.5 | 4y ago | Panic on invalid DSA public keys in crypto/dsa | |
| CVE-2019-10383 | medium | — | 5.5 | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |
| CVE-2019-10384 | medium | — | 5.5 | 4y ago | Cross-Site Request Forgery in Jenkins | |
| CVE-2019-6486 | medium | — | 5.5 | 4y ago | Denial of service affecting P-521 and P-384 curves in crypto/elliptic | |
| CVE-2019-11236 | medium | — | 5.5 | 4y ago | Moderate: python27:2.7 security, bug fix, and enhancement update | |
| CVE-2019-1003049 | medium | — | 5.5 | 4y ago | Insufficient Session Expiration in Jenkins | |
| CVE-2019-1003050 | medium | — | 5.5 | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |
| CVE-2019-25051 | medium | — | 5.5 | 4y ago | Moderate: aspell security update | |
| CVE-2019-19005 | medium | — | 5.5 | 5y ago | Moderate: autotrace security update | |
| CVE-2019-19004 | medium | — | 5.5 | 5y ago | Moderate: autotrace security update | |
| CVE-2019-17595 | medium | — | 5.5 | 5y ago | Moderate: ncurses security update | |
| CVE-2019-17594 | medium | — | 5.5 | 5y ago | Moderate: ncurses security update | |
| CVE-2019-13750 | medium | — | 5.5 | 5y ago | Moderate: sqlite security update | |
| CVE-2019-13751 | medium | — | 5.5 | 5y ago | Moderate: sqlite security update | |
| CVE-2019-19603 | medium | — | 5.5 | 5y ago | Moderate: sqlite security update | |
| CVE-2019-5827 | medium | — | 5.5 | 5y ago | Moderate: sqlite security update | |
| CVE-2019-18218 | medium | — | 5.5 | 5y ago | Moderate: file security update | |
| CVE-2019-14615 | medium | — | 5.5 | 5y ago | Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via l… | |
| CVE-2019-12973 | medium | — | 5.5 | 5y ago | Moderate: openjpeg2 security update | |
| CVE-2019-15845 | medium | — | 5.5 | 5y ago | Moderate: ruby:2.5 security, bug fix, and enhancement update | |
| CVE-2019-16254 | medium | — | 5.5 | 5y ago | Moderate: ruby:2.6 security, bug fix, and enhancement update | |
| CVE-2019-16255 | medium | — | 5.5 | 5y ago | Moderate: ruby:2.6 security, bug fix, and enhancement update | |
| CVE-2019-16201 | medium | — | 5.5 | 5y ago | Moderate: ruby:2.6 security, bug fix, and enhancement update | |
| CVE-2019-20916 | medium | — | 5.5 | 5y ago | Moderate: python27:2.7 security update | |
| CVE-2019-16168 | medium | — | 5.5 | 5y ago | Moderate: mingw packages security and bug fix update | |
| CVE-2019-20839 | medium | — | 5.5 | 5y ago | Moderate: libvncserver security update | |
| CVE-2019-13012 | medium | — | 5.5 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2019-25013 | medium | — | 5.5 | 5y ago | Moderate: glibc security, bug fix, and enhancement update | |
| CVE-2019-9169 | medium | — | 5.5 | 5y ago | Moderate: glibc security, bug fix, and enhancement update | |
| CVE-2019-20477 | medium | — | 5.5 | 5y ago | Moderate: python38:3.8 security, bug fix, and enhancement update | |
| CVE-2019-13225 | medium | — | 5.5 | 6y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |
| CVE-2019-0196 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-10097 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-10092 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-10098 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-10082 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-0197 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-10081 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-12526 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12854 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-18677 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-18679 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12524 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12520 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-18676 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-18678 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-18860 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12521 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12528 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12523 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12529 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-20446 | medium | — | 5.5 | 6y ago | Moderate: librsvg2 security update | |
| CVE-2019-3833 | medium | — | 5.5 | 6y ago | Moderate: openwsman security update | |
| CVE-2019-20485 | medium | — | 5.5 | 6y ago | Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update | |
| CVE-2019-6977 | medium | — | 5.5 | 6y ago | Moderate: gd security update | |
| CVE-2019-20907 | medium | — | 5.5 | 6y ago | Moderate: python38:3.8 security, bug fix, and enhancement update | |
| CVE-2019-17546 | medium | — | 5.5 | 6y ago | tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, rela… | |
| CVE-2019-9433 | medium | — | 5.5 | 6y ago | Moderate: libvpx security update |