CVEs from 2019
Total
3,412
critical
critical 232
high
high 332
medium
medium 301
low
low 72
% Critical
6.8%
% with KEV
3.5%
% with exploit
3.5%
Top products
- u-boot 20
- nsauditor 1
- crypto 1
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2019-16927 | medium | — | 5.5 | — | Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. | |
| CVE-2019-19480 | medium | — | 5.5 | — | An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry. | |
| CVE-2019-8397 | medium | — | 5.5 | — | An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c. | |
| CVE-2019-6988 | medium | — | 5.5 | — | An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_… | |
| CVE-2019-14584 | medium | — | 5.5 | — | Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2019-8398 | medium | — | 5.5 | — | An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c. | |
| CVE-2019-17023 | medium | — | 5.5 | — | After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state,… | |
| CVE-2019-11494 | medium | — | 5.5 | — | In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command. | |
| CVE-2019-5481 | medium | — | 5.5 | — | Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. | |
| CVE-2019-25040 | medium | — | 5.5 | — | Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound in… | |
| CVE-2019-25037 | medium | — | 5.5 | — | Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulner… | |
| CVE-2019-25032 | medium | — | 5.5 | — | Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Un… | |
| CVE-2019-5718 | medium | — | 5.5 | — | In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check. | |
| CVE-2019-3832 | medium | — | 5.5 | — | It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this… | |
| CVE-2019-10146 | medium | — | 5.5 | — | Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update | |
| CVE-2019-7665 | medium | — | 5.5 | — | In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of s… | |
| CVE-2019-11756 | medium | — | 5.5 | — | Moderate: nss and nspr security, bug fix, and enhancement update | |
| CVE-2019-17006 | medium | — | 5.5 | — | In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the in… | |
| CVE-2019-6502 | medium | — | 5.5 | — | sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. | |
| CVE-2019-10179 | medium | — | 5.5 | — | Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update | |
| CVE-2019-13232 | medium | — | 5.5 | — | Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue. | |
| CVE-2019-20790 | medium | — | 5.5 | — | OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM fi… | |
| CVE-2019-19481 | medium | — | 5.5 | — | An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates. | |
| CVE-2019-15043 | medium | — | 5.5 | — | denial of service in grafana | |
| CVE-2019-10221 | medium | — | 5.5 | — | Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update | |
| CVE-2019-25597 | medium | 5.5 | 5.5 | 2mo ago | NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers … | |
| CVE-2019-17543 | medium | — | 5.5 | 11mo ago | Moderate: lz4 security update | |
| CVE-2019-19012 | medium | — | 5.5 | 1y ago | Moderate: oniguruma security update | |
| CVE-2019-12900 | medium | — | 5.5 | 1y ago | Moderate: bzip2 security update | |
| CVE-2019-25162 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device… | |
| CVE-2019-13631 | medium | — | 5.5 | 2y ago | In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation o… | |
| CVE-2019-15505 | medium | — | 5.5 | 2y ago | drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). | |
| CVE-2019-19203 | medium | — | 5.5 | 2y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |
| CVE-2019-19204 | medium | — | 5.5 | 2y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |
| CVE-2019-13224 | medium | — | 5.5 | 2y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |
| CVE-2019-16163 | medium | — | 5.5 | 2y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |
| CVE-2019-19499 | medium | — | 5.5 | 2y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2019-19921 | medium | — | 5.5 | 3y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |
| CVE-2019-14560 | medium | — | 5.5 | 3y ago | Moderate: edk2 security, bug fix, and enhancement update | |
| CVE-2019-25058 | medium | — | 5.5 | 3y ago | Moderate: usbguard security update | |
| CVE-2019-14809 | medium | — | 5.5 | 4y ago | Incorrect parsing validation in net/url | |
| CVE-2019-6446 | medium | — | 5.5 | 4y ago | Moderate: python27:2.7 security and bug fix update | |
| CVE-2019-17596 | medium | — | 5.5 | 4y ago | Panic on invalid DSA public keys in crypto/dsa | |
| CVE-2019-10383 | medium | — | 5.5 | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |
| CVE-2019-10384 | medium | — | 5.5 | 4y ago | Cross-Site Request Forgery in Jenkins | |
| CVE-2019-6486 | medium | — | 5.5 | 4y ago | Denial of service affecting P-521 and P-384 curves in crypto/elliptic | |
| CVE-2019-11236 | medium | — | 5.5 | 4y ago | Moderate: python27:2.7 security, bug fix, and enhancement update | |
| CVE-2019-1003049 | medium | — | 5.5 | 4y ago | Insufficient Session Expiration in Jenkins | |
| CVE-2019-1003050 | medium | — | 5.5 | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |
| CVE-2019-25051 | medium | — | 5.5 | 4y ago | Moderate: aspell security update | |
| CVE-2019-19004 | medium | — | 5.5 | 5y ago | Moderate: autotrace security update | |
| CVE-2019-19005 | medium | — | 5.5 | 5y ago | Moderate: autotrace security update | |
| CVE-2019-17594 | medium | — | 5.5 | 5y ago | Moderate: ncurses security update | |
| CVE-2019-17595 | medium | — | 5.5 | 5y ago | Moderate: ncurses security update | |
| CVE-2019-13751 | medium | — | 5.5 | 5y ago | Moderate: sqlite security update | |
| CVE-2019-13750 | medium | — | 5.5 | 5y ago | Moderate: sqlite security update | |
| CVE-2019-5827 | medium | — | 5.5 | 5y ago | Moderate: sqlite security update | |
| CVE-2019-19603 | medium | — | 5.5 | 5y ago | Moderate: sqlite security update | |
| CVE-2019-18218 | medium | — | 5.5 | 5y ago | Moderate: file security update | |
| CVE-2019-14615 | medium | — | 5.5 | 5y ago | Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via l… | |
| CVE-2019-12973 | medium | — | 5.5 | 5y ago | Moderate: openjpeg2 security update | |
| CVE-2019-15845 | medium | — | 5.5 | 5y ago | Moderate: ruby:2.5 security, bug fix, and enhancement update | |
| CVE-2019-16254 | medium | — | 5.5 | 5y ago | Moderate: ruby:2.6 security, bug fix, and enhancement update | |
| CVE-2019-16201 | medium | — | 5.5 | 5y ago | Moderate: ruby:2.6 security, bug fix, and enhancement update | |
| CVE-2019-16255 | medium | — | 5.5 | 5y ago | Moderate: ruby:2.6 security, bug fix, and enhancement update | |
| CVE-2019-20916 | medium | — | 5.5 | 5y ago | Moderate: python27:2.7 security update | |
| CVE-2019-16168 | medium | — | 5.5 | 5y ago | Moderate: mingw packages security and bug fix update | |
| CVE-2019-20839 | medium | — | 5.5 | 5y ago | Moderate: libvncserver security update | |
| CVE-2019-13012 | medium | — | 5.5 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2019-25013 | medium | — | 5.5 | 5y ago | Moderate: glibc security, bug fix, and enhancement update | |
| CVE-2019-9169 | medium | — | 5.5 | 5y ago | Moderate: glibc security, bug fix, and enhancement update | |
| CVE-2019-20477 | medium | — | 5.5 | 5y ago | Moderate: python38:3.8 security, bug fix, and enhancement update | |
| CVE-2019-13225 | medium | — | 5.5 | 6y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |
| CVE-2019-10082 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-0197 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-10092 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-0196 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-10097 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-10081 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-10098 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-18676 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-18678 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12523 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12524 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12521 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-18860 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12520 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12529 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12526 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-18677 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12528 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12854 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-18679 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-20446 | medium | — | 5.5 | 6y ago | Moderate: librsvg2 security update | |
| CVE-2019-3833 | medium | — | 5.5 | 6y ago | Moderate: openwsman security update | |
| CVE-2019-20485 | medium | — | 5.5 | 6y ago | Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update | |
| CVE-2019-6977 | medium | — | 5.5 | 6y ago | Moderate: gd security update | |
| CVE-2019-20907 | medium | — | 5.5 | 6y ago | Moderate: python38:3.8 security, bug fix, and enhancement update | |
| CVE-2019-17546 | medium | — | 5.5 | 6y ago | tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, rela… | |
| CVE-2019-2126 | medium | — | 5.5 | 6y ago | Moderate: libvpx security update |