CVEs from 2019
Total
3,419
critical
critical 232
high
high 336
medium
medium 309
low
low 71
% Critical
6.8%
% with KEV
3.5%
% with exploit
3.5%
Top products
- u-boot 20
- active_iq_unified_manager 7
- jdk 5
- weblogic_server 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
- libxslt 4
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2019-16378 | medium | — | 5.5 | — | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be rel… | |
| CVE-2019-10218 | medium | — | 5.5 | — | A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the cl… | |
| CVE-2019-14847 | medium | — | 5.5 | — | A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not po… | |
| CVE-2019-9199 | medium | — | 5.5 | — | PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose bi… | |
| CVE-2019-18281 | medium | — | 5.5 | — | An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an a… | |
| CVE-2019-10723 | medium | — | 5.5 | — | An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated. | |
| CVE-2019-10146 | medium | — | 5.5 | — | Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update | |
| CVE-2019-11494 | medium | — | 5.5 | — | In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command. | |
| CVE-2019-7149 | medium | — | 5.5 | — | A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-servi… | |
| CVE-2019-3832 | medium | — | 5.5 | — | It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this… | |
| CVE-2019-8397 | medium | — | 5.5 | — | An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c. | |
| CVE-2019-8398 | medium | — | 5.5 | — | An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c. | |
| CVE-2019-20790 | medium | — | 5.5 | — | OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM fi… | |
| CVE-2019-17185 | medium | — | 5.5 | — | Moderate: freeradius:3.0 security and bug fix update | |
| CVE-2019-3842 | medium | — | 5.5 | — | In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular config… | |
| CVE-2019-6290 | medium | — | 5.5 | — | An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, be… | |
| CVE-2019-15892 | medium | — | 5.5 | — | An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests… | |
| CVE-2019-19918 | medium | — | 5.5 | — | arbitrary code execution in lout | |
| CVE-2019-6291 | medium | — | 5.5 | — | An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself … | |
| CVE-2019-13615 | medium | — | 5.5 | — | libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement. | |
| CVE-2019-17567 | medium | — | 5.5 | — | multiple issues in apache | |
| CVE-2019-16927 | medium | — | 5.5 | — | Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. | |
| CVE-2019-15718 | medium | — | 5.5 | — | access restriction bypass in systemd | |
| CVE-2019-12420 | medium | — | 5.5 | — | In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publ… | |
| CVE-2019-7663 | medium | — | 5.5 | — | An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote… | |
| CVE-2019-7150 | medium | — | 5.5 | — | An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn dat… | |
| CVE-2019-19479 | medium | — | 5.5 | — | An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. | |
| CVE-2019-6128 | medium | — | 5.5 | — | The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. | |
| CVE-2019-25038 | medium | — | 5.5 | — | Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Un… | |
| CVE-2019-17498 | medium | — | 5.5 | — | In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a s… | |
| CVE-2019-25597 | medium | 5.5 | 5.5 | 2mo ago | NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers … | |
| CVE-2019-17543 | medium | — | 5.5 | 11mo ago | Moderate: lz4 security update | |
| CVE-2019-19012 | medium | — | 5.5 | 1y ago | Moderate: oniguruma security update | |
| CVE-2019-12900 | medium | — | 5.5 | 1y ago | Moderate: bzip2 security update | |
| CVE-2019-25162 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device… | |
| CVE-2019-13631 | medium | — | 5.5 | 2y ago | In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation o… | |
| CVE-2019-15505 | medium | — | 5.5 | 2y ago | drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). | |
| CVE-2019-19203 | medium | — | 5.5 | 2y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |
| CVE-2019-13224 | medium | — | 5.5 | 2y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |
| CVE-2019-16163 | medium | — | 5.5 | 2y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |
| CVE-2019-19204 | medium | — | 5.5 | 2y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |
| CVE-2019-19499 | medium | — | 5.5 | 2y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2019-19921 | medium | — | 5.5 | 3y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |
| CVE-2019-14560 | medium | — | 5.5 | 3y ago | Moderate: edk2 security, bug fix, and enhancement update | |
| CVE-2019-25058 | medium | — | 5.5 | 3y ago | Moderate: usbguard security update | |
| CVE-2019-14809 | medium | — | 5.5 | 4y ago | Incorrect parsing validation in net/url | |
| CVE-2019-6446 | medium | — | 5.5 | 4y ago | Moderate: python27:2.7 security and bug fix update | |
| CVE-2019-17596 | medium | — | 5.5 | 4y ago | Panic on invalid DSA public keys in crypto/dsa | |
| CVE-2019-10384 | medium | — | 5.5 | 4y ago | Cross-Site Request Forgery in Jenkins | |
| CVE-2019-10383 | medium | — | 5.5 | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |
| CVE-2019-6486 | medium | — | 5.5 | 4y ago | Denial of service affecting P-521 and P-384 curves in crypto/elliptic | |
| CVE-2019-11236 | medium | — | 5.5 | 4y ago | Moderate: python27:2.7 security, bug fix, and enhancement update | |
| CVE-2019-1003050 | medium | — | 5.5 | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |
| CVE-2019-1003049 | medium | — | 5.5 | 4y ago | Insufficient Session Expiration in Jenkins | |
| CVE-2019-25051 | medium | — | 5.5 | 4y ago | Moderate: aspell security update | |
| CVE-2019-19004 | medium | — | 5.5 | 5y ago | Moderate: autotrace security update | |
| CVE-2019-19005 | medium | — | 5.5 | 5y ago | Moderate: autotrace security update | |
| CVE-2019-17594 | medium | — | 5.5 | 5y ago | Moderate: ncurses security update | |
| CVE-2019-17595 | medium | — | 5.5 | 5y ago | Moderate: ncurses security update | |
| CVE-2019-19603 | medium | — | 5.5 | 5y ago | Moderate: sqlite security update | |
| CVE-2019-13750 | medium | — | 5.5 | 5y ago | Moderate: sqlite security update | |
| CVE-2019-13751 | medium | — | 5.5 | 5y ago | Moderate: sqlite security update | |
| CVE-2019-5827 | medium | — | 5.5 | 5y ago | Moderate: sqlite security update | |
| CVE-2019-18218 | medium | — | 5.5 | 5y ago | Moderate: file security update | |
| CVE-2019-14615 | medium | — | 5.5 | 5y ago | Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via l… | |
| CVE-2019-12973 | medium | — | 5.5 | 5y ago | Moderate: openjpeg2 security update | |
| CVE-2019-15845 | medium | — | 5.5 | 5y ago | Moderate: ruby:2.5 security, bug fix, and enhancement update | |
| CVE-2019-16201 | medium | — | 5.5 | 5y ago | Moderate: ruby:2.6 security, bug fix, and enhancement update | |
| CVE-2019-16255 | medium | — | 5.5 | 5y ago | Moderate: ruby:2.6 security, bug fix, and enhancement update | |
| CVE-2019-16254 | medium | — | 5.5 | 5y ago | Moderate: ruby:2.6 security, bug fix, and enhancement update | |
| CVE-2019-20916 | medium | — | 5.5 | 5y ago | Moderate: python27:2.7 security update | |
| CVE-2019-20839 | medium | — | 5.5 | 5y ago | Moderate: libvncserver security update | |
| CVE-2019-13012 | medium | — | 5.5 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2019-25013 | medium | — | 5.5 | 5y ago | Moderate: glibc security, bug fix, and enhancement update | |
| CVE-2019-9169 | medium | — | 5.5 | 5y ago | Moderate: glibc security, bug fix, and enhancement update | |
| CVE-2019-20477 | medium | — | 5.5 | 5y ago | Moderate: python38:3.8 security, bug fix, and enhancement update | |
| CVE-2019-13225 | medium | — | 5.5 | 6y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |
| CVE-2019-10097 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-10082 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-10098 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-10092 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-0196 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-0197 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-10081 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |
| CVE-2019-12854 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-18860 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12526 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-18679 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12520 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-18677 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12521 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12524 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12523 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12528 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-12529 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-18678 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-18676 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |
| CVE-2019-20446 | medium | — | 5.5 | 6y ago | Moderate: librsvg2 security update | |
| CVE-2019-3833 | medium | — | 5.5 | 6y ago | Moderate: openwsman security update | |
| CVE-2019-20485 | medium | — | 5.5 | 6y ago | Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update |