CVEs from 2019
Total
4,187
critical
critical 232
high
high 332
medium
medium 301
low
low 72
% Critical
5.5%
% with KEV
2.8%
% with exploit
2.9%
Top products
- u-boot 20
- nsauditor 1
- crypto 1
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2019-3881 | medium | — | 5.5 | 8y ago | Moderate: ruby:2.6 security, bug fix, and enhancement update | |
| CVE-2019-18345 | unknown | — | — | — | A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked… | |
| CVE-2019-15237 | unknown | — | — | — | Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks. | |
| CVE-2019-10740 | unknown | — | — | — | In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidde… | |
| CVE-2019-18900 | unknown | — | — | — | : Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store use… | |
| CVE-2019-1010043 | unknown | — | — | — | Quake3e < 5ed740d is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Argument string creation. | |
| CVE-2019-1010006 | unknown | — | — | — | Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. … | |
| CVE-2019-3467 | unknown | — | — | — | Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed p… | |
| CVE-2019-18347 | unknown | — | — | — | A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in… | |
| CVE-2019-18346 | unknown | — | — | — | A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the applicati… | |
| CVE-2019-17352 | unknown | — | — | 4y ago | JFinal file validation vulnerability | |
| CVE-2019-16558 | unknown | — | — | 4y ago | Improper Certificate Validation in Jenkins Spira Importer Plugin | |
| CVE-2019-16555 | unknown | — | — | 4y ago | Inefficient Regular Expression Complexity in Jenkins Build Failure Analyzer Plugin | |
| CVE-2019-16540 | unknown | — | — | 4y ago | Jenkins Support Core Plugin allowed users with Overall/Read permission to delete arbitrary files | |
| CVE-2019-15563 | unknown | — | — | 4y ago | OHDSI WebAPI vulnerable to SQL Injection | |
| CVE-2019-11405 | unknown | — | — | 4y ago | OpenAPI Tools OpenAPI Generator uses HTTP in various files | |
| CVE-2019-1003009 | unknown | — | — | 4y ago | Jenkins Active Directory Plugin Improper certificate validation with StartTLS | |
| CVE-2019-1003020 | unknown | — | — | 4y ago | Jenkins Kanboard Plugin vulnerable to Server-side request forgery (SSRF) | |
| CVE-2019-1003073 | unknown | — | — | 4y ago | Jenkins VS Team Services Continuous Deployment Plugin stores credentials in plain text | |
| CVE-2019-1003025 | unknown | — | — | 4y ago | Jenkins Cloud Foundry Plugin vulnerable to exposure of sensitive information | |
| CVE-2019-25050 | unknown | — | — | 5y ago | netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and… | |
| CVE-2019-10083 | unknown | — | — | 7y ago | Apache NiFi process group information disclosure | |
| CVE-2019-13235 | unknown | — | — | 7y ago | XSS in login form | |
| CVE-2019-17359 | unknown | — | — | 7y ago | Out-of-Memory Error in Bouncy Castle Crypto | |
| CVE-2019-17545 | unknown | — | — | 7y ago | GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. | |
| CVE-2019-0201 | unknown | — | — | 7y ago | Access control bypass in Apache ZooKeeper |