CVEs from 2019
Total
3,419
critical
critical 232
high
high 336
medium
medium 309
low
low 71
% Critical
6.8%
% with KEV
3.5%
% with exploit
3.5%
Top products
- u-boot 20
- active_iq_unified_manager 7
- jdk 5
- weblogic_server 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
- libxslt 4
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2019-8331 | medium | — | 5.5 | 7y ago | Bootstrap Vulnerable to Cross-Site Scripting | |
| CVE-2019-6975 | medium | — | 5.5 | 7y ago | Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() func… | |
| CVE-2019-3498 | medium | — | 5.5 | 8y ago | In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defa… | |
| CVE-2019-3881 | medium | — | 5.5 | 8y ago | Moderate: ruby:2.6 security, bug fix, and enhancement update | |
| CVE-2019-13118 | medium | 5.3 | 5.3 | 4y ago | In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, … | |
| CVE-2019-13117 | medium | 5.3 | 5.3 | 7y ago | In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte o… | |
| CVE-2019-7317 | medium | 5.3 | 5.3 | 7y ago | png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | |
| CVE-2019-16230 | medium | 4.7 | 4.7 | 7y ago | drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer stat… | |
| CVE-2019-15213 | medium | 4.6 | 4.6 | 7y ago | An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver. | |
| CVE-2019-8506 | low | — | 4.0 | 4y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-1543 | low | — | 2.5 | — | ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a vari… | |
| CVE-2019-7653 | low | — | 2.5 | — | The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in th… | |
| CVE-2019-7310 | low | — | 2.5 | — | In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash… | |
| CVE-2019-16167 | low | — | 2.5 | — | sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. | |
| CVE-2019-5882 | low | — | 2.5 | — | Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer. | |
| CVE-2019-20838 | low | — | 2.5 | 5y ago | Low: pcre security update | |
| CVE-2019-2215 | unknown | — | 2.5 | 5y ago | A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require… | |
| CVE-2019-17402 | low | — | 2.5 | 5y ago | Low: exiv2 security, bug fix, and enhancement update | |
| CVE-2019-2708 | low | — | 2.5 | 5y ago | Low: libdb security update | |
| CVE-2019-14494 | low | — | 2.5 | 6y ago | Low: poppler security update | |
| CVE-2019-15165 | low | — | 2.5 | 6y ago | Low: libpcap security, bug fix, and enhancement update | |
| CVE-2019-1010305 | low | — | 2.5 | 6y ago | Low: libmspack security and bug fix update | |
| CVE-2019-13045 | low | — | 2.5 | 6y ago | Low: irssi security update | |
| CVE-2019-1010317 | low | — | 2.5 | 6y ago | Low: wavpack security update | |
| CVE-2019-1010319 | low | — | 2.5 | 6y ago | Low: wavpack security update | |
| CVE-2019-1010315 | low | — | 2.5 | 6y ago | Low: wavpack security update | |
| CVE-2019-11498 | low | — | 2.5 | 6y ago | Low: wavpack security update | |
| CVE-2019-19118 | low | — | 2.5 | 7y ago | Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but ed… | |
| CVE-2019-8595 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8584 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8609 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-11070 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8536 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8686 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8735 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8672 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8586 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8677 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8558 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-11459 | low | — | 2.5 | 7y ago | The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to u… | |
| CVE-2019-8623 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8608 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8610 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8615 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8619 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8622 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8679 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8551 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8601 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8726 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8559 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8563 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8587 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-12795 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8607 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-6237 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8596 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-3820 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8535 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-6251 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8611 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8544 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8518 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8523 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8687 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8676 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8666 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8583 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8768 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8690 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8689 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8671 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8571 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8681 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8597 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8594 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8673 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8524 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-12155 | low | — | 2.5 | 7y ago | Low: virt:rhel security, bug fix, and enhancement update | |
| CVE-2019-9824 | low | — | 2.5 | 7y ago | Low: virt:rhel security, bug fix, and enhancement update | |
| CVE-2019-9755 | low | — | 2.5 | 7y ago | Low: virt:rhel security, bug fix, and enhancement update | |
| CVE-2019-1003030 | unknown | — | 1.5 | 4y ago | Sandbox bypass in Jenkins Pipeline: Groovy Plugin | |
| CVE-2019-1003029 | unknown | — | 1.5 | 4y ago | Sandbox bypass in Script Security Plugin | |
| CVE-2019-13272 | unknown | — | 1.5 | 5y ago | In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obta… | |
| CVE-2019-17558 | unknown | — | 1.5 | 6y ago | Improper Input Validation in Apache Solr | |
| CVE-2019-0193 | unknown | — | 1.5 | 7y ago | XML External Entity (XXE) Injection in Apache Solr | |
| CVE-2019-1999 | unknown | — | 1.0 | — | In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privi… | |
| CVE-2019-2025 | unknown | — | 1.0 | — | In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges n… | |
| CVE-2019-18810 | unknown | — | — | — | A memory leak in the komeda_wb_connector_add() function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (mem… | |
| CVE-2019-1010006 | unknown | — | — | — | Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. … | |
| CVE-2019-10740 | unknown | — | — | — | In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidde… | |
| CVE-2019-15237 | unknown | — | — | — | Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks. | |
| CVE-2019-12046 | unknown | — | — | — | LemonLDAP::NG -2.0.3 has Incorrect Access Control. | |
| CVE-2019-13031 | unknown | — | — | — | LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" r… | |
| CVE-2019-15941 | unknown | — | — | — | OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an… | |
| CVE-2019-0145 | unknown | — | — | — | Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. | |
| CVE-2019-0146 | unknown | — | — | — | Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access. | |
| CVE-2019-0136 | unknown | — | — | — | Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |
| CVE-2019-0147 | unknown | — | — | — | Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local acces… | |
| CVE-2019-0154 | unknown | — | — | — | Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold… |