CVEs from 2019
Total
3,286
critical
critical 204
high
high 479
medium
medium 471
low
low 94
% Critical
6.2%
% with KEV
3.6%
% with exploit
7.7%
Top products
- u-boot 20
- active_iq_unified_manager 7
- jdk 5
- weblogic_server 5
- oncommand_workflow_automation 5
- oncommand_insight 4
- codeready_linux_builder_eus 4
- libxslt 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-2774 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2624 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2687 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2695 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2757 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2631 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2634 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2738 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-10216 | high | — | 8.0 | 7y ago | RHSA-2019:2465: ghostscript security update (Important) | |||
| CVE-2019-10193 | high | — | 8.0 | 7y ago | RHSA-2019:2002: redis:5 security update (Important) | |||
| CVE-2019-10192 | high | — | 8.0 | 7y ago | RHSA-2019:2002: redis:5 security update (Important) | |||
| CVE-2019-10181 | high | — | 8.0 | 7y ago | RHSA-2019:2004: icedtea-web security update (Important) | |||
| CVE-2019-10185 | high | — | 8.0 | 7y ago | RHSA-2019:2004: icedtea-web security update (Important) | |||
| CVE-2019-10182 | high | — | 8.0 | 7y ago | RHSA-2019:2004: icedtea-web security update (Important) | |||
| CVE-2019-11085 | high | — | 8.0 | 7y ago | RHSA-2019:1971: kernel-rt security and bug fix update (Important) | |||
| CVE-2019-11811 | high | — | 8.0 | 7y ago | RHSA-2019:1971: kernel-rt security and bug fix update (Important) | |||
| CVE-2019-11810 | high | — | 8.0 | 7y ago | RHSA-2019:1971: kernel-rt security and bug fix update (Important) | |||
| CVE-2019-2786 | high | — | 8.0 | 7y ago | RHSA-2019:2590: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-2816 | high | — | 8.0 | 7y ago | RHSA-2019:2590: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-2762 | high | — | 8.0 | 7y ago | RHSA-2019:2590: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-2769 | high | — | 8.0 | 7y ago | RHSA-2019:2590: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-11356 | high | — | 8.0 | 7y ago | RHSA-2019:1771: cyrus-imapd security update (Important) | |||
| CVE-2019-11711 | high | — | 8.0 | 7y ago | RHSA-2019:1799: thunderbird security and bug fix update (Important) | |||
| CVE-2019-11712 | high | — | 8.0 | 7y ago | RHSA-2019:1799: thunderbird security and bug fix update (Important) | |||
| CVE-2019-11730 | high | — | 8.0 | 7y ago | RHSA-2019:1799: thunderbird security and bug fix update (Important) | |||
| CVE-2019-11717 | high | — | 8.0 | 7y ago | RHSA-2019:1799: thunderbird security and bug fix update (Important) | |||
| CVE-2019-11709 | high | — | 8.0 | 7y ago | RHSA-2019:1799: thunderbird security and bug fix update (Important) | |||
| CVE-2019-9811 | high | — | 8.0 | 7y ago | RHSA-2019:1799: thunderbird security and bug fix update (Important) | |||
| CVE-2019-11713 | high | — | 8.0 | 7y ago | RHSA-2019:1799: thunderbird security and bug fix update (Important) | |||
| CVE-2019-11715 | high | — | 8.0 | 7y ago | RHSA-2019:1799: thunderbird security and bug fix update (Important) | |||
| CVE-2019-6471 | high | — | 8.0 | 7y ago | RHSA-2019:1714: bind security update (Important) | |||
| CVE-2019-12384 | high | — | 8.0 | 7y ago | RHSA-2019:2720: pki-deps:10.6 security update (Important) | |||
| CVE-2019-12781 | high | — | 8.0 | 7y ago | An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT set… | |||
| CVE-2019-10161 | high | — | 8.0 | 7y ago | RHSA-2019:1580: virt:rhel security update (Important) | |||
| CVE-2019-10168 | high | — | 8.0 | 7y ago | RHSA-2019:1580: virt:rhel security update (Important) | |||
| CVE-2019-10167 | high | — | 8.0 | 7y ago | RHSA-2019:1580: virt:rhel security update (Important) | |||
| CVE-2019-10166 | high | — | 8.0 | 7y ago | RHSA-2019:1580: virt:rhel security update (Important) | |||
| CVE-2019-11477 | high | — | 8.0 | 7y ago | RHSA-2019:1480: kernel-rt security and bug fix update (Important) | |||
| CVE-2019-11478 | high | — | 8.0 | 7y ago | RHSA-2019:1480: kernel-rt security and bug fix update (Important) | |||
| CVE-2019-11479 | high | — | 8.0 | 7y ago | RHSA-2019:1480: kernel-rt security and bug fix update (Important) | |||
| CVE-2019-3885 | high | — | 8.0 | 7y ago | RHSA-2019:1279: pacemaker security and bug fix update (Important) | |||
| CVE-2019-10132 | high | — | 8.0 | 7y ago | RHSA-2019:1268: virt:rhel security update (Important) | |||
| CVE-2019-9820 | high | — | 8.0 | 7y ago | RHSA-2019:1308: thunderbird security update (Important) | |||
| CVE-2019-9797 | high | — | 8.0 | 7y ago | RHSA-2019:1308: thunderbird security update (Important) | |||
| CVE-2019-0757 | high | — | 8.0 | 7y ago | RHSA-2019:1259: dotnet security, bug fix, and enhancement update (Important) | |||
| CVE-2019-3856 | high | — | 8.0 | 7y ago | RHSA-2019:1175: virt:rhel security update (Important) | |||
| CVE-2019-3857 | high | — | 8.0 | 7y ago | RHSA-2019:1175: virt:rhel security update (Important) | |||
| CVE-2019-3855 | high | — | 8.0 | 7y ago | RHSA-2019:1175: virt:rhel security update (Important) | |||
| CVE-2019-3863 | high | — | 8.0 | 7y ago | RHSA-2019:1175: virt:rhel security update (Important) | |||
| CVE-2019-9003 | high | — | 8.0 | 7y ago | RHSA-2019:1167: kernel security and bug fix update (Important) | |||
| CVE-2019-11234 | high | — | 8.0 | 7y ago | RHSA-2019:1142: freeradius:3.0 security update (Important) | |||
| CVE-2019-10063 | high | — | 8.0 | 7y ago | RHSA-2019:1143: flatpak security update (Important) | |||
| CVE-2019-11235 | high | — | 8.0 | 7y ago | RHSA-2019:1142: freeradius:3.0 security update (Important) | |||
| CVE-2019-9636 | high | — | 8.0 | 7y ago | RHSA-2019:0997: python3 security update (Important) | |||
| CVE-2019-3878 | high | — | 8.0 | 7y ago | RHSA-2019:0985: mod_auth_mellon security update (Important) | |||
| CVE-2019-9796 | high | — | 8.0 | 7y ago | RHSA-2019:1144: thunderbird security update (Important) | |||
| CVE-2019-5953 | high | — | 8.0 | 7y ago | RHSA-2019:0983: wget security update (Important) | |||
| CVE-2019-9793 | high | — | 8.0 | 7y ago | RHSA-2019:1144: thunderbird security update (Important) | |||
| CVE-2019-9795 | high | — | 8.0 | 7y ago | RHSA-2019:1144: thunderbird security update (Important) | |||
| CVE-2019-9790 | high | — | 8.0 | 7y ago | RHSA-2019:1144: thunderbird security update (Important) | |||
| CVE-2019-9788 | high | — | 8.0 | 7y ago | RHSA-2019:1144: thunderbird security update (Important) | |||
| CVE-2019-0215 | high | — | 8.0 | 7y ago | RHSA-2019:0980: httpd:2.4 security update (Important) | |||
| CVE-2019-3816 | high | — | 8.0 | 7y ago | RHSA-2019:0972: openwsman security update (Important) | |||
| CVE-2019-3839 | high | — | 8.0 | 7y ago | RHSA-2019:0971: ghostscript security update (Important) | |||
| CVE-2019-3838 | high | — | 8.0 | 7y ago | RHSA-2019:0971: ghostscript security update (Important) | |||
| CVE-2019-3835 | high | — | 8.0 | 7y ago | RHSA-2019:0971: ghostscript security update (Important) | |||
| CVE-2019-10906 | high | — | 8.0 | 7y ago | RHSA-2019:1152: python-jinja2 security update (Important) | |||
| CVE-2019-8324 | high | — | 8.0 | 7y ago | RHSA-2019:1972: ruby:2.5 security update (Important) | |||
| CVE-2019-19378 | high | 7.8 | 7.8 | 7y ago | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c. | |||
| CVE-2019-13106 | high | 7.8 | 7.8 | 7y ago | Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. | |||
| CVE-2019-13104 | high | 7.8 | 7.8 | 7y ago | In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. | |||
| CVE-2019-18197 | high | 7.5 | 7.5 | 4y ago | RHSA-2020:4464: libxslt security update (Moderate) | |||
| CVE-2019-6857 | high | 7.5 | 7.5 | 7y ago | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) … | |||
| CVE-2019-6856 | high | 7.5 | 7.5 | 7y ago | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) … | |||
| CVE-2019-6852 | high | 7.5 | 7.5 | 7y ago | A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication mo… | |||
| CVE-2019-6829 | high | 7.5 | 7.5 | 7y ago | A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service… | |||
| CVE-2019-6819 | high | 7.5 | 7.5 | 7y ago | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the produ… | |||
| CVE-2019-10953 | high | 7.5 | 7.5 | 7y ago | ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due … | |||
| CVE-2019-13103 | high | 7.1 | 7.1 | 7y ago | A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwr… | |||
| CVE-2019-8720 | medium | — | 7.0 | 4y ago | RHSA-2020:4451: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-6109 | medium | 6.8 | 6.8 | 7y ago | RHSA-2019:3702: openssh security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-8341 | medium | — | 6.5 | — | An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then ret… | |||
| CVE-2019-15794 | medium | — | 6.5 | 5y ago | RHSA-2021:4356: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-16168 | medium | 6.5 | 6.5 | 5y ago | RHSA-2021:1968: mingw packages security and bug fix update (Moderate) | |||
| CVE-2019-3842 | medium | — | 6.5 | 5y ago | RHSA-2021:1611: systemd security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-10092 | medium | — | 6.5 | 6y ago | RHSA-2020:4751: httpd:2.4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-10098 | medium | — | 6.5 | 6y ago | RHSA-2020:4751: httpd:2.4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-6977 | medium | — | 6.5 | 6y ago | RHSA-2020:4659: gd security update (Moderate) | |||
| CVE-2019-8820 | medium | — | 6.5 | 6y ago | RHSA-2020:4451: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-3843 | medium | — | 6.5 | 6y ago | RHSA-2020:1794: systemd security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-9851 | medium | — | 6.5 | 6y ago | RHSA-2020:1598: libreoffice security and bug fix update (Moderate) | |||
| CVE-2019-3844 | medium | — | 6.5 | 6y ago | RHSA-2020:1794: systemd security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-11135 | medium | 6.5 | 6.5 | 6y ago | RHSA-2020:0339: kernel security and bug fix update (Important) | |||
| CVE-2019-8649 | medium | — | 6.5 | 7y ago | RHEA-2019:4262: webkit2gtk3 enhancement update (Moderate) | |||
| CVE-2019-8765 | medium | — | 6.5 | 7y ago | RHEA-2019:4262: webkit2gtk3 enhancement update (Moderate) | |||
| CVE-2019-6706 | medium | — | 6.5 | 7y ago | RHSA-2019:3706: lua security and bug fix update (Moderate) | |||
| CVE-2019-6111 | medium | — | 6.5 | 7y ago | RHSA-2019:3702: openssh security, bug fix, and enhancement update (Moderate) | |||
| CVE-2019-6129 | medium | 6.5 | 6.5 | 8y ago | png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer. | |||
| CVE-2019-25648 | medium | 6.2 | 6.2 | 2mo ago | MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field. A… | |||
| CVE-2019-11840 | medium | 5.9 | 5.9 | 7y ago | An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/… |