VIR Vulnerability Intelligence Relay

CVEs from 2019

4,015 normalized CVEs published or assigned in this year.

Total
4,015
critical
critical 232
high
high 332
medium
medium 301
low
low 72
% Critical
5.8%
% with KEV
2.9%
% with exploit
3.0%

Top vendors

Top products

  • u-boot 20
  • nsauditor 1
  • crypto 1

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2019-17567 medium 5.5 multiple issues in apache debianarchsuse
CVE-2019-12209 medium 5.5 Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks syml… archsusedebian
CVE-2019-25032 medium 5.5 Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Un… suserockylinuxdebian
CVE-2019-10209 medium 5.5 multiple issues in postgresql-libs, postgresql arch
CVE-2019-12210 medium 5.5 In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descr… archsusedebian
CVE-2019-10691 medium 5.5 The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username. archsusedebian
CVE-2019-11499 medium 5.5 In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message. archdebian
CVE-2019-13627 medium 5.5 Moderate: libgcrypt security, bug fix, and enhancement update archsusedebianrockylinux
CVE-2019-25041 medium 5.5 Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unboun… suserockylinuxdebian
CVE-2019-7150 medium 5.5 An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn dat… archsusedebian
CVE-2019-25039 medium 5.5 Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unboun… suserockylinuxdebian
CVE-2019-19480 medium 5.5 An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry. archdebian
CVE-2019-6290 medium 5.5 An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, be… archdebian
CVE-2019-6291 medium 5.5 An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself … archdebian
CVE-2019-25036 medium 5.5 Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound i… suserockylinuxdebian
CVE-2019-20388 medium 5.5 xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. archsusedebian
CVE-2019-13232 medium 5.5 Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue. archsusedebian
CVE-2019-5482 medium 5.5 Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. archsusedebian
CVE-2019-17185 medium 5.5 Moderate: freeradius:3.0 security and bug fix update susedebianrockylinux
CVE-2019-20807 medium 5.5 In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). suserockylinuxdebian
CVE-2019-11733 medium 5.5 When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the… archsusedebian
CVE-2019-19721 medium 5.5 An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted i… archdebian
CVE-2019-8397 medium 5.5 An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c. archsusedebian
CVE-2019-8398 medium 5.5 An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c. archsusedebian
CVE-2019-3459 medium 5.5 A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. archsusedebian
CVE-2019-25597 medium 5.5 5.5 2mo ago NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers …
CVE-2019-17543 medium 5.5 11mo ago Moderate: lz4 security update rockylinuxsusedebian
CVE-2019-19012 medium 5.5 1y ago Moderate: oniguruma security update rockylinuxdebian
CVE-2019-12900 medium 5.5 1y ago Moderate: bzip2 security update redhatdebianrockylinuxsuse
CVE-2019-25162 medium 5.5 2y ago Moderate: kernel-rt security and bug fix update redhatrockylinuxsusedebian
CVE-2019-13631 medium 5.5 2y ago Moderate: kernel-rt security and bug fix update suserockylinuxdebian
CVE-2019-15505 medium 5.5 2y ago Moderate: kernel-rt security and bug fix update rockylinuxsusedebian
CVE-2019-19204 medium 5.5 2y ago Moderate: php:7.3 security, bug fix, and enhancement update susedebianrockylinux
CVE-2019-19203 medium 5.5 2y ago Moderate: php:7.3 security, bug fix, and enhancement update susedebianrockylinux
CVE-2019-16163 medium 5.5 2y ago Moderate: php:7.3 security, bug fix, and enhancement update susedebianrockylinux
CVE-2019-13224 medium 5.5 2y ago Moderate: php:7.3 security, bug fix, and enhancement update susedebianrockylinux
CVE-2019-19499 medium 5.5 2y ago Moderate: grafana security, bug fix, and enhancement update susegolang
CVE-2019-14560 medium 5.5 3y ago Moderate: edk2 security, bug fix, and enhancement update archredhatsuse
CVE-2019-19921 medium 5.5 3y ago Moderate: container-tools:rhel8 security, bug fix, and enhancement update rockylinuxredhatdebiangolang
CVE-2019-25058 medium 5.5 3y ago An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future. redhatsuserockylinuxdebian
CVE-2019-14809 medium 5.5 4y ago Incorrect parsing validation in net/url archgolang
CVE-2019-6446 medium 5.5 4y ago Moderate: python27:2.7 security and bug fix update suserockylinuxpython
CVE-2019-17596 medium 5.5 4y ago Panic on invalid DSA public keys in crypto/dsa archsusegolang
CVE-2019-10383 medium 5.5 4y ago Improper Neutralization of Input During Web Page Generation in Jenkins archjava
CVE-2019-10384 medium 5.5 4y ago Cross-Site Request Forgery in Jenkins archjava
CVE-2019-6486 medium 5.5 4y ago Denial of service affecting P-521 and P-384 curves in crypto/elliptic archsusegolang
CVE-2019-11236 medium 5.5 4y ago Moderate: python27:2.7 security, bug fix, and enhancement update rockylinuxdebianpython
CVE-2019-1003049 medium 5.5 4y ago Insufficient Session Expiration in Jenkins archjava
CVE-2019-1003050 medium 5.5 4y ago Improper Neutralization of Input During Web Page Generation in Jenkins archjava
CVE-2019-25051 medium 5.5 4y ago Moderate: aspell security update debianarchsuserockylinux
CVE-2019-19004 medium 5.5 5y ago Moderate: autotrace security update
CVE-2019-19005 medium 5.5 5y ago Moderate: autotrace security update
CVE-2019-17594 medium 5.5 5y ago Moderate: ncurses security update suserockylinuxdebian
CVE-2019-17595 medium 5.5 5y ago Moderate: ncurses security update suserockylinuxdebian
CVE-2019-13750 medium 5.5 5y ago Moderate: sqlite security update archdebianrockylinux
CVE-2019-19603 medium 5.5 5y ago Moderate: sqlite security update suserockylinuxdebian
CVE-2019-5827 medium 5.5 5y ago Moderate: sqlite security update debianrockylinux
CVE-2019-13751 medium 5.5 5y ago Moderate: sqlite security update archdebianrockylinux
CVE-2019-18218 medium 5.5 5y ago Moderate: file security update archsusedebianrockylinux
CVE-2019-14615 medium 5.5 5y ago Moderate: kernel security, bug fix, and enhancement update susedebian
CVE-2019-12973 medium 5.5 5y ago Moderate: openjpeg2 security update archsuserockylinuxdebian
CVE-2019-15845 medium 5.5 5y ago Moderate: ruby:2.5 security, bug fix, and enhancement update archsuserockylinuxdebian
CVE-2019-16201 medium 5.5 5y ago Moderate: ruby:2.6 security, bug fix, and enhancement update archsuserockylinuxdebian
CVE-2019-16254 medium 5.5 5y ago Moderate: ruby:2.6 security, bug fix, and enhancement update archsuserockylinuxdebian
CVE-2019-16255 medium 5.5 5y ago Moderate: ruby:2.6 security, bug fix, and enhancement update archsuserockylinuxdebian
CVE-2019-20916 medium 5.5 5y ago Moderate: python27:2.7 security update suserockylinuxdebianpython
CVE-2019-16168 medium 5.5 5y ago Moderate: mingw packages security and bug fix update rockylinuxsusedebian
CVE-2019-20839 medium 5.5 5y ago Moderate: libvncserver security update suserockylinuxdebian
CVE-2019-13012 medium 5.5 5y ago Moderate: GNOME security, bug fix, and enhancement update susedebianrockylinux
CVE-2019-9169 medium 5.5 5y ago Moderate: glibc security, bug fix, and enhancement update archsusedebianrockylinux
CVE-2019-25013 medium 5.5 5y ago Moderate: glibc security, bug fix, and enhancement update archsusedebianrockylinux
CVE-2019-20477 medium 5.5 5y ago Moderate: python38:3.8 security, bug fix, and enhancement update rockylinuxdebianpython
CVE-2019-13225 medium 5.5 6y ago Moderate: php:7.3 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-10081 medium 5.5 6y ago Moderate: httpd:2.4 security, bug fix, and enhancement update debiansuserockylinux
CVE-2019-10097 medium 5.5 6y ago Moderate: httpd:2.4 security, bug fix, and enhancement update debiansuserockylinux
CVE-2019-10098 medium 5.5 6y ago Moderate: httpd:2.4 security, bug fix, and enhancement update debiansuserockylinux
CVE-2019-0197 medium 5.5 6y ago Moderate: httpd:2.4 security, bug fix, and enhancement update debianarchrockylinux
CVE-2019-10082 medium 5.5 6y ago Moderate: httpd:2.4 security, bug fix, and enhancement update debiansuserockylinux
CVE-2019-10092 medium 5.5 6y ago Moderate: httpd:2.4 security, bug fix, and enhancement update debiansuserockylinux
CVE-2019-0196 medium 5.5 6y ago Moderate: httpd:2.4 security, bug fix, and enhancement update debianarchsuserockylinux
CVE-2019-18676 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-18677 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-12854 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-12521 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update archsuserockylinuxdebian
CVE-2019-12523 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-12528 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-18679 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update archsuserockylinuxdebian
CVE-2019-12526 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update archsuserockylinuxdebian
CVE-2019-12529 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-12520 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-18678 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update archsuserockylinuxdebian
CVE-2019-18860 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-12524 medium 5.5 6y ago Moderate: squid:4 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-20446 medium 5.5 6y ago Moderate: librsvg2 security update suserockylinuxdebian
CVE-2019-3833 medium 5.5 6y ago Moderate: openwsman security update suserockylinux
CVE-2019-20485 medium 5.5 6y ago Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-6977 medium 5.5 6y ago Moderate: gd security update archsusedebianrockylinux
CVE-2019-20907 medium 5.5 6y ago Moderate: python38:3.8 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-17546 medium 5.5 6y ago tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, rela… susedebianrockylinux
CVE-2019-9232 medium 5.5 6y ago Moderate: libvpx security update suserockylinuxdebian