CVEs from 2019
Total
3,246
critical
critical 232
high
high 336
medium
medium 309
low
low 71
% Critical
7.1%
% with KEV
3.6%
% with exploit
4.4%
Top products
- u-boot 20
- active_iq_unified_manager 7
- jdk 5
- weblogic_server 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
- libxslt 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-25041 | medium | — | 5.5 | — | Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unboun… | |||
| CVE-2019-25039 | medium | — | 5.5 | — | Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unboun… | |||
| CVE-2019-25036 | medium | — | 5.5 | — | Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound i… | |||
| CVE-2019-3459 | medium | — | 5.5 | — | A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. | |||
| CVE-2019-3460 | medium | — | 5.5 | — | A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. | |||
| CVE-2019-25035 | medium | — | 5.5 | — | Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation… | |||
| CVE-2019-16680 | medium | — | 5.5 | — | Moderate: file-roller security update | |||
| CVE-2019-7149 | medium | — | 5.5 | — | A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-servi… | |||
| CVE-2019-13627 | medium | — | 5.5 | — | Moderate: libgcrypt security, bug fix, and enhancement update | |||
| CVE-2019-7148 | medium | — | 5.5 | — | An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denia… | |||
| CVE-2019-7150 | medium | — | 5.5 | — | An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn dat… | |||
| CVE-2019-19918 | medium | — | 5.5 | — | arbitrary code execution in lout | |||
| CVE-2019-5481 | medium | — | 5.5 | — | Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. | |||
| CVE-2019-12420 | medium | — | 5.5 | — | In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publ… | |||
| CVE-2019-19480 | medium | — | 5.5 | — | An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry. | |||
| CVE-2019-25040 | medium | — | 5.5 | — | Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound in… | |||
| CVE-2019-14889 | medium | — | 5.5 | — | A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided… | |||
| CVE-2019-5719 | medium | — | 5.5 | — | In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data blo… | |||
| CVE-2019-5717 | medium | — | 5.5 | — | In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero. | |||
| CVE-2019-19481 | medium | — | 5.5 | — | An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates. | |||
| CVE-2019-11733 | medium | — | 5.5 | — | When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the… | |||
| CVE-2019-20807 | medium | — | 5.5 | — | In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). | |||
| CVE-2019-11494 | medium | — | 5.5 | — | In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command. | |||
| CVE-2019-16378 | medium | — | 5.5 | — | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be rel… | |||
| CVE-2019-16927 | medium | — | 5.5 | — | Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. | |||
| CVE-2019-8397 | medium | — | 5.5 | — | An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c. | |||
| CVE-2019-8398 | medium | — | 5.5 | — | An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c. | |||
| CVE-2019-25037 | medium | — | 5.5 | — | Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulner… | |||
| CVE-2019-25032 | medium | — | 5.5 | — | Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Un… | |||
| CVE-2019-20093 | medium | — | 5.5 | — | The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtrac… | |||
| CVE-2019-5716 | medium | — | 5.5 | — | In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. | |||
| CVE-2019-9687 | medium | — | 5.5 | — | PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. | |||
| CVE-2019-15946 | medium | — | 5.5 | — | OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. | |||
| CVE-2019-25034 | medium | — | 5.5 | — | Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be… | |||
| CVE-2019-25597 | medium | 5.5 | 5.5 | 2mo ago | NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers … | |||
| CVE-2019-17543 | medium | — | 5.5 | 11mo ago | Moderate: lz4 security update | |||
| CVE-2019-19012 | medium | — | 5.5 | 1y ago | Moderate: oniguruma security update | |||
| CVE-2019-12900 | medium | — | 5.5 | 1y ago | Moderate: bzip2 security update | |||
| CVE-2019-25162 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device… | |||
| CVE-2019-13631 | medium | — | 5.5 | 2y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2019-15505 | medium | — | 5.5 | 2y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2019-13224 | medium | — | 5.5 | 2y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |||
| CVE-2019-19204 | medium | — | 5.5 | 2y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |||
| CVE-2019-19203 | medium | — | 5.5 | 2y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |||
| CVE-2019-16163 | medium | — | 5.5 | 2y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |||
| CVE-2019-19499 | medium | — | 5.5 | 2y ago | Moderate: grafana security, bug fix, and enhancement update | |||
| CVE-2019-19921 | medium | — | 5.5 | 3y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |||
| CVE-2019-14560 | medium | — | 5.5 | 3y ago | Moderate: edk2 security, bug fix, and enhancement update | |||
| CVE-2019-25058 | medium | — | 5.5 | 3y ago | Moderate: usbguard security update | |||
| CVE-2019-14809 | medium | — | 5.5 | 4y ago | Incorrect parsing validation in net/url | |||
| CVE-2019-6446 | medium | — | 5.5 | 4y ago | Moderate: python27:2.7 security and bug fix update | |||
| CVE-2019-17596 | medium | — | 5.5 | 4y ago | Panic on invalid DSA public keys in crypto/dsa | |||
| CVE-2019-10384 | medium | — | 5.5 | 4y ago | Cross-Site Request Forgery in Jenkins | |||
| CVE-2019-10383 | medium | — | 5.5 | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2019-6486 | medium | — | 5.5 | 4y ago | Denial of service affecting P-521 and P-384 curves in crypto/elliptic | |||
| CVE-2019-11236 | medium | — | 5.5 | 4y ago | Moderate: python27:2.7 security, bug fix, and enhancement update | |||
| CVE-2019-1003050 | medium | — | 5.5 | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2019-1003049 | medium | — | 5.5 | 4y ago | Insufficient Session Expiration in Jenkins | |||
| CVE-2019-25051 | medium | — | 5.5 | 4y ago | Moderate: aspell security update | |||
| CVE-2019-19004 | medium | — | 5.5 | 5y ago | Moderate: autotrace security update | |||
| CVE-2019-19005 | medium | — | 5.5 | 5y ago | Moderate: autotrace security update | |||
| CVE-2019-17595 | medium | — | 5.5 | 5y ago | Moderate: ncurses security update | |||
| CVE-2019-17594 | medium | — | 5.5 | 5y ago | Moderate: ncurses security update | |||
| CVE-2019-5827 | medium | — | 5.5 | 5y ago | Moderate: sqlite security update | |||
| CVE-2019-13751 | medium | — | 5.5 | 5y ago | Moderate: sqlite security update | |||
| CVE-2019-13750 | medium | — | 5.5 | 5y ago | Moderate: sqlite security update | |||
| CVE-2019-19603 | medium | — | 5.5 | 5y ago | Moderate: sqlite security update | |||
| CVE-2019-18218 | medium | — | 5.5 | 5y ago | Moderate: file security update | |||
| CVE-2019-14615 | medium | — | 5.5 | 5y ago | Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via l… | |||
| CVE-2019-12973 | medium | — | 5.5 | 5y ago | Moderate: openjpeg2 security update | |||
| CVE-2019-15845 | medium | — | 5.5 | 5y ago | Moderate: ruby:2.5 security, bug fix, and enhancement update | |||
| CVE-2019-16255 | medium | — | 5.5 | 5y ago | Moderate: ruby:2.5 security, bug fix, and enhancement update | |||
| CVE-2019-16254 | medium | — | 5.5 | 5y ago | Moderate: ruby:2.5 security, bug fix, and enhancement update | |||
| CVE-2019-16201 | medium | — | 5.5 | 5y ago | Moderate: ruby:2.5 security, bug fix, and enhancement update | |||
| CVE-2019-20916 | medium | — | 5.5 | 5y ago | The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwr… | |||
| CVE-2019-20839 | medium | — | 5.5 | 5y ago | Moderate: libvncserver security update | |||
| CVE-2019-13012 | medium | — | 5.5 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2019-9169 | medium | — | 5.5 | 5y ago | Moderate: glibc security, bug fix, and enhancement update | |||
| CVE-2019-25013 | medium | — | 5.5 | 5y ago | Moderate: glibc security, bug fix, and enhancement update | |||
| CVE-2019-20477 | medium | — | 5.5 | 5y ago | Moderate: python38:3.8 security, bug fix, and enhancement update | |||
| CVE-2019-13225 | medium | — | 5.5 | 6y ago | Moderate: php:7.3 security, bug fix, and enhancement update | |||
| CVE-2019-10098 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |||
| CVE-2019-10081 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |||
| CVE-2019-10092 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |||
| CVE-2019-10097 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |||
| CVE-2019-0197 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |||
| CVE-2019-0196 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |||
| CVE-2019-10082 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |||
| CVE-2019-12521 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |||
| CVE-2019-18679 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |||
| CVE-2019-12528 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |||
| CVE-2019-12523 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |||
| CVE-2019-12529 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |||
| CVE-2019-18860 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |||
| CVE-2019-18678 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |||
| CVE-2019-12854 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |||
| CVE-2019-18677 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |||
| CVE-2019-18676 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |||
| CVE-2019-12520 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update | |||
| CVE-2019-12524 | medium | — | 5.5 | 6y ago | Moderate: squid:4 security, bug fix, and enhancement update |