VIR Vulnerability Intelligence Relay

CVEs from 2019

3,413 normalized CVEs published or assigned in this year.

Total
3,413
critical
critical 232
high
high 332
medium
medium 301
low
low 72
% Critical
6.8%
% with KEV
3.5%
% with exploit
3.5%

Top vendors

Top products

  • u-boot 20
  • nsauditor 1
  • crypto 1

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2019-2685 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2532 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2738 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2950 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2481 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2482 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2834 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2539 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2830 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2826 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2814 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2802 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2801 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2630 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2757 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2780 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2784 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2811 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2797 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2795 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2803 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2584 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2808 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2812 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2631 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2948 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2755 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2531 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2607 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2535 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2691 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2534 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2681 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2503 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2634 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2624 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2592 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2606 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-3003 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2436 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2636 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2434 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2495 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2486 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2502 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2589 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2617 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2774 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2785 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2815 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2819 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2695 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2694 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2969 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2689 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-12384 high 8.0 7y ago Deserialization of Untrusted Data in FasterXML jackson-databind debianrockylinuxjava
CVE-2019-12781 high 8.0 7y ago An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT set… archsusedebianpython
CVE-2019-9636 high 8.0 7y ago Important: python27:2.7 security update archsuserockylinuxdebian
CVE-2019-5736 high 8.0 7y ago Important: container-tools:rhel8 security and bug fix update archsuserockylinuxdebian
CVE-2019-10906 high 8.0 7y ago In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. susedebianrockylinuxpython
CVE-2019-8324 high 8.0 7y ago Important: ruby:2.5 security update susedebianrockylinuxruby
CVE-2019-13106 high 7.8 7.8 7y ago Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. susedebian
CVE-2019-13104 high 7.8 7.8 7y ago In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. susedebian
CVE-2019-13103 high 7.1 7.1 7y ago A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwr… susedebian
CVE-2019-8720 medium 7.0 4y ago Moderate: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-25648 medium 6.2 6.2 2mo ago MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field. A…
CVE-2019-11840 medium 5.9 5.9 7y ago An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/… debiangolang
CVE-2019-5719 medium 5.5 In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data blo… archsusedebian
CVE-2019-7665 medium 5.5 In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of s… archsusedebian
CVE-2019-15043 medium 5.5 denial of service in grafana archsuse
CVE-2019-17185 medium 5.5 Moderate: freeradius:3.0 security and bug fix update susedebianrockylinux
CVE-2019-19721 medium 5.5 An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted i… archdebian
CVE-2019-8397 medium 5.5 An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c. archsusedebian
CVE-2019-8398 medium 5.5 An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c. archsusedebian
CVE-2019-14889 medium 5.5 A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided… suserockylinuxdebian
CVE-2019-10723 medium 5.5 An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated. archsusedebian
CVE-2019-20093 medium 5.5 The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtrac… archsusedebian
CVE-2019-5716 medium 5.5 In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. archsusedebian
CVE-2019-5717 medium 5.5 In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero. archsusedebian
CVE-2019-11756 medium 5.5 Moderate: nss and nspr security, bug fix, and enhancement update archdebianrockylinux
CVE-2019-25040 medium 5.5 Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound in… suserockylinuxdebian
CVE-2019-6291 medium 5.5 An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself … archdebian
CVE-2019-5482 medium 5.5 Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. archsusedebian
CVE-2019-17023 medium 5.5 After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state,… archdebianrockylinux
CVE-2019-9687 medium 5.5 PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. archsusedebian
CVE-2019-14866 medium 5.5 Moderate: cpio security update susedebianrockylinux
CVE-2019-19481 medium 5.5 An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates. archsusedebian
CVE-2019-25037 medium 5.5 Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulner… suserockylinuxdebian
CVE-2019-7149 medium 5.5 A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-servi… archdebian
CVE-2019-10218 medium 5.5 A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the cl… archsusedebian
CVE-2019-12210 medium 5.5 In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descr… archsusedebian
CVE-2019-7664 medium 5.5 In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial… archsusedebian
CVE-2019-25035 medium 5.5 Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation… suserockylinuxdebian
CVE-2019-25036 medium 5.5 Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound i… suserockylinuxdebian
CVE-2019-25039 medium 5.5 Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unboun… suserockylinuxdebian
CVE-2019-25041 medium 5.5 Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unboun… suserockylinuxdebian
CVE-2019-15945 medium 5.5 OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. archsusedebian
CVE-2019-25032 medium 5.5 Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Un… suserockylinuxdebian
CVE-2019-8341 medium 5.5 An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then ret… archsusedebian
CVE-2019-10146 medium 5.5 Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update debianrockylinux