VIR Vulnerability Intelligence Relay

CVEs from 2019

3,413 normalized CVEs published or assigned in this year.

Total
3,413
critical
critical 232
high
high 332
medium
medium 301
low
low 72
% Critical
6.8%
% with KEV
3.5%
% with exploit
3.5%

Top vendors

Top products

  • u-boot 20
  • nsauditor 1
  • crypto 1

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2019-2687 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2455 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2689 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2531 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2950 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2830 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2826 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2808 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2814 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2802 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2801 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2796 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2534 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2798 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2803 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2481 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2482 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2539 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2530 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2593 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2535 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2533 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2607 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2685 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2795 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2797 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2636 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2686 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2596 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-3003 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2800 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2434 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2969 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2815 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2528 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2819 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2785 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2580 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2755 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2631 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2694 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2695 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2681 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2624 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2774 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2617 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2589 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2502 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2486 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2495 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2592 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2948 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2606 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2634 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2691 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-12384 high 8.0 7y ago Deserialization of Untrusted Data in FasterXML jackson-databind debianrockylinuxjava
CVE-2019-12781 high 8.0 7y ago An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT set… archsusedebianpython
CVE-2019-9636 high 8.0 7y ago Important: python27:2.7 security update archsuserockylinuxdebian
CVE-2019-5736 high 8.0 7y ago Important: container-tools:rhel8 security and bug fix update archsuserockylinuxdebian
CVE-2019-10906 high 8.0 7y ago In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. susedebianrockylinuxpython
CVE-2019-8324 high 8.0 7y ago Important: ruby:2.5 security update susedebianrockylinuxruby
CVE-2019-13106 high 7.8 7.8 7y ago Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. susedebian
CVE-2019-13104 high 7.8 7.8 7y ago In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. susedebian
CVE-2019-13103 high 7.1 7.1 7y ago A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwr… susedebian
CVE-2019-8720 medium 7.0 4y ago Moderate: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-25648 medium 6.2 6.2 2mo ago MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field. A…
CVE-2019-11840 medium 5.9 5.9 7y ago An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/… debiangolang
CVE-2019-25032 medium 5.5 Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Un… suserockylinuxdebian
CVE-2019-6988 medium 5.5 An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_… archdebian
CVE-2019-6475 medium 5.5 Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to D… debianarchsuse
CVE-2019-15892 medium 5.5 An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests… rockylinuxdebian
CVE-2019-18281 medium 5.5 An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an a… rockylinuxdebian
CVE-2019-7663 medium 5.5 An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote… archsusedebian
CVE-2019-13232 medium 5.5 Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue. archsusedebian
CVE-2019-19917 medium 5.5 arbitrary code execution in lout arch
CVE-2019-20637 medium 5.5 An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next re… rockylinuxdebian
CVE-2019-11756 medium 5.5 Moderate: nss and nspr security, bug fix, and enhancement update archdebianrockylinux
CVE-2019-10179 medium 5.5 Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update debianrockylinux
CVE-2019-3832 medium 5.5 It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this… archdebian
CVE-2019-7664 medium 5.5 In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial… archsusedebian
CVE-2019-25040 medium 5.5 Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound in… suserockylinuxdebian
CVE-2019-6291 medium 5.5 An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself … archdebian
CVE-2019-25037 medium 5.5 Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulner… suserockylinuxdebian
CVE-2019-12209 medium 5.5 Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks syml… archsusedebian
CVE-2019-15043 medium 5.5 denial of service in grafana archsuse
CVE-2019-3806 medium 5.5 An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly… archdebian
CVE-2019-3807 medium 5.5 An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properl… archdebian
CVE-2019-19481 medium 5.5 An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates. archsusedebian
CVE-2019-3842 medium 5.5 In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular config… suserockylinuxdebian
CVE-2019-15946 medium 5.5 OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. archsusedebian
CVE-2019-5716 medium 5.5 In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. archsusedebian
CVE-2019-5481 medium 5.5 Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. archsusedebian
CVE-2019-7149 medium 5.5 A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-servi… archdebian
CVE-2019-7150 medium 5.5 An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn dat… archsusedebian
CVE-2019-25042 medium 5.5 Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound … suserockylinuxdebian
CVE-2019-17567 medium 5.5 multiple issues in apache debianarchsuse
CVE-2019-19918 medium 5.5 arbitrary code execution in lout arch
CVE-2019-9199 medium 5.5 PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose bi… archsusedebian
CVE-2019-20093 medium 5.5 The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtrac… archsusedebian
CVE-2019-16927 medium 5.5 Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. archsusedebian