VIR Vulnerability Intelligence Relay

CVEs from 2019

3,413 normalized CVEs published or assigned in this year.

Total
3,413
critical
critical 232
high
high 332
medium
medium 301
low
low 72
% Critical
6.8%
% with KEV
3.5%
% with exploit
3.5%

Top vendors

Top products

  • u-boot 20
  • nsauditor 1
  • crypto 1

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2019-2879 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2752 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2620 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2455 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2531 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2757 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2689 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2631 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2780 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2624 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2784 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2593 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2617 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2738 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2436 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2481 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2482 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2539 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2587 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2581 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2532 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2528 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2685 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2634 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2691 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2948 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-3003 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2606 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2969 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2533 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2635 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2644 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2623 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2686 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2688 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2693 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2625 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2626 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2529 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2534 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2535 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2607 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2589 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2774 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2785 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2815 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2819 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2580 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2681 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2530 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2596 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2584 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2683 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2420 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2810 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-12384 high 8.0 7y ago Deserialization of Untrusted Data in FasterXML jackson-databind debianrockylinuxjava
CVE-2019-12781 high 8.0 7y ago An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT set… archsusedebianpython
CVE-2019-9636 high 8.0 7y ago Important: python27:2.7 security update archsuserockylinuxdebian
CVE-2019-5736 high 8.0 7y ago Important: container-tools:rhel8 security and bug fix update archsuserockylinuxdebian
CVE-2019-10906 high 8.0 7y ago In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. susedebianrockylinuxpython
CVE-2019-8324 high 8.0 7y ago Important: ruby:2.5 security update susedebianrockylinuxruby
CVE-2019-13106 high 7.8 7.8 7y ago Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. susedebian
CVE-2019-13104 high 7.8 7.8 7y ago In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. susedebian
CVE-2019-13103 high 7.1 7.1 7y ago A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwr… susedebian
CVE-2019-8720 medium 7.0 4y ago Moderate: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-25648 medium 6.2 6.2 2mo ago MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field. A…
CVE-2019-11840 medium 5.9 5.9 7y ago An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/… debiangolang
CVE-2019-3842 medium 5.5 In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular config… suserockylinuxdebian
CVE-2019-7663 medium 5.5 An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote… archsusedebian
CVE-2019-3460 medium 5.5 A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. archsusedebian
CVE-2019-7665 medium 5.5 In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of s… archsusedebian
CVE-2019-17498 medium 5.5 In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a s… archsusedebian
CVE-2019-5716 medium 5.5 In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. archsusedebian
CVE-2019-5481 medium 5.5 Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. archsusedebian
CVE-2019-8398 medium 5.5 An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c. archsusedebian
CVE-2019-9687 medium 5.5 PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. archsusedebian
CVE-2019-25040 medium 5.5 Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound in… suserockylinuxdebian
CVE-2019-25037 medium 5.5 Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulner… suserockylinuxdebian
CVE-2019-16927 medium 5.5 Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. archsusedebian
CVE-2019-12210 medium 5.5 In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descr… archsusedebian
CVE-2019-17567 medium 5.5 multiple issues in apache debianarchsuse
CVE-2019-14833 medium 5.5 A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Sam… archsusedebian
CVE-2019-14847 medium 5.5 A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not po… archsusedebian
CVE-2019-10218 medium 5.5 A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the cl… archsusedebian
CVE-2019-14866 medium 5.5 Moderate: cpio security update susedebianrockylinux
CVE-2019-20388 medium 5.5 xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. archsusedebian
CVE-2019-12420 medium 5.5 In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publ… archsusedebian
CVE-2019-10179 medium 5.5 Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update debianrockylinux
CVE-2019-3459 medium 5.5 A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. archsusedebian
CVE-2019-15946 medium 5.5 OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. archsusedebian
CVE-2019-5718 medium 5.5 In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check. archsusedebian
CVE-2019-10208 medium 5.5 multiple issues in postgresql-libs, postgresql archsuse
CVE-2019-11494 medium 5.5 In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command. archdebian
CVE-2019-25032 medium 5.5 Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Un… suserockylinuxdebian
CVE-2019-15043 medium 5.5 denial of service in grafana archsuse
CVE-2019-19918 medium 5.5 arbitrary code execution in lout arch
CVE-2019-3832 medium 5.5 It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this… archdebian
CVE-2019-17185 medium 5.5 Moderate: freeradius:3.0 security and bug fix update susedebianrockylinux
CVE-2019-12209 medium 5.5 Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks syml… archsusedebian
CVE-2019-9199 medium 5.5 PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose bi… archsusedebian