VIR Vulnerability Intelligence Relay

CVEs from 2019

3,413 normalized CVEs published or assigned in this year.

Total
3,413
critical
critical 232
high
high 332
medium
medium 301
low
low 72
% Critical
6.8%
% with KEV
3.5%
% with exploit
3.5%

Top vendors

Top products

  • u-boot 20
  • nsauditor 1
  • crypto 1

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2019-2810 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2738 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2789 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2620 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2536 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2695 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2694 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2631 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2532 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2528 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2755 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2634 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2691 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2948 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2969 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2494 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2533 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2635 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2644 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2686 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2688 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2693 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2625 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2626 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2683 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2531 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2580 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2630 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2757 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2780 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2784 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2811 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2797 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2795 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2803 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2798 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2681 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2796 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2530 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2814 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2752 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2778 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2420 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2950 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2808 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2826 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2812 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2819 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2815 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2785 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2502 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2486 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2495 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2434 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2800 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-12384 high 8.0 7y ago Deserialization of Untrusted Data in FasterXML jackson-databind debianrockylinuxjava
CVE-2019-12781 high 8.0 7y ago An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT set… archsusedebianpython
CVE-2019-9636 high 8.0 7y ago Important: python27:2.7 security update archsuserockylinuxdebian
CVE-2019-5736 high 8.0 7y ago Important: container-tools:rhel8 security and bug fix update archsuserockylinuxdebian
CVE-2019-10906 high 8.0 7y ago In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. susedebianrockylinuxpython
CVE-2019-8324 high 8.0 7y ago Important: ruby:2.5 security update susedebianrockylinuxruby
CVE-2019-13106 high 7.8 7.8 7y ago Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. susedebian
CVE-2019-13104 high 7.8 7.8 7y ago In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. susedebian
CVE-2019-13103 high 7.1 7.1 7y ago A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwr… susedebian
CVE-2019-8720 medium 7.0 4y ago Moderate: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-25648 medium 6.2 6.2 2mo ago MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field. A…
CVE-2019-11840 medium 5.9 5.9 7y ago An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/… debiangolang
CVE-2019-25039 medium 5.5 Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unboun… suserockylinuxdebian
CVE-2019-10146 medium 5.5 Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update debianrockylinux
CVE-2019-13615 medium 5.5 libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement. archdebian
CVE-2019-25034 medium 5.5 Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be… suserockylinuxdebian
CVE-2019-17023 medium 5.5 After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state,… archdebianrockylinux
CVE-2019-3459 medium 5.5 A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. archsusedebian
CVE-2019-3460 medium 5.5 A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. archsusedebian
CVE-2019-6988 medium 5.5 An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_… archdebian
CVE-2019-13627 medium 5.5 Moderate: libgcrypt security, bug fix, and enhancement update archsusedebianrockylinux
CVE-2019-10691 medium 5.5 The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username. archsusedebian
CVE-2019-11499 medium 5.5 In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message. archdebian
CVE-2019-25042 medium 5.5 Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound … suserockylinuxdebian
CVE-2019-17567 medium 5.5 multiple issues in apache debianarchsuse
CVE-2019-20807 medium 5.5 In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). suserockylinuxdebian
CVE-2019-19721 medium 5.5 An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted i… archdebian
CVE-2019-14866 medium 5.5 Moderate: cpio security update susedebianrockylinux
CVE-2019-20388 medium 5.5 xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. archsusedebian
CVE-2019-19918 medium 5.5 arbitrary code execution in lout arch
CVE-2019-10208 medium 5.5 multiple issues in postgresql-libs, postgresql archsuse
CVE-2019-17185 medium 5.5 Moderate: freeradius:3.0 security and bug fix update susedebianrockylinux
CVE-2019-25037 medium 5.5 Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulner… suserockylinuxdebian
CVE-2019-25040 medium 5.5 Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound in… suserockylinuxdebian
CVE-2019-5716 medium 5.5 In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. archsusedebian
CVE-2019-19481 medium 5.5 An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates. archsusedebian
CVE-2019-12420 medium 5.5 In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publ… archsusedebian
CVE-2019-12210 medium 5.5 In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descr… archsusedebian
CVE-2019-9199 medium 5.5 PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose bi… archsusedebian
CVE-2019-7150 medium 5.5 An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn dat… archsusedebian
CVE-2019-7664 medium 5.5 In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial… archsusedebian
CVE-2019-16680 medium 5.5 Moderate: file-roller security update susedebianrockylinux
CVE-2019-14584 medium 5.5 Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access. archsusedebian
CVE-2019-19479 medium 5.5 An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. archsusedebian
CVE-2019-25035 medium 5.5 Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation… suserockylinuxdebian