VIR Vulnerability Intelligence Relay

CVEs from 2019

4,015 normalized CVEs published or assigned in this year.

Total
4,015
critical
critical 232
high
high 332
medium
medium 301
low
low 72
% Critical
5.8%
% with KEV
2.9%
% with exploit
3.0%

Top vendors

Top products

  • u-boot 20
  • nsauditor 1
  • crypto 1

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2019-2757 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2607 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2580 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2626 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2624 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2796 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2950 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2620 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2798 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2774 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2533 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2584 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2507 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2535 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2785 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2539 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2481 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2694 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2695 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2531 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2819 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2593 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2592 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2815 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2482 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2534 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2503 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2581 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2830 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2532 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2617 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2589 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2969 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2486 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2528 high 8.0 7y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2691 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2634 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2502 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2811 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2879 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2810 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2789 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2752 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2778 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2780 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2802 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2812 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2420 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2434 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2834 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2495 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2784 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-2494 high 8.0 7y ago Important: mysql:8.0 security update rockylinux
CVE-2019-2685 high 8.0 7y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2800 high 8.0 7y ago Important: mysql:8.0 security update rockylinuxalmalinux
CVE-2019-12384 high 8.0 7y ago Important: pki-deps:10.6 security update debianrockylinuxjava
CVE-2019-12781 high 8.0 7y ago An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT set… archsusedebianpython
CVE-2019-9636 high 8.0 7y ago Important: python27:2.7 security update archsuserockylinuxdebian
CVE-2019-5736 high 8.0 7y ago Important: container-tools:rhel8 security and bug fix update archsuserockylinuxdebian
CVE-2019-10906 high 8.0 7y ago In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. susedebianrockylinuxpython
CVE-2019-8324 high 8.0 7y ago Important: ruby:2.5 security update susedebianrockylinuxruby
CVE-2019-13106 high 7.8 7.8 7y ago Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. susedebian
CVE-2019-13104 high 7.8 7.8 7y ago In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. susedebian
CVE-2019-13103 high 7.1 7.1 7y ago A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwr… susedebian
CVE-2019-8720 medium 7.0 4y ago Moderate: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-25648 medium 6.2 6.2 2mo ago MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field. A…
CVE-2019-11840 medium 5.9 5.9 7y ago An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/… debiangolang
CVE-2019-3806 medium 5.5 An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly… archdebian
CVE-2019-10691 medium 5.5 The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username. archsusedebian
CVE-2019-9687 medium 5.5 PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. archsusedebian
CVE-2019-11499 medium 5.5 In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message. archdebian
CVE-2019-14584 medium 5.5 Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access. archsusedebian
CVE-2019-25042 medium 5.5 Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound … suserockylinuxdebian
CVE-2019-10208 medium 5.5 multiple issues in postgresql-libs, postgresql archsuse
CVE-2019-3807 medium 5.5 An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properl… archdebian
CVE-2019-19480 medium 5.5 An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry. archdebian
CVE-2019-7664 medium 5.5 In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial… archsusedebian
CVE-2019-18281 medium 5.5 An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an a… rockylinuxdebian
CVE-2019-9199 medium 5.5 PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose bi… archsusedebian
CVE-2019-17498 medium 5.5 In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a s… archsusedebian
CVE-2019-10179 medium 5.5 Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update debianrockylinux
CVE-2019-10221 medium 5.5 Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update debianrockylinux
CVE-2019-7148 medium 5.5 An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denia… archdebian
CVE-2019-13627 medium 5.5 Moderate: libgcrypt security, bug fix, and enhancement update archsusedebianrockylinux
CVE-2019-16927 medium 5.5 Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. archsusedebian
CVE-2019-7665 medium 5.5 In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of s… archsusedebian
CVE-2019-6290 medium 5.5 An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, be… archdebian
CVE-2019-6291 medium 5.5 An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself … archdebian
CVE-2019-3842 medium 5.5 In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular config… suserockylinuxdebian
CVE-2019-11494 medium 5.5 In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command. archdebian
CVE-2019-10723 medium 5.5 An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated. archsusedebian
CVE-2019-17567 medium 5.5 multiple issues in apache debianarchsuse
CVE-2019-20637 medium 5.5 An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next re… rockylinuxdebian
CVE-2019-15892 medium 5.5 An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests… rockylinuxdebian
CVE-2019-7663 medium 5.5 An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote… archsusedebian
CVE-2019-6476 medium 5.5 A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.… debianarchsuse
CVE-2019-3459 medium 5.5 A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. archsusedebian
CVE-2019-5718 medium 5.5 In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check. archsusedebian
CVE-2019-15946 medium 5.5 OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. archsusedebian
CVE-2019-25040 medium 5.5 Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound in… suserockylinuxdebian