CVEs from 2019
Total
3,250
critical
critical 232
high
high 340
medium
medium 309
low
low 71
% Critical
7.1%
% with KEV
3.6%
% with exploit
4.4%
Top products
- u-boot 20
- active_iq_unified_manager 7
- jdk 5
- weblogic_server 5
- oncommand_workflow_automation 5
- oncommand_insight 4
- codeready_linux_builder_eus 4
- libxslt 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-20421 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2019-13109 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2019-13112 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2019-9143 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2019-13113 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2019-13111 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2019-18874 | medium | — | 5.5 | 6y ago | Moderate: python-psutil security update | |||
| CVE-2019-20330 | medium | — | 5.5 | 6y ago | Deserialization of Untrusted Data in jackson-databind | |||
| CVE-2019-17531 | medium | — | 5.5 | 7y ago | jackson-databind polymorphic typing issue | |||
| CVE-2019-16943 | medium | — | 5.5 | 7y ago | jackson-databind polymorphic typing issue | |||
| CVE-2019-6706 | medium | — | 5.5 | 7y ago | Moderate: lua security and bug fix update | |||
| CVE-2019-13345 | medium | — | 5.5 | 7y ago | Moderate: squid:4 security and bug fix update | |||
| CVE-2019-9947 | medium | — | 5.5 | 7y ago | Moderate: python27:2.7 security and bug fix update | |||
| CVE-2019-9740 | medium | — | 5.5 | 7y ago | Moderate: python27:2.7 security and bug fix update | |||
| CVE-2019-9948 | medium | — | 5.5 | 7y ago | Moderate: python27:2.7 security and bug fix update | |||
| CVE-2019-16942 | medium | — | 5.5 | 7y ago | Polymorphic Typing in FasterXML jackson-databind | |||
| CVE-2019-16335 | medium | — | 5.5 | 7y ago | Polymorphic Typing issue in FasterXML jackson-databind | |||
| CVE-2019-14540 | medium | — | 5.5 | 7y ago | Polymorphic Typing issue in FasterXML jackson-databind | |||
| CVE-2019-6978 | medium | — | 5.5 | 7y ago | Moderate: gd security update | |||
| CVE-2019-10747 | medium | — | 5.5 | 7y ago | Moderate: nodejs:12 security update | |||
| CVE-2019-10746 | medium | — | 5.5 | 7y ago | Moderate: nodejs:12 security update | |||
| CVE-2019-14234 | medium | — | 5.5 | 7y ago | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.… | |||
| CVE-2019-2739 | medium | — | 5.5 | 7y ago | Moderate: mariadb:10.3 security and bug fix update | |||
| CVE-2019-2627 | medium | — | 5.5 | 7y ago | Moderate: mariadb:10.3 security and bug fix update | |||
| CVE-2019-2805 | medium | — | 5.5 | 7y ago | Moderate: mariadb:10.3 security and bug fix update | |||
| CVE-2019-2628 | medium | — | 5.5 | 7y ago | Moderate: mariadb:10.3 security and bug fix update | |||
| CVE-2019-2614 | medium | — | 5.5 | 7y ago | Moderate: mariadb:10.3 security and bug fix update | |||
| CVE-2019-2740 | medium | — | 5.5 | 7y ago | Moderate: mariadb:10.3 security and bug fix update | |||
| CVE-2019-2758 | medium | — | 5.5 | 7y ago | Moderate: mariadb:10.3 security and bug fix update | |||
| CVE-2019-2737 | medium | — | 5.5 | 7y ago | Moderate: mariadb:10.3 security and bug fix update | |||
| CVE-2019-2537 | medium | — | 5.5 | 7y ago | Moderate: mariadb:10.3 security and bug fix update | |||
| CVE-2019-14233 | medium | — | 5.5 | 7y ago | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremel… | |||
| CVE-2019-14235 | medium | — | 5.5 | 7y ago | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage… | |||
| CVE-2019-14232 | medium | — | 5.5 | 7y ago | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, … | |||
| CVE-2019-13114 | medium | — | 5.5 | 7y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2019-12308 | medium | — | 5.5 | 7y ago | An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without… | |||
| CVE-2019-11324 | medium | — | 5.5 | 7y ago | Moderate: python27:2.7 security, bug fix, and enhancement update | |||
| CVE-2019-11358 | medium | — | 5.5 | 7y ago | Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update | |||
| CVE-2019-7164 | medium | — | 5.5 | 7y ago | Moderate: python36:3.6 security update | |||
| CVE-2019-7548 | medium | — | 5.5 | 7y ago | Moderate: python36:3.6 security update | |||
| CVE-2019-8331 | medium | — | 5.5 | 7y ago | Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update | |||
| CVE-2019-6975 | medium | — | 5.5 | 7y ago | Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() func… | |||
| CVE-2019-3498 | medium | — | 5.5 | 8y ago | In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defa… | |||
| CVE-2019-3881 | medium | — | 5.5 | 8y ago | Moderate: ruby:2.6 security, bug fix, and enhancement update | |||
| CVE-2019-13118 | medium | 5.3 | 5.3 | 4y ago | In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, … | |||
| CVE-2019-13117 | medium | 5.3 | 5.3 | 7y ago | In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte o… | |||
| CVE-2019-7317 | medium | 5.3 | 5.3 | 7y ago | png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | |||
| CVE-2019-16230 | medium | 4.7 | 4.7 | 7y ago | drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer stat… | |||
| CVE-2019-15213 | medium | 4.6 | 4.6 | 7y ago | An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver. |