VIR Vulnerability Intelligence Relay

CVEs from 2019

3,417 normalized CVEs published or assigned in this year.

Total
3,417
critical
critical 232
high
high 334
medium
medium 309
low
low 71
% Critical
6.8%
% with KEV
3.5%
% with exploit
3.5%

Top vendors

Top products

  • u-boot 20
  • active_iq_unified_manager 7
  • jdk 5
  • weblogic_server 5
  • oncommand_workflow_automation 5
  • codeready_linux_builder_eus 4
  • oncommand_insight 4
  • libxslt 4

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2019-11039 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-11040 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-19246 medium 5.5 6y ago Moderate: php:7.3 security, bug fix, and enhancement update susedebianrockylinux
CVE-2019-11047 medium 5.5 6y ago Moderate: php:7.3 security, bug fix, and enhancement update suserockylinux
CVE-2019-20479 medium 5.5 6y ago Moderate: mod_auth_openidc:2.3 security and bug fix update susedebianrockylinux
CVE-2019-14857 medium 5.5 6y ago Moderate: mod_auth_openidc:2.3 security and bug fix update susedebianrockylinux
CVE-2019-14822 medium 5.5 6y ago Moderate: ibus and glib2 security and bug fix update susedebian
CVE-2019-13636 medium 5.5 6y ago Moderate: patch security and bug fix update suserockylinuxdebian
CVE-2019-12448 medium 5.5 6y ago Moderate: GNOME security, bug fix, and enhancement update archdebianrockylinux
CVE-2019-12447 medium 5.5 6y ago Moderate: GNOME security, bug fix, and enhancement update archdebianrockylinux
CVE-2019-3825 medium 5.5 6y ago Moderate: GNOME security, bug fix, and enhancement update archsusedebianrockylinux
CVE-2019-12449 medium 5.5 6y ago Moderate: GNOME security, bug fix, and enhancement update archdebianrockylinux
CVE-2019-11035 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-9023 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-9020 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-9021 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-9024 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-11034 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-9639 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-11036 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-9637 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-9022 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-9640 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-9638 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-16935 medium 5.5 6y ago Moderate: python27:2.7 security, bug fix, and enhancement update susedebianrockylinux
CVE-2019-16056 medium 5.5 6y ago Moderate: python27:2.7 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-13109 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2019-9143 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2019-13113 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2019-13112 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2019-20421 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2019-13111 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2019-18874 medium 5.5 6y ago Moderate: python-psutil security update suserockylinuxdebianpython
CVE-2019-20330 medium 5.5 6y ago Deserialization of Untrusted Data in jackson-databind susedebianrockylinuxjava
CVE-2019-17531 medium 5.5 7y ago jackson-databind polymorphic typing issue debianrockylinuxjava
CVE-2019-16943 medium 5.5 7y ago jackson-databind polymorphic typing issue susedebianrockylinuxjava
CVE-2019-6706 medium 5.5 7y ago Moderate: lua security and bug fix update suserockylinuxdebian
CVE-2019-13345 medium 5.5 7y ago Moderate: squid:4 security and bug fix update suserockylinuxdebian
CVE-2019-9947 medium 5.5 7y ago Moderate: python27:2.7 security and bug fix update suserockylinuxdebian
CVE-2019-9740 medium 5.5 7y ago Moderate: python27:2.7 security and bug fix update suserockylinuxdebian
CVE-2019-9948 medium 5.5 7y ago Moderate: python27:2.7 security and bug fix update suserockylinuxdebian
CVE-2019-16942 medium 5.5 7y ago Polymorphic Typing in FasterXML jackson-databind debianrockylinuxjava
CVE-2019-16335 medium 5.5 7y ago Polymorphic Typing issue in FasterXML jackson-databind debianrockylinuxjava
CVE-2019-14540 medium 5.5 7y ago Polymorphic Typing issue in FasterXML jackson-databind susedebianrockylinuxjava
CVE-2019-6978 medium 5.5 7y ago Moderate: gd security update archsusedebianrockylinux
CVE-2019-10747 medium 5.5 7y ago Moderate: nodejs:12 security update rockylinuxdebiannpm
CVE-2019-10746 medium 5.5 7y ago Moderate: nodejs:12 security update rockylinuxdebiannpm
CVE-2019-14234 medium 5.5 7y ago An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.… archsusedebianpython
CVE-2019-2805 medium 5.5 7y ago Moderate: mariadb:10.3 security and bug fix update suserockylinuxalmalinux
CVE-2019-2737 medium 5.5 7y ago Moderate: mariadb:10.3 security and bug fix update rockylinuxalmalinux
CVE-2019-2758 medium 5.5 7y ago Moderate: mariadb:10.3 security and bug fix update suserockylinuxalmalinux
CVE-2019-2537 medium 5.5 7y ago Moderate: mariadb:10.3 security and bug fix update suserockylinuxalmalinux
CVE-2019-2739 medium 5.5 7y ago Moderate: mariadb:10.3 security and bug fix update rockylinuxalmalinux
CVE-2019-2614 medium 5.5 7y ago Moderate: mariadb:10.3 security and bug fix update suserockylinuxalmalinux
CVE-2019-2627 medium 5.5 7y ago Moderate: mariadb:10.3 security and bug fix update suserockylinuxalmalinux
CVE-2019-2628 medium 5.5 7y ago Moderate: mariadb:10.3 security and bug fix update suserockylinuxalmalinux
CVE-2019-2740 medium 5.5 7y ago Moderate: mariadb:10.3 security and bug fix update rockylinuxalmalinux
CVE-2019-14233 medium 5.5 7y ago An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremel… archsusedebianpython
CVE-2019-14235 medium 5.5 7y ago An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage… archsusedebianpython
CVE-2019-14232 medium 5.5 7y ago An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, … archsusedebianpython
CVE-2019-13114 medium 5.5 7y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux+1
CVE-2019-12308 medium 5.5 7y ago An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without… archsusedebianpython
CVE-2019-11324 medium 5.5 7y ago Moderate: python27:2.7 security, bug fix, and enhancement update suserockylinuxdebianpython
CVE-2019-11358 medium 5.5 7y ago XSS in jQuery as used in Drupal, Backdrop CMS, and other products archrockylinuxdebianruby+5
CVE-2019-7164 medium 5.5 7y ago Moderate: python36:3.6 security update suserockylinuxdebianpython
CVE-2019-7548 medium 5.5 7y ago Moderate: python36:3.6 security update almalinuxsuserockylinuxdebian+1
CVE-2019-8331 medium 5.5 7y ago Bootstrap Vulnerable to Cross-Site Scripting rockylinuxdebianrubynuget+3
CVE-2019-6975 medium 5.5 7y ago Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() func… archsusedebianpython
CVE-2019-3498 medium 5.5 8y ago In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defa… archsusedebianpython
CVE-2019-3881 medium 5.5 8y ago Moderate: ruby:2.6 security, bug fix, and enhancement update suserockylinuxruby
CVE-2019-13118 medium 5.3 5.3 4y ago In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, … susedebianfedoraubuntu+3
CVE-2019-13117 medium 5.3 5.3 7y ago In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte o… susedebianubuntufedora+2
CVE-2019-7317 medium 5.3 5.3 7y ago png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. archsusedebianubuntu+4
CVE-2019-16230 medium 4.7 4.7 7y ago drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer stat… susedebianlinux
CVE-2019-15213 medium 4.6 4.6 7y ago An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver. susedebianlinux
CVE-2019-8506 low 4.0 4y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebian
CVE-2019-7310 low 2.5 In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash… archsusedebian
CVE-2019-7653 low 2.5 The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in th… archdebian
CVE-2019-16167 low 2.5 sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. suserockylinuxdebian
CVE-2019-5882 low 2.5 Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer. archdebian
CVE-2019-1543 low 2.5 ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a vari… archsusedebian
CVE-2019-20838 low 2.5 5y ago Low: pcre security update suserockylinuxdebian
CVE-2019-2215 unknown 2.5 5y ago A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require… debian
CVE-2019-17402 low 2.5 5y ago Low: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2019-2708 low 2.5 5y ago Low: libdb security update suserockylinux
CVE-2019-14494 low 2.5 6y ago Low: poppler security update susedebian
CVE-2019-15165 low 2.5 6y ago Low: libpcap security, bug fix, and enhancement update susedebian
CVE-2019-1010305 low 2.5 6y ago Low: libmspack security and bug fix update susedebianrockylinux
CVE-2019-13045 low 2.5 6y ago Low: irssi security update archdebianrockylinux
CVE-2019-11498 low 2.5 6y ago Low: wavpack security update suserockylinuxdebian
CVE-2019-1010317 low 2.5 6y ago Low: wavpack security update rockylinuxdebian
CVE-2019-1010315 low 2.5 6y ago Low: wavpack security update suserockylinuxdebian
CVE-2019-1010319 low 2.5 6y ago Low: wavpack security update suserockylinuxdebian
CVE-2019-19118 low 2.5 7y ago Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but ed… archdebianpython
CVE-2019-8584 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8597 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8586 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-12795 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update archsusedebianrockylinux
CVE-2019-6237 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebian
CVE-2019-8523 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian