2019 CVEs

17618 CVEs published in 2019. 2412 critical, 6801 high. Browse by vendor, severity, or with PoCs.

Top CVEs published in 2019
CVESeverityScorePublishedSummary
CVE-2019-25136Critical10.02023-06-19A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulner…
CVE-2019-19810Critical10.02021-10-28Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can ex…
CVE-2019-17440Critical10.02019-12-20Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an…
CVE-2019-8779Critical10.02019-12-18A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS…
CVE-2019-7290Critical10.02019-12-18An access issue was addressed with additional sandbox restrictions. This issue is fixed in Shortcuts 2.1.3 for iOS. A sandboxed process may be able to circumve…
CVE-2019-18253Critical10.02019-11-27An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670…
CVE-2019-18580Critical10.02019-11-26Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker…
CVE-2019-14678Critical10.02019-11-14SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Readi…
CVE-2019-5644Critical10.02019-11-06Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access…
CVE-2019-5617Critical10.02019-11-06Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.4 and earlier suffers from an instance of CWE-284, "Improper Access…
CVE-2019-5151Critical10.02019-10-31An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leadin…
CVE-2019-5049Critical10.02019-10-31An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel sha…
CVE-2019-15066Critical10.02019-10-17An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998…
CVE-2019-13411Critical10.02019-10-17An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 3097…
CVE-2019-1372Critical10.02019-10-10An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to i…
CVE-2019-16932Critical10.02019-09-30A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.
CVE-2019-16650Critical10.02019-09-21On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number…
CVE-2019-16649Critical10.02019-09-21On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of…
CVE-2019-11210Critical10.02019-09-18The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contai…
CVE-2019-5485Critical10.02019-09-13NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name.