2019 CVEs
17618 CVEs published in 2019. 2412 critical, 6801 high. Browse by vendor, severity, or with PoCs.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-25136 | Critical | 10.0 | 2023-06-19 | A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulner… |
CVE-2019-19810 | Critical | 10.0 | 2021-10-28 | Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can ex… |
CVE-2019-17440 | Critical | 10.0 | 2019-12-20 | Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an… |
CVE-2019-8779 | Critical | 10.0 | 2019-12-18 | A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS… |
CVE-2019-7290 | Critical | 10.0 | 2019-12-18 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in Shortcuts 2.1.3 for iOS. A sandboxed process may be able to circumve… |
CVE-2019-18253 | Critical | 10.0 | 2019-11-27 | An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670… |
CVE-2019-18580 | Critical | 10.0 | 2019-11-26 | Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker… |
CVE-2019-14678 | Critical | 10.0 | 2019-11-14 | SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Readi… |
CVE-2019-5644 | Critical | 10.0 | 2019-11-06 | Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access… |
CVE-2019-5617 | Critical | 10.0 | 2019-11-06 | Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.4 and earlier suffers from an instance of CWE-284, "Improper Access… |
CVE-2019-5151 | Critical | 10.0 | 2019-10-31 | An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leadin… |
CVE-2019-5049 | Critical | 10.0 | 2019-10-31 | An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel sha… |
CVE-2019-15066 | Critical | 10.0 | 2019-10-17 | An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998… |
CVE-2019-13411 | Critical | 10.0 | 2019-10-17 | An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 3097… |
CVE-2019-1372 | Critical | 10.0 | 2019-10-10 | An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to i… |
CVE-2019-16932 | Critical | 10.0 | 2019-09-30 | A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data. |
CVE-2019-16650 | Critical | 10.0 | 2019-09-21 | On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number… |
CVE-2019-16649 | Critical | 10.0 | 2019-09-21 | On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of… |
CVE-2019-11210 | Critical | 10.0 | 2019-09-18 | The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contai… |
CVE-2019-5485 | Critical | 10.0 | 2019-09-13 | NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name. |