2019 CVE Vulnerabilities
17,618 CVEs published in 2019.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2019-25033 | CRITICAL | 9.8 | 1.8% | Apr 27, 2021 | Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor dispu... |
| CVE-2019-25032 | CRITICAL | 9.8 | 2.2% | Apr 27, 2021 | Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes ... |
| CVE-2019-10881 | CRITICAL | 9.8 | 1.0% | Apr 13, 2021 | Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.x... |
| CVE-2019-5319 | CRITICAL | 9.8 | 2.4% | Mar 30, 2021 | A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): A... |
| CVE-2019-10196 | CRITICAL | 9.8 | 1.4% | Mar 19, 2021 | A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option t... |
| CVE-2019-18235 | CRITICAL | 9.8 | 1.5% | Mar 17, 2021 | Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the w... |
| CVE-2019-25022 | CRITICAL | 9.8 | 1.4% | Feb 27, 2021 | An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event... |
| CVE-2019-11684 | CRITICAL | 9.8 | 1.0% | Feb 26, 2021 | Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and una... |
| CVE-2019-25024 | CRITICAL | 9.8 | 27.6% | Feb 19, 2021 | OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_sy... |
| CVE-2019-25019 | CRITICAL | 9.8 | 1.3% | Feb 14, 2021 | LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model. |
| CVE-2019-17582 | CRITICAL | 9.8 | 2.5% | Feb 9, 2021 | A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecifie... |
| CVE-2019-20468 | CRITICAL | 9.8 | 2.3% | Feb 1, 2021 | An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permi... |
| CVE-2019-18643 | CRITICAL | 9.8 | 4.1% | Jan 7, 2021 | Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application.... |
| CVE-2019-18642 | CRITICAL | 9.8 | 1.7% | Jan 7, 2021 | Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile upd... |
| CVE-2019-25010 | CRITICAL | 9.8 | 1.5% | Dec 31, 2020 | An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when __private_get_ty... |
| CVE-2019-25009 | CRITICAL | 9.8 | 1.8% | Dec 31, 2020 | An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeat... |
| CVE-2019-25004 | CRITICAL | 9.8 | 0.6% | Dec 31, 2020 | An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, ... |
| CVE-2019-25002 | CRITICAL | 9.8 | 1.5% | Dec 31, 2020 | An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itsel... |
| CVE-2019-7726 | CRITICAL | 9.8 | 2.3% | Dec 31, 2020 | modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP r... |
| CVE-2019-7725 | CRITICAL | 9.8 | 2.5% | Dec 31, 2020 | includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies... |
| CVE-2019-12768 | CRITICAL | 9.8 | 2.3% | Dec 30, 2020 | An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass au... |
| CVE-2019-14482 | CRITICAL | 9.8 | 1.8% | Dec 16, 2020 | AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web client. The same hardcode... |
| CVE-2019-14480 | CRITICAL | 9.8 | 1.1% | Dec 16, 2020 | AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead t... |
| CVE-2019-7198 | CRITICAL | 9.8 | 2.7% | Dec 10, 2020 | This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP h... |
| CVE-2019-19876 | CRITICAL | 9.8 | 1.0% | Nov 27, 2020 | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL ... |
Check if your code is affected by 2019 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now