2019 CVE Vulnerabilities
17,618 CVEs published in 2019.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2019-14052 | CRITICAL | 9.8 | 0.9% | Sep 8, 2020 | u'Accessing an uninitialized data structure could result in partially copying of contents and thus incorrect processing'... |
| CVE-2019-4694 | CRITICAL | 9.8 | 1.2% | Aug 26, 2020 | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic... |
| CVE-2019-18847 | CRITICAL | 9.8 | 2.3% | Aug 26, 2020 | Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1. |
| CVE-2019-11855 | CRITICAL | 9.8 | 1.2% | Aug 21, 2020 | An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9. |
| CVE-2019-11852 | CRITICAL | 9.1 | 0.9% | Aug 21, 2020 | An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Sensitive i... |
| CVE-2019-6258 | CRITICAL | 9.8 | 2.6% | Aug 18, 2020 | D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /... |
| CVE-2019-16374 | CRITICAL | 9.8 | 1.9% | Aug 13, 2020 | Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. A... |
| CVE-2019-11286 | CRITICAL | 9.1 | 1.8% | Jul 31, 2020 | VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.1... |
| CVE-2019-20033 | CRITICAL | 9.8 | 1.1% | Jul 29, 2020 | On Aspire-derived NEC PBXes, including all versions of SV8100 devices, a set of documented, static login credentials may... |
| CVE-2019-20031 | CRITICAL | 9.1 | 1.0% | Jul 29, 2020 | NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number... |
| CVE-2019-20027 | CRITICAL | 9.8 | 1.4% | Jul 29, 2020 | Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain t... |
| CVE-2019-20025 | CRITICAL | 9.8 | 2.9% | Jul 29, 2020 | Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an af... |
| CVE-2019-16244 | CRITICAL | 9.8 | 1.2% | Jul 22, 2020 | OMERO.server before 5.6.1 allows attackers to bypass the security filters and access hidden objects via a crafted query. |
| CVE-2019-20914 | CRITICAL | 9.8 | 1.9% | Jul 16, 2020 | An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_co... |
| CVE-2019-17638 | CRITICAL | 9.4 | 11.1% | Jul 9, 2020 | In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an ... |
| CVE-2019-20896 | CRITICAL | 9.8 | 1.0% | Jul 7, 2020 | WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponent, messageID, or to parameter. |
| CVE-2019-15311 | CRITICAL | 9.8 | 7.6% | Jul 1, 2020 | An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. Th... |
| CVE-2019-15310 | CRITICAL | 9.8 | 8.3% | Jul 1, 2020 | An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user in... |
| CVE-2019-20893 | CRITICAL | 9.8 | 2.2% | Jun 30, 2020 | An issue was discovered in Activision Infinity Ward Call of Duty Modern Warfare 2 through 2019-12-11. PartyHost_HandleJo... |
| CVE-2019-3681 | CRITICAL | 9.8 | 1.4% | Jun 29, 2020 | A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, S... |
| CVE-2019-20409 | CRITICAL | 9.8 | 2.5% | Jun 23, 2020 | The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed re... |
| CVE-2019-14080 | CRITICAL | 9.8 | 0.7% | Jun 22, 2020 | Out of bound write can happen due to lack of check of array index value while parsing SDP attribute for SAR in Snapdrago... |
| CVE-2019-14073 | CRITICAL | 9.8 | 0.7% | Jun 22, 2020 | Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote s... |
| CVE-2019-14062 | CRITICAL | 9.8 | 0.9% | Jun 22, 2020 | Buffer overflows while decoding setup message from Network due to lack of check of IE message length received from netwo... |
| CVE-2019-20856 | CRITICAL | 9.8 | 1.4% | Jun 19, 2020 | An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection. |
Check if your code is affected by 2019 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now