2019 Security Vulnerability Report
CVE Statistics for 2019

Growth Curve
There were 16225 security vulnerabilities (CVEs) published in 2019. In 2018 there were 13177.

The average severity was 7.3 out of 10, which was about the same as in 2018.

Products & Vendors with the most security vulnerabilities published in 2019 Vulnerabilities may exist in multiple products or vendors

By Product

#1

Debian Linux

1007 vulnerabilities in 2019

#2

Canonical Ubuntu Linux

782 vulnerabilities in 2019

#3

Fedora Project Fedora

629 vulnerabilities in 2019

#4

OpenSuse Leap

612 vulnerabilities in 2019

#5

Google Android

491 vulnerabilities in 2019

#6

Microsoft Windows 10

448 vulnerabilities in 2019

#7

Microsoft Windows Server 2016

443 vulnerabilities in 2019

#8

Microsoft Windows Server 2019

433 vulnerabilities in 2019

#9

Apple iOS

350 vulnerabilities in 2019

#10

Microsoft Windows 7

322 vulnerabilities in 2019

#11

Microsoft Windows Server 2012

314 vulnerabilities in 2019

#12

Microsoft Windows Server 2008

314 vulnerabilities in 2019

#13

Microsoft Windows 8.1

310 vulnerabilities in 2019

#14

Apple macOS

305 vulnerabilities in 2019

#15

Google Chrome

304 vulnerabilities in 2019

#16

Microsoft Windows Rt 8 1

296 vulnerabilities in 2019

#17

Red Hat Enterprise Linux (RHEL)

293 vulnerabilities in 2019

#18

Red Hat Enterprise Linux Server

285 vulnerabilities in 2019

#19

Linux Kernel

277 vulnerabilities in 2019

#20

Red Hat Enterprise Linux Workstation

275 vulnerabilities in 2019

By Vendor

#1

Debian

1007 vulnerabilities in 2019

#2

Google

809 vulnerabilities in 2019

#3

Canonical

785 vulnerabilities in 2019

#4

Oracle

772 vulnerabilities in 2019

#5

Microsoft

764 vulnerabilities in 2019

#6

Red Hat

756 vulnerabilities in 2019

#7

OpenSuse

651 vulnerabilities in 2019

#8

Fedora Project

634 vulnerabilities in 2019

#9

Apple

548 vulnerabilities in 2019

#10

IBM

439 vulnerabilities in 2019

#11

Cisco

360 vulnerabilities in 2019

#12

Jenkins

341 vulnerabilities in 2019

#13

NetApp

313 vulnerabilities in 2019

#14

F5 Networks

287 vulnerabilities in 2019

#15

Linux

278 vulnerabilities in 2019

#16

GitLab

165 vulnerabilities in 2019

#17

Apache

159 vulnerabilities in 2019

#18

HP

154 vulnerabilities in 2019

#19

Intel

150 vulnerabilities in 2019

#20

Mozilla

144 vulnerabilities in 2019

By Weakness

#1
XSS
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
1877
 
11.6%
#2
Memory Corruption
The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
1077
 
6.6%
#3
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
857
 
5.3%
#4
Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. A crash can occur when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string. The expected sentinel might not be located in the out-of-bounds memory, causing excessive data to be read, leading to a segmentation fault or a buffer overflow. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent read operation then produces undefined or unexpected results.
843
 
5.2%
#5
Information Disclosure
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
574
 
3.5%
#6
Buffer Overflow
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
541
 
3.3%
#7
Dangling pointer
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
504
 
3.1%
#8
SQL Injection
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
446
 
2.7%
#9
Session Riding
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. When a web server is designed to receive a request from a client without any mechanism for verifying that it was intentionally sent, then it might be possible for an attacker to trick a client into making an unintentional request to the web server which will be treated as an authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and can result in exposure of data or unintended code execution.
420
 
2.6%
#10
Directory traversal
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
396
 
2.4%
#11
Shell injection
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
334
 
2.1%
#12
authentification
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
219
 
1.3%
#13
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.
219
 
1.3%
#14
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. When a resource is given a permissions setting that provides access to a wider range of actors than required, it could lead to the exposure of sensitive information, or the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution or sensitive user data.
182
 
1.1%
#15
Unrestricted File Upload
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
182
 
1.1%
#16
AuthZ
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
175
 
1.1%
#17
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
154
 
0.9%
#18
Code Injection
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
141
 
0.9%
#19
Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. An integer overflow or wraparound occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may wrap to become a very small or negative number. While this may be intended behavior in circumstances that rely on wrapping, it can have security consequences if the wrap is unexpected. This is especially the case if the integer overflow can be triggered using user-supplied inputs. This becomes security-critical when the result is used to control looping, make a security decision, or determine the offset or size in behaviors such as memory allocation, copying, concatenation, etc.
140
 
0.9%
#20
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
130
 
0.8%
#21
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
129
 
0.8%
#22
XXE
The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
124
 
0.8%
#23
Resource Exhaustion
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
123
 
0.8%
#24
Marshaling, Unmarshaling
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
117
 
0.7%
#25
Memory Leak
The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory. This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions. In some languages, developers are responsible for tracking memory allocation and releasing the memory. If there are no more pointers or references to the memory, then it can no longer be tracked and identified for release.
112
 
0.7%

By Category

Fortinet FortiOS

19 vulnerabilities in 2019

Apache JSPWiki

11 vulnerabilities in 2019

Fortinet FortiClient

9 vulnerabilities in 2019

Content Management

Joomla

29 vulnerabilities in 2019

WordPress

22 vulnerabilities in 2019

Adobe Experience Manager

19 vulnerabilities in 2019

Database

Oracle MySQL

140 vulnerabilities in 2019

Oracle Database Server

25 vulnerabilities in 2019

SQLite

18 vulnerabilities in 2019

Desktop Software

Apple iTunes

93 vulnerabilities in 2019

Microsoft Office

58 vulnerabilities in 2019

Mozilla Thunderbird

58 vulnerabilities in 2019

Development Tools

Oracle Java Development Kit (JDK)

41 vulnerabilities in 2019

Jenkins

21 vulnerabilities in 2019

Microsoft Visual Studio

4 vulnerabilities in 2019

DevOps

GitLab

164 vulnerabilities in 2019

Kubernetes

13 vulnerabilities in 2019

Docker

8 vulnerabilities in 2019

Email

Microsoft Exchange Server

12 vulnerabilities in 2019

Exim

4 vulnerabilities in 2019

Front End Libraries

AngularJS

1 vulnerability in 2019

jQuery

1 vulnerability in 2019

Java Application Servers

Oracle Weblogic Server

40 vulnerabilities in 2019

IBM WebSphere Application Server

18 vulnerabilities in 2019

Adobe ColdFusion

10 vulnerabilities in 2019

Java Libraries

FasterXML Jackson Databind

21 vulnerabilities in 2019

Libraries

Microsoft ChakraCore

71 vulnerabilities in 2019

OpenSSL

7 vulnerabilities in 2019

Google Tensorflow

7 vulnerabilities in 2019

Operating Systems

Debian Linux

1000 vulnerabilities in 2019

Canonical Ubuntu Linux

669 vulnerabilities in 2019

Google Android

491 vulnerabilities in 2019

Runtime Environments

Oracle Java Runtime Environment (JRE)

37 vulnerabilities in 2019

PHP

30 vulnerabilities in 2019

Python

15 vulnerabilities in 2019

Server Software

Microsoft Sharepoint Server

33 vulnerabilities in 2019

Microsoft Sharepoint Enterprise Server

32 vulnerabilities in 2019

OpenBSD OpenSSH

5 vulnerabilities in 2019

Virtualization

Oracle VM VirtualBox

64 vulnerabilities in 2019

QEMU

15 vulnerabilities in 2019

Web Application Framework

Django Project Django

10 vulnerabilities in 2019

Microsoft ASP.NET Core

6 vulnerabilities in 2019

Web Applications

Apple iCloud

93 vulnerabilities in 2019

Web Browsers

Google Chrome

300 vulnerabilities in 2019

Apple Safari

166 vulnerabilities in 2019

Mozilla Firefox

108 vulnerabilities in 2019

Web Servers

Apache HTTP Server

14 vulnerabilities in 2019

2019 Known Exploited Vulnerabilities

These vulnerabilities may be considered some of the most dangerous vulnerabilities of 2019, because they are both known to have been exploited and have a high severity score. In fact 3 vulnerabilities scored the highest possible CVSS base score, of 10.

10.0
Pulse Connect Secure VPN arbitrary file reading vulnerability (COVID-19-CTI list)
CVE-2019-11510 vulnerability in Pulse Connect Secure, disclosed on May 8, 2019
10.0
Kibana Arbitrary Code Execution
CVE-2019-7609 vulnerability in Kibana, disclosed on March 25, 2019
10.0
Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability
CVE-2019-11708 vulnerability in Firefox and Thunderbird, disclosed on July 23, 2019
9.9
MongoDB mongo-express Remote Code Execution Vulnerability
CVE-2019-10758 vulnerability in mongo-express, disclosed on December 24, 2019
9.9
Jenkins Matrix Project Plugin Remote Code Execution Vulnerability
CVE-2019-1003030 vulnerability in Matrix Project Plugin, disclosed on March 8, 2019
9.9
Jenkins Script Security Plugin Sandbox Bypass Vulnerability
CVE-2019-1003029 vulnerability in Script Security Plugin, disclosed on March 8, 2019
9.8
Remote code execution via Widget Connector macro Vulnerability
CVE-2019-3396 vulnerability in Atlassian Confluence Server, disclosed on March 25, 2019
9.8
Fortinet FortiOS SSL VPN credential exposure vulnerability
CVE-2018-13379 vulnerability in FortiOS, disclosed on June 4, 2019
9.8
Oracle WebLogic Server, Injection
CVE-2019-2725 vulnerability in WebLogic Server, disclosed on April 26, 2019
9.8
Webmin Command Injection Vulnerability
CVE-2019-15107 vulnerability in Webmin, disclosed on August 16, 2019
9.8
"BlueKeep" Microsoft Windows Remote Desktop Remote Code Execution Vulnerability
CVE-2019-0708 vulnerability in Remote Desktop Services, disclosed on May 16, 2019
9.8
Citrix Application Delivery Controller and Citrix Gateway Vulnerability
CVE-2019-19781 vulnerability in Application Delivery Controller (ADC) and Gateway, disclosed on December 27, 2019
9.8
Synacor Zimbra Collaboration Suite Improper Restriction of XML External Entity Reference
CVE-2019-9670 vulnerability in Zimbra Collaboration Suite, disclosed on May 29, 2019
9.8
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2019-0604 vulnerability in SharePoint, disclosed on March 5, 2019
9.8
vBulletin PHP Module Remote Code Execution Vulnerability
CVE-2019-16759 vulnerability in vBulletin, disclosed on September 24, 2019
9.8
Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability
CVE-2019-11580 vulnerability in Crowd and Crowd Data Center, disclosed on June 3, 2019
9.8
Nice Linear eMerge E3-Series OS Command Injection Vulnerability
CVE-2019-7256 vulnerability in Linear eMerge E3-Series, disclosed on July 2, 2019
9.8
Nostromo nhttpd Directory Traversal Vulnerability
CVE-2019-16278 vulnerability in nhttpd, disclosed on October 14, 2019
9.8
Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability
CVE-2019-11581 vulnerability in Jira Server and Data Center, disclosed on August 9, 2019
9.8
D-Link Multiple Routers Command Injection Vulnerability
CVE-2019-16920 vulnerability in Multiple Routers, disclosed on September 27, 2019
9.8
QNAP Photo Station Improper Access Control Vulnerability
CVE-2019-7192 vulnerability in Photo Station, disclosed on December 5, 2019
9.8
PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability
CVE-2019-11043 vulnerability in FastCGI Process Manager (FPM), disclosed on October 28, 2019
9.8
Kentico Xperience Deserialization of Untrusted Data Vulnerability
CVE-2019-10068 vulnerability in Xperience, disclosed on March 26, 2019
9.8
D-Link DNS-320 Remote Code Execution Vulnerability
CVE-2019-16057 vulnerability in DNS-320 Storage Device, disclosed on September 16, 2019
9.8
Crestron Multiple Products Command Injection Vulnerability
CVE-2019-3929 vulnerability in Multiple Products, disclosed on April 30, 2019
9.8
Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability
CVE-2019-7238 vulnerability in Nexus Repository Manager, disclosed on March 21, 2019
9.8
Exim Mail Transfer Agent (MTA) Improper Input Validation
CVE-2019-10149 vulnerability in Mail Transfer Agent (MTA), disclosed on June 5, 2019
9.8
Zyxel P660HN-T1A Routers Command Injection Vulnerability
CVE-2017-18368 vulnerability in P660HN-T1A Routers, disclosed on May 2, 2019
9.8
Progress Telerik UI for ASP.NET deserialization bug
CVE-2019-18935 vulnerability in ASP.NET AJAX, disclosed on December 11, 2019
9.8
Adobe Flash Player Use-After-Free Vulnerability
CVE-2018-15982 vulnerability in Flash Player, disclosed on January 18, 2019
9.8
D-Link DIR-859 Router Command Execution Vulnerability
CVE-2019-17621 vulnerability in DIR-859 Router, disclosed on December 30, 2019
9.8
QNAP Photo Station Path Traversal Vulnerability
CVE-2019-7194 vulnerability in Photo Station, disclosed on December 5, 2019
9.8
LG N1A1 NAS Remote Command Execution Vulnerability
CVE-2018-14839 vulnerability in N1A1 NAS, disclosed on May 14, 2019
9.8
QNAP Photo Station Path Traversal Vulnerability
CVE-2019-7195 vulnerability in Photo Station, disclosed on December 5, 2019
9.8
Exim Out-of-bounds Write Vulnerability
CVE-2019-16928 vulnerability in Exim Internet Mailer, disclosed on September 27, 2019
9.8
VMware ESXi/Horizon DaaS Appliances Heap-Overwrite Vulnerability
CVE-2019-5544 vulnerability in ESXi, Horizon DaaS Appliances, disclosed on December 6, 2019
9.8
Citrix SD-WAN and NetScaler SQL Injection Vulnerability
CVE-2019-12989 vulnerability in SD-WAN and NetScaler, disclosed on July 16, 2019
9.8
IBM Planning Analytics configuration overwrite vulnerability
CVE-2019-4716 vulnerability in IBM Planning Analytics, disclosed on December 18, 2019
9.8
Ubiquiti AirOS Command Injection Vulnerability
CVE-2010-5330 vulnerability in AirOS, disclosed on June 11, 2019
9.8
Citrix Workspace (for Windows) Prior to 1904 Improper Access Control
CVE-2019-11634 vulnerability in Workspace (for Windows), disclosed on May 22, 2019
9.8
QNAP QTS Improper Input Validation Vulnerability
CVE-2019-7193 vulnerability in QTS, disclosed on December 5, 2019
9.8
Kaseya VSA SQL Injection Vulnerability
CVE-2017-18362 vulnerability in Virtual System/Server Administrator (VSA), disclosed on February 5, 2019
9.8
SIMalliance Toolbox (S@T) Browser Command and Control Vulnerability
CVE-2019-16256 vulnerability in SIMalliance Toolbox (S@T) Browser, disclosed on September 12, 2019
9.8
Schneider Electric U.motion Builder SQL Injection Vulnerability
CVE-2018-7841 vulnerability in U.motion Builder, disclosed on May 22, 2019
9.8
Kaseya VSA Remote Code Execution Vulnerability
CVE-2018-20753 vulnerability in Virtual System/Server Administrator (VSA), disclosed on February 5, 2019
9.8
SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability
CVE-2019-0344 vulnerability in Commerce Cloud, disclosed on August 14, 2019
9.8
WhatsApp VOIP Stack Buffer Overflow Vulnerability
CVE-2019-3568 vulnerability in WhatsApp, disclosed on May 14, 2019
9.8
Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9874 vulnerability in CMS and Experience Platform (XP), disclosed on May 31, 2019
8.8
ThinkPHP Remote Code Execution Vulnerability
CVE-2019-9082 vulnerability in ThinkPHP, disclosed on February 24, 2019
8.8
Atlassian Confluence Path Traversal Vulnerability
CVE-2019-3398 vulnerability in Confluence, disclosed on April 18, 2019
8.8
Google Chrome Use-After-Free Vulnerability
CVE-2019-13720 vulnerability in Chrome, disclosed on November 25, 2019
8.8
Nagios XI Remote Code Execution Vulnerability
CVE-2019-15949 vulnerability in Nagios XI, disclosed on September 5, 2019
8.8
Citrix SD-WAN and NetScaler Command Injection Vulnerability
CVE-2019-12991 vulnerability in SD-WAN and NetScaler, disclosed on July 16, 2019
8.8
Mozilla Firefox and Thunderbird Type Confusion Vulnerability
CVE-2019-11707 vulnerability in Firefox and Thunderbird, disclosed on July 23, 2019
8.8
Microsoft MSHTML Engine Remote Code Execution Vulnerability
CVE-2019-0541 vulnerability in MSHTML engine, disclosed on January 8, 2019
8.8
Microsoft Excel Remote Code Execution Vulnerability
CVE-2019-1297 vulnerability in Excel, disclosed on September 11, 2019
8.8
Microsoft GDI Remote Code Execution Vulnerability
CVE-2019-0903 vulnerability in Graphics Device Interface (GDI), disclosed on May 16, 2019
8.8
Oracle Solaris Privilege Escalation Vulnerability
CVE-2019-3010 vulnerability in Solaris, disclosed on October 16, 2019
8.8
Apple Multiple Products Type Confusion Vulnerability
CVE-2019-8506 vulnerability in Multiple Products, disclosed on December 18, 2019
8.8
Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 vulnerability in CMS and Experience Platform (XP), disclosed on May 31, 2019
8.8
Cisco RV Series Routers Deserialization of Untrusted Data Vulnerability
CVE-2019-15271 vulnerability in RV Series Routers, disclosed on November 26, 2019
8.1
Drupal Core Remote Code Execution Vulnerability
CVE-2019-6340 vulnerability in Core, disclosed on February 21, 2019
8.1
Palo Alto Networks PAN-OS Remote Code Execution Vulnerability
CVE-2019-1579 vulnerability in PAN-OS, disclosed on July 19, 2019
7.8
WinRAR Absolute Path Traversal Vulnerability
CVE-2018-20250 vulnerability in WinRAR, disclosed on February 5, 2019
7.8
Microsoft Win32k Privilege Escalation Vulnerability
CVE-2019-1458 vulnerability in Win32k, disclosed on December 10, 2019
7.8
Apache HTTP Server scoreboard vulnerability
CVE-2019-0211 vulnerability in HTTP Server, disclosed on April 8, 2019
7.8
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
CVE-2019-0841 vulnerability in Windows, disclosed on April 9, 2019
7.8
Microsoft Win32k Escalation Kernel Vulnerability
CVE-2019-0803 vulnerability in Win32k, disclosed on April 9, 2019
7.8
Linux Kernel Improper Privilege Management Vulnerability
CVE-2019-13272 vulnerability in Kernel, disclosed on July 17, 2019
7.8
Docker Desktop Community Edition Privilege Escalation Vulnerability
CVE-2019-15752 vulnerability in Desktop Community Edition, disclosed on August 28, 2019
7.8
Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability
CVE-2019-1405 vulnerability in Windows, disclosed on November 12, 2019
7.8
Microsoft Windows 7 win32k.sys Driver Vulnerability
CVE-2019-0808 vulnerability in Windows, disclosed on April 9, 2019
7.8
Android "AbstractEmu" Root Access Vulnerabilities
CVE-2019-2215 vulnerability in Android OS, disclosed on October 11, 2019
7.8
Microsoft Windows Privilege Escalation Vulnerability
CVE-2019-1322 vulnerability in Windows, disclosed on October 10, 2019
7.8
Microsoft Task Scheduler Privilege Escalation Vulnerability
CVE-2019-1069 vulnerability in Task Scheduler, disclosed on June 12, 2019
7.8
Microsoft Win32k Privilege Escalation Vulnerability
CVE-2019-1132 vulnerability in Win32k, disclosed on July 15, 2019
7.8
Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability
CVE-2019-1253 vulnerability in Windows, disclosed on September 11, 2019
7.8
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
CVE-2019-1064 vulnerability in Windows, disclosed on June 12, 2019
7.8
Microsoft Windows Error Reporting (WER) Vulnerability
CVE-2019-0863 vulnerability in Windows, disclosed on May 16, 2019
7.8
Microsoft Windows Common Log File System (CLFS) Driver Vulnerability
CVE-2019-1214 vulnerability in Windows, disclosed on September 11, 2019
7.8
Microsoft Win32k Escalation Kernel Vulnerability
CVE-2019-0859 vulnerability in Win32k, disclosed on April 9, 2019
7.8
Apple Multiple Products Use-After-Free Vulnerability
CVE-2019-8605 vulnerability in Multiple Products, disclosed on December 18, 2019
7.8
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
CVE-2019-1129 vulnerability in Windows, disclosed on July 15, 2019
7.8
Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability
CVE-2019-1315 vulnerability in Windows, disclosed on October 10, 2019
7.8
Microsoft Windows AppX Deployment Service Privilege Escalation Vulnerability
CVE-2019-1130 vulnerability in Windows, disclosed on July 15, 2019
7.8
Apple iOS Memory Corruption Vulnerability
CVE-2019-7287 vulnerability in iOS, disclosed on December 18, 2019
7.8
Microsoft Win32k.sys Driver Vulnerability
CVE-2019-0797 vulnerability in Win32k, disclosed on April 9, 2019
7.8
Microsoft Windows Privilege Escalation Vulnerability
CVE-2019-0543 vulnerability in Windows, disclosed on January 8, 2019
7.8
Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability
CVE-2019-1388 vulnerability in Windows, disclosed on November 12, 2019
7.8
Microsoft Windows Winsock (ws2ifsl.sys) Vulnerability
CVE-2019-1215 vulnerability in Windows, disclosed on September 11, 2019
7.8
Apple Multiple Products Memory Corruption Vulnerability
CVE-2019-7286 vulnerability in Multiple Products, disclosed on December 18, 2019
7.8
Microsoft Windows Privilege Escalation Vulnerability
CVE-2019-0880 vulnerability in Windows, disclosed on July 15, 2019
7.8
Apple Multiple Products Memory Corruption Vulnerability
CVE-2018-4344 vulnerability in Multiple Products, disclosed on April 3, 2019
7.8
Microsoft Windows AppX Deployment Extensions Privilege Escalation Vulnerability
CVE-2019-1385 vulnerability in Windows, disclosed on November 12, 2019
7.8
Apple macOS Use-After-Free Vulnerability
CVE-2019-8526 vulnerability in macOS, disclosed on December 18, 2019
7.5
Apache Solr 5.0.0-8.3.1 Remote Code Execution Vulnerability
CVE-2019-17558 vulnerability in Solr, disclosed on December 30, 2019
7.5
Cisco RV320 and RV325 Routers Improper Access Control Vulnerability (COVID-19-CTI list)
CVE-2019-1653 vulnerability in RV320 and RV325 Routers, disclosed on January 24, 2019
7.5
SonicWall SMA100 9.0.0.3 and Earlier SQL Injection
CVE-2019-7481 vulnerability in SMA100, disclosed on December 17, 2019
7.5
TVT NVMS-1000 Directory Traversal
CVE-2019-20085 vulnerability in NVMS-1000, disclosed on December 30, 2019
7.5
Microsoft Internet Explorer Type Confusion Vulnerability
CVE-2019-0752 vulnerability in Internet Explorer, disclosed on April 9, 2019

Report Last Updated: July 5, 2025