118 CVEs published in 2019. 118 flagged on the CISA Known Exploited Vulnerabilities catalog. Every guide includes runnable Linux, Windows PowerShell, and Bash remediation commands.
118 fix guides from 2019 ⚠ 118 actively exploited (CISA KEV)CVE-2019-0344 - Remote Code Execution in SAP Commerce Cloud (virtualjdbc extension). Runnable patch commands and verification on this page.
CVE-2019-0604 is a remote code execution in Microsoft SharePoint Server. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2019-0708 is a remote code execution in Microsoft Windows. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2019-1003029: CWE-noinfo Not enough information in Jenkins Script Security Plugin. Runnable fix commands and patched builds.
CVE-2019-1003030: Protection Mechanism Failure in Jenkins Matrix Project Plugin. Runnable fix commands and patched builds.
CVE-2019-10068 is a Insecure Deserialization flaw in Kentico Xperience. Actively exploited per CISA KEV. Verified patched builds and runnabl
CVE-2019-10149 is an OS command injection in exim. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2019-10758 is a code injection in mongo-express. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2019-11510 is a n/a in the vendor n/a. CVSS 9.9 Critical. Patch commands, mitigations, and verification.
CVE-2019-11580 is a security vulnerability in Crowd. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2019-11581: Improper Neutralization of Special Elements in Output Used by a Downstream Component in Atlassian Jira Server and Data Cente
CVE-2019-11634 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2019-11708: Improper Input Validation in Mozilla Firefox and Thunderbird. Runnable fix commands and patched builds.
CVE-2019-12989 is a SQL Injection flaw in Citrix SD-WAN and NetScaler. Actively exploited per CISA KEV. Verified patched builds and runnable
CVE-2019-15107 is a OS Command Injection flaw in Webmin. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands.
CVE-2019-16057: OS Command Injection in D-Link DNS-320 Storage Device. Runnable fix commands and patched builds.
CVE-2019-16256 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2019-16278 - Remote Code Execution in nhttpd. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2019-16759 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2019-16920: OS Command Injection in D-Link Multiple Routers. Runnable fix commands and patched builds.
CVE-2019-16928 is an out-of-bounds write in Exim. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2019-17621 improper neutralization of special elements used in an os command ('os command i in Dir-859 Router. Runnable upgrade commands
CVE-2019-18935 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2019-19006 - Security Vulnerability in FreePBX. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2019-19781 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2019-3396 is a path traversal in Confluence Server. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2019-3568: Heap Buffer Overflow in Meta Platforms WhatsApp. Runnable fix commands and patched builds.
CVE-2019-3929: Cross-Site Scripting in Crestron Multiple Products. Runnable fix commands and patched builds.
CVE-2019-4716 is a gain access in IBM Planning Analytics. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2019-5544 is a heap overwrite in the vendor ESXi and Horizon DaaS. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2019-7192 incorrect authorization in Qnap Nas Devices Running Photo Station. Runnable upgrade commands and verification steps for sysadm
CVE-2019-7193 is a improper input validation in Qnap Nas Devices. Patched version, runnable upgrade commands, and how to verify the fix land
CVE-2019-7194 improper limitation of a pathname to a restricted directory ('path traversal') in Qnap Nas Devices Running Photo Station. Runn
CVE-2019-7195 improper limitation of a pathname to a restricted directory ('path traversal') in Qnap Nas Devices Running Photo Station. Runn
CVE-2019-7238 is a security vulnerability in Sonatype Nexus. This page lists verified fix commands and short-term mitigations you can run to
CVE-2019-7256 improper neutralization of special elements used in an os command ('os command i in Linear Emerge Essential Firmware. Runnable
CVE-2019-7609 is a code injection in Kibana. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2019-9670 is a XML external entity injection in Synacor Zimbra. This page lists verified fix commands and short-term mitigations you can
CVE-2019-9874 - Insecure Deserialization in CMS and Experience Platform (XP). Runnable patch commands and verification on this page.
CVE-2019-0193 is a code injection in Apache Solr. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2019-0211 is an use-after-free in Apache HTTP Server. This page lists verified fix commands and short-term mitigations you can run today
CVE-2019-0541 is a remote code execution in Microsoft Office. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2019-0543 is a Improper Authentication flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable
CVE-2019-0752 is an access of resource using incompatible type in Internet Explorer 10. This page lists verified fix commands and short-term
CVE-2019-0797 is a elevation of privilege in Microsoft Windows Server. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2019-0803 is a elevation of privilege in Microsoft Windows. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2019-0808 is a elevation of privilege in Microsoft Windows. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2019-0841: Improper Link Resolution Before File Access in Microsoft Windows. Runnable fix commands and patched builds.
CVE-2019-0859 is a elevation of privilege in Microsoft Windows. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2019-0863 is a elevation of privilege in Microsoft Windows. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2019-0880 is a Elevation of Privilege flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable f
CVE-2019-0903: Remote Code Execution in Microsoft Graphics Device Interface (GDI). Runnable fix commands and patched builds.
CVE-2019-1064: Improper Link Resolution Before File Access in Microsoft Windows. Runnable fix commands and patched builds.
CVE-2019-1069: Improper Link Resolution Before File Access in Microsoft Task Scheduler. Runnable fix commands and patched builds.
CVE-2019-11001 - Command Injection in Multiple IP Cameras. Runnable patch commands, mitigation snippets, and verification steps on this page
CVE-2019-11043: Buffer Overflow in PHP FastCGI Process Manager (FPM). Runnable fix commands and patched builds.
CVE-2019-1129: Improper Link Resolution Before File Access in Microsoft Windows. Runnable fix commands and patched builds.
CVE-2019-1130: Improper Link Resolution Before File Access in Microsoft Windows. Runnable fix commands and patched builds.
CVE-2019-1132 is a Elevation of Privilege flaw in Microsoft Win32k. Actively exploited per CISA KEV. Verified patched builds and runnable fi
CVE-2019-11539 is a n/a in the vendor n/a. CVSS 8 High. Patch commands, mitigations, and verification.
CVE-2019-11707: Type Confusion in Mozilla Firefox and Thunderbird. Runnable fix commands and patched builds.
CVE-2019-1214 is a elevation of privilege in Microsoft Windows. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2019-1215 is a elevation of privilege in Microsoft Windows. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2019-1253: Improper Link Resolution Before File Access in Microsoft Windows. Runnable fix commands and patched builds.
CVE-2019-1297 is a security vulnerability in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run
CVE-2019-12991: OS Command Injection in Citrix SD-WAN and NetScaler. Runnable fix commands and patched builds.
CVE-2019-1315: Improper Link Resolution Before File Access in Microsoft Windows. Runnable fix commands and patched builds.
CVE-2019-1322 is a Elevation of Privilege flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable f
CVE-2019-13272 is a security vulnerability in Linux kernel. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2019-13608 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2019-1367 is a remote code execution in Microsoft Internet Explorer 9. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2019-13720 is a Use-After-Free flaw in Google Chrome WebAudio. Actively exploited per CISA KEV. Verified patched builds and runnable fix
CVE-2019-1385: Improper Link Resolution Before File Access in Microsoft Windows. Runnable fix commands and patched builds.
CVE-2019-1388 is a improper privilege management in Windows. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2019-1405: Improper Privilege Management in Microsoft Windows. Runnable fix commands and patched builds.
CVE-2019-1429 is a remote code execution in Microsoft Internet Explorer 9. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2019-1458 is a security vulnerability in Microsoft Windows Server. This page lists verified fix commands and short-term mitigations you
CVE-2019-15271 security vulnerability in Cisco Small Business Rv Series Router Firmware. Runnable upgrade commands and verification steps fo
CVE-2019-15752 is a n/a in the vendor n/a. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2019-1579 is an use of externally-controlled format string in Palo Alto Networks GlobalProtect Portal/Gateway Interface. This page lists
CVE-2019-15949 is a n/a in the vendor n/a. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2019-1652 is an improper input validation in Cisco Small Business RV Series Router Firmware. This page lists verified fix commands and s
CVE-2019-1653 is a improper access control in Cisco Small Business RV Series Router Firmware. CVSS 7.5 High. Patch commands, mitigations, an
CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement in Firefox ESR. Patch commands and verification.
CVE-2019-17558 is a neutralization of special elements in output in Apache Solr. This page lists verified fix commands and short-term mitiga
CVE-2019-18187 is a arbitrary file upload with directory traversal in Trend Micro OfficeScan. CVSS 8.8 High. Patch commands, mitigations, an
CVE-2019-18426: Cross-Site Scripting in Meta Platforms WhatsApp. Runnable fix commands and patched builds.
CVE-2019-18988 is a n/a in the vendor n/a. CVSS 7 High. Patch commands, mitigations, and verification.
CVE-2019-19356 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2019-20085 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2019-20500 improper neutralization of special elements used in an os command ('os command i in Dwl-2600Ap Access Point. Runnable upgrade
CVE-2019-2215 is an use-after-free in Android. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2019-2616: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher in O
CVE-2019-2725 is a security vulnerability in Tape Library ACSLS. This page lists verified fix commands and short-term mitigations you can ru
CVE-2019-3010 is a security vulnerability in Solaris Operating System. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2019-3398 is a path traversal in Confluence. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2019-5418 - Path Traversal in https://github.com/rails/rails. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2019-6223 is a security vulnerability in Apple macOS. This page lists verified fix commands and short-term mitigations you can run today
CVE-2019-6340 is a Insecure Deserialization flaw in Drupal Core. Actively exploited per CISA KEV. Verified patched builds and runnable fix c
CVE-2019-7286 is a Out-of-Bounds Write flaw in Apple Multiple Products. Actively exploited per CISA KEV. Verified patched builds and runnabl
CVE-2019-7287 is a Out-of-Bounds Write flaw in Apple iOS. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands
CVE-2019-7481: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SMA100. Patch commands and ve
CVE-2019-7483 is a Path Traversal flaw in SonicWall SMA100. Actively exploited per CISA KEV. Verified patched builds and runnable fix comman
CVE-2019-8394 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2019-8506 is a Type Confusion flaw in Apple Multiple Products. Actively exploited per CISA KEV. Verified patched builds and runnable fix
CVE-2019-8526 is a use after free in Macos. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2019-8605 is a use after free in Ios. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2019-8720 is a Memory Corruption flaw in WebKitGTK. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands.
CVE-2019-9082 is a n/a in the vendor n/a. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2019-9621 - Server-Side Request Forgery in Zimbra Collaboration Suite (ZCS). Runnable patch commands and verification on this page.
CVE-2019-9875 - Insecure Deserialization in CMS and Experience Platform (XP). Runnable patch commands and verification on this page.
CVE-2019-0676: Information Disclosure in Microsoft Internet Explorer. Runnable fix commands and patched builds.
CVE-2019-0703 is a Information Disclosure flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable f
CVE-2019-5591 is a information disclosure in Fortinet FortiOS. CVSS 6.5 Medium. Patch commands, mitigations, and verification.
CVE-2019-5786 is a Use-After-Free flaw in Google Chrome Blink. Actively exploited per CISA KEV. Verified patched builds and runnable fix com
CVE-2019-5825 is a out-of-bounds write in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2019-6693 - Security Vulnerability in FortiGate. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2019-9978 is a n/a in the vendor n/a. CVSS 6.1 Medium. Patch commands, mitigations, and verification.