CVEs from 2019
Total
3,250
critical
critical 232
high
high 341
medium
medium 309
low
low 71
% Critical
7.1%
% with KEV
3.6%
% with exploit
4.4%
Top products
- u-boot 20
- active_iq_unified_manager 7
- jdk 5
- weblogic_server 5
- oncommand_workflow_automation 5
- oncommand_insight 4
- codeready_linux_builder_eus 4
- libxslt 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-5852 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-1000020 | high | — | 8.0 | — | libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660… | |||
| CVE-2019-13697 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-1348 | high | — | 8.0 | — | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also vi… | |||
| CVE-2019-13716 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-11746 | high | — | 8.0 | — | A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox… | |||
| CVE-2019-5847 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-11477 | high | — | 8.0 | — | Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker c… | |||
| CVE-2019-11737 | high | — | 8.0 | — | If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly … | |||
| CVE-2019-13713 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5800 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-11479 | high | — | 8.0 | — | Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. … | |||
| CVE-2019-11744 | high | — | 8.0 | — | Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these… | |||
| CVE-2019-5794 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-14812 | high | — | 8.0 | — | A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions… | |||
| CVE-2019-5793 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-2201 | high | — | 8.0 | — | In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged proces… | |||
| CVE-2019-5789 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-14811 | high | — | 8.0 | — | A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restriction… | |||
| CVE-2019-15903 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5851 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5854 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-14868 | high | — | 8.0 | — | In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell comman… | |||
| CVE-2019-3814 | high | — | 8.0 | — | It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could … | |||
| CVE-2019-13704 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-14817 | high | — | 8.0 | — | A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrict… | |||
| CVE-2019-0117 | high | — | 8.0 | — | multiple issues in intel-ucode | |||
| CVE-2019-11705 | high | — | 8.0 | — | A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vu… | |||
| CVE-2019-9849 | high | — | 8.0 | — | LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who w… | |||
| CVE-2019-25016 | high | — | 8.0 | — | In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed t… | |||
| CVE-2019-13703 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5855 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-9893 | high | — | 8.0 | — | libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and poten… | |||
| CVE-2019-5862 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-18182 | high | — | 8.0 | — | arbitrary command execution in pacman | |||
| CVE-2019-5795 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-18183 | high | — | 8.0 | — | arbitrary command execution in pacman | |||
| CVE-2019-13707 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-11683 | high | — | 8.0 | — | udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have un… | |||
| CVE-2019-14318 | high | — | 8.0 | — | Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing opera… | |||
| CVE-2019-20503 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13715 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5861 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-8905 | high | — | 8.0 | — | do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. | |||
| CVE-2019-13694 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5860 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13696 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-0053 | high | — | 8.0 | — | Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS… | |||
| CVE-2019-3823 | high | — | 8.0 | — | libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL termi… | |||
| CVE-2019-5803 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-11478 | high | — | 8.0 | — | Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences… | |||
| CVE-2019-5798 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-19882 | high | — | 8.0 | — | shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affe… | |||
| CVE-2019-11738 | high | — | 8.0 | — | If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for mal… | |||
| CVE-2019-8337 | high | — | 8.0 | — | In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked. | |||
| CVE-2019-11734 | high | — | 8.0 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of… | |||
| CVE-2019-5858 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-11139 | high | — | 8.0 | — | Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. | |||
| CVE-2019-13702 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5802 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-1000019 | high | — | 8.0 | — | libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_fo… | |||
| CVE-2019-11706 | high | — | 8.0 | — | A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affect… | |||
| CVE-2019-1353 | high | — | 8.0 | — | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known… | |||
| CVE-2019-13708 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5857 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5436 | high | — | 8.0 | — | A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. | |||
| CVE-2019-5799 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5791 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13719 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-8376 | high | — | 8.0 | — | An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay… | |||
| CVE-2019-8343 | high | — | 8.0 | — | In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c. | |||
| CVE-2019-12749 | high | — | 8.0 | — | dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofi… | |||
| CVE-2019-14813 | high | — | 8.0 | — | A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A… | |||
| CVE-2019-10181 | high | — | 8.0 | — | It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw t… | |||
| CVE-2019-11747 | high | — | 8.0 | — | The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security … | |||
| CVE-2019-19450 | high | — | 8.0 | 3y ago | Important: python-reportlab security update | |||
| CVE-2019-18466 | high | — | 8.0 | 4y ago | Important: container-tools:rhel8 security and bug fix update | |||
| CVE-2019-9512 | high | — | 8.0 | 4y ago | Important: container-tools:rhel8 security and bug fix update | |||
| CVE-2019-9514 | high | — | 8.0 | 4y ago | Important: nodejs:10 security update | |||
| CVE-2019-10354 | high | — | 8.0 | 4y ago | Missing Authorization in Jenkins | |||
| CVE-2019-10352 | high | — | 8.0 | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |||
| CVE-2019-10353 | high | — | 8.0 | 4y ago | Cross-Site Request Forgery in Jenkins | |||
| CVE-2019-16276 | high | — | 8.0 | 4y ago | Request smuggling due to accepting invalid headers in net/http via net/textproto | |||
| CVE-2019-2435 | high | — | 8.0 | 4y ago | Improper Access Control in MySQL Connector Python | |||
| CVE-2019-5885 | high | — | 8.0 | 4y ago | Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers … | |||
| CVE-2019-16884 | high | — | 8.0 | 4y ago | Important: container-tools:rhel8 security and bug fix update | |||
| CVE-2019-10214 | high | — | 8.0 | 4y ago | Important: container-tools:rhel8 security, bug fix, and enhancement update | |||
| CVE-2019-18811 | high | — | 8.0 | 5y ago | A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering s… | |||
| CVE-2019-19528 | high | — | 8.0 | 5y ago | In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. | |||
| CVE-2019-19523 | high | — | 8.0 | 5y ago | In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. | |||
| CVE-2019-2938 | high | — | 8.0 | 6y ago | Important: mariadb:10.3 security, bug fix, and enhancement update | |||
| CVE-2019-2974 | high | — | 8.0 | 6y ago | Important: mariadb:10.3 security, bug fix, and enhancement update | |||
| CVE-2019-15890 | high | — | 8.0 | 6y ago | Important: container-tools:rhel8 security, bug fix, and enhancement update | |||
| CVE-2019-2997 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2019-3004 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2019-2993 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2019-2911 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2019-3018 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2019-2946 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |||
| CVE-2019-2982 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update |