CVEs from 2019
Total
4,015
critical
critical 232
high
high 332
medium
medium 301
low
low 72
% Critical
5.8%
% with KEV
2.9%
% with exploit
3.0%
Top products
- u-boot 20
- nsauditor 1
- crypto 1
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2019-5861 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-5867 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2019-12881 | high | — | 8.0 | — | i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) o… | |
| CVE-2019-6956 | high | — | 8.0 | — | An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c. | |
| CVE-2019-6474 | high | — | 8.0 | — | A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leas… | |
| CVE-2019-8376 | high | — | 8.0 | — | An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay… | |
| CVE-2019-8381 | high | — | 8.0 | — | An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an… | |
| CVE-2019-6473 | high | — | 8.0 | — | An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0… | |
| CVE-2019-5854 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-10192 | high | — | 8.0 | — | A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using … | |
| CVE-2019-10193 | high | — | 8.0 | — | A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRA… | |
| CVE-2019-11703 | high | — | 8.0 | — | A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnera… | |
| CVE-2019-5796 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-13695 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-5851 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-1350 | high | — | 8.0 | — | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-201… | |
| CVE-2019-3814 | high | — | 8.0 | — | It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could … | |
| CVE-2019-12749 | high | — | 8.0 | — | dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofi… | |
| CVE-2019-5795 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-14813 | high | — | 8.0 | — | A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A… | |
| CVE-2019-5794 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-11735 | high | — | 8.0 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough … | |
| CVE-2019-5860 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-8377 | high | — | 8.0 | — | An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcprep… | |
| CVE-2019-11748 | high | — | 8.0 | — | WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in … | |
| CVE-2019-6116 | high | — | 8.0 | — | In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. | |
| CVE-2019-5850 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-13696 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-5791 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-13716 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-5800 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-9686 | high | — | 8.0 | — | arbitrary code execution in pacman | |
| CVE-2019-13701 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-14318 | high | — | 8.0 | — | Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing opera… | |
| CVE-2019-5798 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-11741 | high | — | 8.0 | — | A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org a… | |
| CVE-2019-13715 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-5868 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2019-0117 | high | — | 8.0 | — | multiple issues in intel-ucode | |
| CVE-2019-19604 | high | — | 8.0 | — | Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can… | |
| CVE-2019-1351 | high | — | 8.0 | — | A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'. | |
| CVE-2019-11737 | high | — | 8.0 | — | If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly … | |
| CVE-2019-18182 | high | — | 8.0 | — | arbitrary command execution in pacman | |
| CVE-2019-18183 | high | — | 8.0 | — | arbitrary command execution in pacman | |
| CVE-2019-13713 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-5489 | high | — | 8.0 | — | The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allow… | |
| CVE-2019-8905 | high | — | 8.0 | — | do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. | |
| CVE-2019-13709 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-13711 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-1353 | high | — | 8.0 | — | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known… | |
| CVE-2019-13718 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-6109 | high | — | 8.0 | — | An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the… | |
| CVE-2019-13710 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-11139 | high | — | 8.0 | — | Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. | |
| CVE-2019-5788 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-13714 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-1348 | high | — | 8.0 | — | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also vi… | |
| CVE-2019-9848 | high | — | 8.0 | — | LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLo… | |
| CVE-2019-1349 | high | — | 8.0 | — | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-201… | |
| CVE-2019-1352 | high | — | 8.0 | — | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-201… | |
| CVE-2019-1387 | high | — | 8.0 | — | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that… | |
| CVE-2019-8943 | high | — | 8.0 | — | WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two … | |
| CVE-2019-13704 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-13702 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-13699 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-8343 | high | — | 8.0 | — | In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c. | |
| CVE-2019-11461 | high | — | 8.0 | — | An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI … | |
| CVE-2019-25016 | high | — | 8.0 | — | In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed t… | |
| CVE-2019-13697 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2019-14868 | high | — | 8.0 | — | In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell comman… | |
| CVE-2019-1000020 | high | — | 8.0 | — | libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660… | |
| CVE-2019-18222 | high | — | 8.0 | — | The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to reco… | |
| CVE-2019-11743 | high | — | 8.0 | — | Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to … | |
| CVE-2019-19450 | high | — | 8.0 | 3y ago | Important: python-reportlab security update | |
| CVE-2019-18466 | high | — | 8.0 | 4y ago | Important: container-tools:rhel8 security and bug fix update | |
| CVE-2019-9514 | high | — | 8.0 | 4y ago | Important: nodejs:10 security update | |
| CVE-2019-9512 | high | — | 8.0 | 4y ago | Important: container-tools:rhel8 security and bug fix update | |
| CVE-2019-10354 | high | — | 8.0 | 4y ago | Missing Authorization in Jenkins | |
| CVE-2019-10352 | high | — | 8.0 | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |
| CVE-2019-10353 | high | — | 8.0 | 4y ago | Cross-Site Request Forgery in Jenkins | |
| CVE-2019-16276 | high | — | 8.0 | 4y ago | Request smuggling due to accepting invalid headers in net/http via net/textproto | |
| CVE-2019-2435 | high | — | 8.0 | 4y ago | Improper Access Control in MySQL Connector Python | |
| CVE-2019-5885 | high | — | 8.0 | 4y ago | Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers … | |
| CVE-2019-16884 | high | — | 8.0 | 4y ago | Important: container-tools:rhel8 security and bug fix update | |
| CVE-2019-10214 | high | — | 8.0 | 4y ago | Important: container-tools:rhel8 security, bug fix, and enhancement update | |
| CVE-2019-19523 | high | — | 8.0 | 5y ago | Important: kernel security, bug fix, and enhancement update | |
| CVE-2019-19528 | high | — | 8.0 | 5y ago | Important: kernel security, bug fix, and enhancement update | |
| CVE-2019-18811 | high | — | 8.0 | 5y ago | Important: kernel security, bug fix, and enhancement update | |
| CVE-2019-2938 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2019-2974 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2019-15890 | high | — | 8.0 | 6y ago | Important: container-tools:rhel8 security, bug fix, and enhancement update | |
| CVE-2019-3004 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2019-3011 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2019-2967 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2019-2993 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2019-2911 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2019-2914 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2019-3009 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2019-2968 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update | |
| CVE-2019-2982 | high | — | 8.0 | 6y ago | Important: mysql:8.0 security update |