VIR Vulnerability Intelligence Relay

CVEs from 2019

4,187 normalized CVEs published or assigned in this year.

Total
4,187
critical
critical 232
high
high 332
medium
medium 301
low
low 72
% Critical
5.5%
% with KEV
2.8%
% with exploit
2.9%

Top vendors

Top products

  • u-boot 20
  • nsauditor 1
  • crypto 1

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2019-13707 high 8.0 multiple issues in chromium archdebian
CVE-2019-13703 high 8.0 multiple issues in chromium archdebian
CVE-2019-5796 high 8.0 multiple issues in chromium archdebian
CVE-2019-5794 high 8.0 multiple issues in chromium archdebian
CVE-2019-13716 high 8.0 multiple issues in chromium archdebian
CVE-2019-13715 high 8.0 multiple issues in chromium archdebian
CVE-2019-13713 high 8.0 multiple issues in chromium archdebian
CVE-2019-13710 high 8.0 multiple issues in chromium archdebian
CVE-2019-13704 high 8.0 multiple issues in chromium archdebian
CVE-2019-13697 high 8.0 multiple issues in chromium archdebian
CVE-2019-5862 high 8.0 multiple issues in chromium archdebian
CVE-2019-5858 high 8.0 multiple issues in chromium archdebian
CVE-2019-5857 high 8.0 multiple issues in chromium archdebian
CVE-2019-5861 high 8.0 multiple issues in chromium archdebian
CVE-2019-5859 high 8.0 multiple issues in chromium archdebian
CVE-2019-5854 high 8.0 multiple issues in chromium archdebian
CVE-2019-5852 high 8.0 multiple issues in chromium archdebian
CVE-2019-5851 high 8.0 multiple issues in chromium archdebian
CVE-2019-5795 high 8.0 multiple issues in chromium archdebian
CVE-2019-5860 high 8.0 multiple issues in chromium archdebian
CVE-2019-5798 high 8.0 multiple issues in chromium archdebian
CVE-2019-5850 high 8.0 multiple issues in chromium archdebian
CVE-2019-5800 high 8.0 multiple issues in chromium archdebian
CVE-2019-5793 high 8.0 multiple issues in chromium archdebian
CVE-2019-5802 high 8.0 multiple issues in chromium archdebian
CVE-2019-5799 high 8.0 multiple issues in chromium archdebian
CVE-2019-5789 high 8.0 multiple issues in chromium archdebian
CVE-2019-25016 high 8.0 In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed t… archdebian
CVE-2019-18222 high 8.0 The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to reco… archdebian
CVE-2019-8337 high 8.0 In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked. archdebian
CVE-2019-6956 high 8.0 An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c. archdebian
CVE-2019-8943 high 8.0 WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two … archdebian
CVE-2019-8376 high 8.0 An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay… archdebian
CVE-2019-8381 high 8.0 An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an… archdebian
CVE-2019-11703 high 8.0 A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnera… archsusedebian
CVE-2019-12749 high 8.0 dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofi… archsusedebian
CVE-2019-14813 high 8.0 A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A… archsusedebian
CVE-2019-8377 high 8.0 An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcprep… archdebian
CVE-2019-14318 high 8.0 Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing opera… archdebian
CVE-2019-5489 high 8.0 The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allow… archsusedebian
CVE-2019-13709 high 8.0 multiple issues in chromium archdebian
CVE-2019-13711 high 8.0 multiple issues in chromium archdebian
CVE-2019-13718 high 8.0 multiple issues in chromium archdebian
CVE-2019-5853 high 8.0 multiple issues in chromium archdebian
CVE-2019-9848 high 8.0 LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLo… archsusedebian
CVE-2019-1349 high 8.0 A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-201… archdebian
CVE-2019-1352 high 8.0 A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-201… archdebian
CVE-2019-1387 high 8.0 An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that… archdebian
CVE-2019-11461 high 8.0 An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI … archsusedebian
CVE-2019-14868 high 8.0 In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell comman… archsusedebian
CVE-2019-5788 high 8.0 multiple issues in chromium archdebian
CVE-2019-11742 high 8.0 A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied … archsusedebian
CVE-2019-15717 high 8.0 Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP. archdebian
CVE-2019-5856 high 8.0 multiple issues in chromium archdebian
CVE-2019-6116 high 8.0 In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. archsusedebian
CVE-2019-10182 high 8.0 It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application … archsusedebian
CVE-2019-10185 high 8.0 It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary… archsusedebian
CVE-2019-14869 high 8.0 A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restricti… archsusedebian
CVE-2019-14817 high 8.0 A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrict… archsusedebian
CVE-2019-19977 high 8.0 libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read. archsusedebian
CVE-2019-9278 high 8.0 In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges… archsusedebian
CVE-2019-11477 high 8.0 Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker c… archsusedebian
CVE-2019-2201 high 8.0 In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged proces… archsusedebian
CVE-2019-7524 high 8.0 In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing c… archsusedebian
CVE-2019-11750 high 8.0 A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. archsusedebian
CVE-2019-3835 high 8.0 It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have ac… archsusedebian
CVE-2019-11735 high 8.0 Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough … archsusedebian
CVE-2019-11748 high 8.0 WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in … archsusedebian
CVE-2019-5785 high 8.0 Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. archsusedebian
CVE-2019-5436 high 8.0 A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. archsusedebian
CVE-2019-9812 high 8.0 Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a maliciou… archsusedebian
CVE-2019-8904 high 8.0 do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. archsusedebian
CVE-2019-8905 high 8.0 do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. archsusedebian
CVE-2019-19450 high 8.0 3y ago Important: python-reportlab security update susedebianpython
CVE-2019-18466 high 8.0 4y ago Important: container-tools:rhel8 security and bug fix update susedebianrockylinuxgolang
CVE-2019-9512 high 8.0 4y ago Important: container-tools:rhel8 security and bug fix update archsusedebianrockylinux+1
CVE-2019-9514 high 8.0 4y ago Important: nodejs:10 security update archsusedebianrockylinux+1
CVE-2019-10352 high 8.0 4y ago Improper Limitation of a Pathname to a Restricted Directory in Jenkins archjava
CVE-2019-10353 high 8.0 4y ago Cross-Site Request Forgery in Jenkins archjava
CVE-2019-10354 high 8.0 4y ago Missing Authorization in Jenkins archjava
CVE-2019-16276 high 8.0 4y ago Request smuggling due to accepting invalid headers in net/http via net/textproto archsusegolang
CVE-2019-2435 high 8.0 4y ago Improper Access Control in MySQL Connector Python archsusedebianpython
CVE-2019-5885 high 8.0 4y ago Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers … archdebianpython
CVE-2019-16884 high 8.0 4y ago Important: container-tools:rhel8 security and bug fix update susedebianrockylinuxgolang
CVE-2019-10214 high 8.0 4y ago Important: container-tools:rhel8 security, bug fix, and enhancement update susedebianrockylinuxgolang
CVE-2019-18811 high 8.0 5y ago Important: kernel security, bug fix, and enhancement update susedebian
CVE-2019-19523 high 8.0 5y ago Important: kernel security, bug fix, and enhancement update susedebian
CVE-2019-19528 high 8.0 5y ago Important: kernel security, bug fix, and enhancement update susedebian
CVE-2019-2974 high 8.0 6y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2938 high 8.0 6y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-15890 high 8.0 6y ago Important: container-tools:rhel8 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-2967 high 8.0 6y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2914 high 8.0 6y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2998 high 8.0 6y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-3011 high 8.0 6y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-3018 high 8.0 6y ago Important: mysql:8.0 security update suserockylinuxalmalinux
CVE-2019-2997 high 8.0 6y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2960 high 8.0 6y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-2946 high 8.0 6y ago Important: mysql:8.0 security update suserockylinux
CVE-2019-3004 high 8.0 6y ago Important: mysql:8.0 security update suserockylinux