VIR Vulnerability Intelligence Relay

CVEs from 2019

4,187 normalized CVEs published or assigned in this year.

Total
4,187
critical
critical 232
high
high 332
medium
medium 301
low
low 72
% Critical
5.5%
% with KEV
2.8%
% with exploit
2.9%

Top vendors

Top products

  • u-boot 20
  • nsauditor 1
  • crypto 1

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2019-19880 critical 9.5 multiple issues in chromium archdebian
CVE-2019-11712 critical 9.5 POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) a… archdebian
CVE-2019-17000 critical 9.5 An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URI… archdebian
CVE-2019-11728 critical 9.5 The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects F… archdebian
CVE-2019-18511 critical 9.5 multiple issues in thunderbird arch
CVE-2019-0215 critical 9.5 multiple issues in apache debianarch
CVE-2019-9799 critical 9.5 Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. This vuln… archdebian
CVE-2019-9805 critical 9.5 A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. This vulnerability affects Firefox < 66. archdebian
CVE-2019-7733 critical 9.5 multiple issues in live-media arch
CVE-2019-13734 critical 9.5 Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2019-13745 critical 9.5 Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2019-5439 critical 9.5 arbitrary code execution in vlc archdebian
CVE-2019-12874 critical 9.5 arbitrary code execution in vlc archdebian
CVE-2019-0220 critical 9.5 multiple issues in apache debianarchsuse
CVE-2019-5756 critical 9.5 multiple issues in chromium archdebian
CVE-2019-13736 critical 9.5 Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. archdebian
CVE-2019-13740 critical 9.5 Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. archdebian
CVE-2019-3829 critical 9.5 A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifi… archsusedebian
CVE-2019-17010 critical 9.5 Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash.… archsusedebian
CVE-2019-9797 critical 9.5 Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a can… archsusedebian
CVE-2019-17008 critical 9.5 When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3,… archsusedebian
CVE-2019-13738 critical 9.5 Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page. archdebian
CVE-2019-13732 critical 9.5 Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2019-13749 critical 9.5 Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2019-13755 critical 9.5 Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page. archdebian
CVE-2019-13756 critical 9.5 Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. archdebian
CVE-2019-13726 critical 9.5 Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. archdebian
CVE-2019-13737 critical 9.5 Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML pag… archdebian
CVE-2019-13730 critical 9.5 Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2019-18197 critical 9.5 4y ago multiple issues in chromium archsusedebianruby
CVE-2019-5815 critical 9.5 4y ago multiple issues in chromium archdebianruby
CVE-2019-14197 critical 9.1 9.1 7y ago An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply. susedebian
CVE-2019-8506 low 4.0 4y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebian
CVE-2019-7310 low 2.5 In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash… archsusedebian
CVE-2019-1543 low 2.5 ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a vari… archsusedebian
CVE-2019-16167 low 2.5 sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. suserockylinuxdebian
CVE-2019-5882 low 2.5 Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer. archdebian
CVE-2019-7653 low 2.5 The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in th… archdebian
CVE-2019-7317 low 2.5 png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. archsusedebian
CVE-2019-20838 low 2.5 5y ago Low: pcre security update suserockylinuxdebian
CVE-2019-17402 low 2.5 5y ago Low: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2019-2708 low 2.5 5y ago Low: libdb security update suserockylinux
CVE-2019-14494 low 2.5 6y ago Low: poppler security update susedebian
CVE-2019-15165 low 2.5 6y ago Low: libpcap security, bug fix, and enhancement update susedebian
CVE-2019-1010305 low 2.5 6y ago Low: libmspack security and bug fix update susedebianrockylinux
CVE-2019-13045 low 2.5 6y ago Low: irssi security update archdebianrockylinux
CVE-2019-1010317 low 2.5 6y ago Low: wavpack security update rockylinuxdebian
CVE-2019-11498 low 2.5 6y ago Low: wavpack security update suserockylinuxdebian
CVE-2019-1010319 low 2.5 6y ago Low: wavpack security update suserockylinuxdebian
CVE-2019-1010315 low 2.5 6y ago Low: wavpack security update suserockylinuxdebian
CVE-2019-19118 low 2.5 7y ago Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but ed… archdebianpython
CVE-2019-11070 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-11459 low 2.5 7y ago The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to u… debiansuserockylinux
CVE-2019-8587 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8594 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8535 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8563 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8666 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8676 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8686 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-6237 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebian
CVE-2019-8679 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8687 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8689 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8524 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebian
CVE-2019-12795 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update archsusedebianrockylinux
CVE-2019-8673 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8558 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebian
CVE-2019-8571 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebian
CVE-2019-8583 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8586 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8596 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8597 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8601 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8672 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8607 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8677 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8690 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8768 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8518 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8551 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8726 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8523 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8681 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8544 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8559 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8671 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-3820 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update archsusedebianrockylinux
CVE-2019-6251 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update archrockylinuxdebian
CVE-2019-8536 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8595 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8584 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8609 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8611 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8735 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8623 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8608 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8610 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8615 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8619 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux