CVEs from 2019
Total
4,212
critical
critical 232
high
high 331
medium
medium 302
low
low 72
% Critical
5.5%
% with KEV
2.8%
% with exploit
2.9%
Top products
- u-boot 20
- nsauditor 1
- crypto 1
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2019-11729 | critical | — | 9.5 | — | Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8… | |
| CVE-2019-17012 | critical | — | 9.5 | — | Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |
| CVE-2019-11697 | critical | — | 9.5 | — | If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for us… | |
| CVE-2019-11699 | critical | — | 9.5 | — | A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded… | |
| CVE-2019-11721 | critical | — | 9.5 | — | The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confus… | |
| CVE-2019-11716 | critical | — | 9.5 | — | Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depen… | |
| CVE-2019-11718 | critical | — | 9.5 | — | Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access … | |
| CVE-2019-11720 | critical | — | 9.5 | — | Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-si… | |
| CVE-2019-11723 | critical | — | 9.5 | — | A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies in private browsing mode or across dif… | |
| CVE-2019-11725 | critical | — | 9.5 | — | When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not… | |
| CVE-2019-5805 | critical | — | 9.5 | — | Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |
| CVE-2019-5808 | critical | — | 9.5 | — | Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-9806 | critical | — | 9.5 | — | A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) a… | |
| CVE-2019-5810 | critical | — | 9.5 | — | Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |
| CVE-2019-5811 | critical | — | 9.5 | — | Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | |
| CVE-2019-17001 | critical | — | 9.5 | — | A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-… | |
| CVE-2019-9808 | critical | — | 9.5 | — | If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the… | |
| CVE-2019-11765 | critical | — | 9.5 | — | A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process… | |
| CVE-2019-11757 | critical | — | 9.5 | — | When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitabl… | |
| CVE-2019-11764 | critical | — | 9.5 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enoug… | |
| CVE-2019-17002 | critical | — | 9.5 | — | If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox < … | |
| CVE-2019-5829 | critical | — | 9.5 | — | Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |
| CVE-2019-5828 | critical | — | 9.5 | — | Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |
| CVE-2019-17013 | critical | — | 9.5 | — | Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2019-5822 | critical | — | 9.5 | — | Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | |
| CVE-2019-5781 | critical | — | 9.5 | — | Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | |
| CVE-2019-17014 | critical | — | 9.5 | — | If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. This vulnerability affects… | |
| CVE-2019-17020 | critical | — | 9.5 | — | If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL … | |
| CVE-2019-17025 | critical | — | 9.5 | — | Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2019-18197 | critical | — | 9.5 | 4y ago | Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability | |
| CVE-2019-5815 | critical | — | 9.5 | 4y ago | Nokogiri implementation of libxslt vulnerable to heap corruption | |
| CVE-2019-14197 | critical | 9.1 | 9.1 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply. | |
| CVE-2019-8506 | low | — | 4.0 | 4y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-7317 | low | — | 2.5 | — | png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | |
| CVE-2019-5882 | low | — | 2.5 | — | Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer. | |
| CVE-2019-7310 | low | — | 2.5 | — | In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash… | |
| CVE-2019-1543 | low | — | 2.5 | — | ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a vari… | |
| CVE-2019-7653 | low | — | 2.5 | — | The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in th… | |
| CVE-2019-16167 | low | — | 2.5 | — | sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. | |
| CVE-2019-20838 | low | — | 2.5 | 5y ago | Low: pcre security update | |
| CVE-2019-17402 | low | — | 2.5 | 5y ago | Low: exiv2 security, bug fix, and enhancement update | |
| CVE-2019-2708 | low | — | 2.5 | 5y ago | Low: libdb security update | |
| CVE-2019-14494 | low | — | 2.5 | 6y ago | Low: poppler security update | |
| CVE-2019-15165 | low | — | 2.5 | 6y ago | Low: libpcap security, bug fix, and enhancement update | |
| CVE-2019-1010305 | low | — | 2.5 | 6y ago | Low: libmspack security and bug fix update | |
| CVE-2019-13045 | low | — | 2.5 | 6y ago | Low: irssi security update | |
| CVE-2019-1010319 | low | — | 2.5 | 6y ago | Low: wavpack security update | |
| CVE-2019-1010317 | low | — | 2.5 | 6y ago | Low: wavpack security update | |
| CVE-2019-11498 | low | — | 2.5 | 6y ago | Low: wavpack security update | |
| CVE-2019-1010315 | low | — | 2.5 | 6y ago | Low: wavpack security update | |
| CVE-2019-19118 | low | — | 2.5 | 7y ago | Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but ed… | |
| CVE-2019-6251 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8558 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8524 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8735 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8611 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8673 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8609 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8584 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8595 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8607 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8672 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8677 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8690 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8768 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8518 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8726 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8523 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8551 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8587 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8594 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8544 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8679 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8586 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8596 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8597 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8601 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-11070 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8608 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8535 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8563 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8536 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8622 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8619 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8615 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-11459 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-6237 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8681 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8623 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8689 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8571 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8610 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8671 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-12795 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-3820 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8687 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8583 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8666 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8676 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8559 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update |