VIR Vulnerability Intelligence Relay

CVEs from 2019

4,015 normalized CVEs published or assigned in this year.

Total
4,015
critical
critical 232
high
high 332
medium
medium 301
low
low 72
% Critical
5.8%
% with KEV
2.9%
% with exploit
3.0%

Top vendors

Top products

  • u-boot 20
  • nsauditor 1
  • crypto 1

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2019-8912 critical 9.5 In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. archsusedebian
CVE-2019-9790 critical 9.5 A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially e… archsusedebian
CVE-2019-9788 critical 9.5 Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we pres… archsusedebian
CVE-2019-11696 critical 9.5 Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local sys… archsusedebian
CVE-2019-11695 critical 9.5 A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be … archsusedebian
CVE-2019-7222 critical 9.5 The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. archsusedebian
CVE-2019-9811 critical 9.5 As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This v… archsusedebian
CVE-2019-11701 critical 9.5 The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed. *Note: this is… archsusedebian
CVE-2019-11710 critical 9.5 Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of… archsusedebian
CVE-2019-17005 critical 9.5 The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a poten… archsusedebian
CVE-2019-3836 critical 9.5 It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. archsusedebian
CVE-2019-9817 critical 9.5 Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerabi… archsusedebian
CVE-2019-3855 critical 9.5 An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server … archsusedebian
CVE-2019-3856 critical 9.5 An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH se… archsusedebian
CVE-2019-11717 critical 9.5 A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vuln… archsusedebian
CVE-2019-17666 critical 9.5 rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. archsusedebian
CVE-2019-11745 critical 9.5 When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and… archsusedebian
CVE-2019-17009 critical 9.5 When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the up… archsusedebian
CVE-2019-3813 critical 9.5 Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-executi… archsusedebian
CVE-2019-3860 critical 9.5 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial … archsusedebian
CVE-2019-6974 critical 9.5 In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. archsusedebian
CVE-2019-9816 critical 9.5 A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vu… archsusedebian
CVE-2019-11693 critical 9.5 The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploita… archsusedebian
CVE-2019-11500 critical 9.5 In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead … archsusedebian
CVE-2019-9810 critical 9.5 Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR… archsusedebian
CVE-2019-3859 critical 9.5 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to … archsusedebian
CVE-2019-3861 critical 9.5 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH… archsusedebian
CVE-2019-11719 critical 9.5 When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to inf… archsusedebian
CVE-2019-9791 critical 9.5 The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the con… archsusedebian
CVE-2019-18197 critical 9.5 4y ago multiple issues in chromium archsusedebianruby
CVE-2019-5815 critical 9.5 4y ago multiple issues in chromium archdebianruby
CVE-2019-14197 critical 9.1 9.1 7y ago An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply. susedebian
CVE-2019-8506 low 4.0 4y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebian
CVE-2019-7310 low 2.5 In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash… archsusedebian
CVE-2019-7653 low 2.5 The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in th… archdebian
CVE-2019-5882 low 2.5 Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer. archdebian
CVE-2019-1543 low 2.5 ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a vari… archsusedebian
CVE-2019-7317 low 2.5 png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. archsusedebian
CVE-2019-16167 low 2.5 sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. suserockylinuxdebian
CVE-2019-20838 low 2.5 5y ago Low: pcre security update suserockylinuxdebian
CVE-2019-17402 low 2.5 5y ago Low: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2019-2708 low 2.5 5y ago Low: libdb security update suserockylinux
CVE-2019-14494 low 2.5 6y ago Low: poppler security update susedebian
CVE-2019-15165 low 2.5 6y ago Low: libpcap security, bug fix, and enhancement update susedebian
CVE-2019-1010305 low 2.5 6y ago Low: libmspack security and bug fix update susedebianrockylinux
CVE-2019-13045 low 2.5 6y ago Low: irssi security update archdebianrockylinux
CVE-2019-1010315 low 2.5 6y ago Low: wavpack security update suserockylinuxdebian
CVE-2019-1010317 low 2.5 6y ago Low: wavpack security update rockylinuxdebian
CVE-2019-11498 low 2.5 6y ago Low: wavpack security update suserockylinuxdebian
CVE-2019-1010319 low 2.5 6y ago Low: wavpack security update suserockylinuxdebian
CVE-2019-19118 low 2.5 7y ago Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but ed… archdebianpython
CVE-2019-11070 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8536 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8735 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-6237 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebian
CVE-2019-8686 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8676 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8666 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8563 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8535 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8689 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-6251 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update archrockylinuxdebian
CVE-2019-8524 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebian
CVE-2019-12795 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update archsusedebianrockylinux
CVE-2019-3820 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update archsusedebianrockylinux
CVE-2019-8673 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8672 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8558 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebian
CVE-2019-8677 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8571 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebian
CVE-2019-8583 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8586 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8596 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8597 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8601 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8671 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8607 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8690 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8768 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8551 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8544 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8518 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8726 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8523 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8681 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8559 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-11459 low 2.5 7y ago The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to u… debiansuserockylinux
CVE-2019-8594 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8587 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8595 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8584 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8609 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8611 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8623 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8608 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8610 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8615 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8619 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8622 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8679 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux