VIR Vulnerability Intelligence Relay

CVEs from 2019

3,413 normalized CVEs published or assigned in this year.

Total
3,413
critical
critical 232
high
high 332
medium
medium 301
low
low 72
% Critical
6.8%
% with KEV
3.5%
% with exploit
3.5%

Top vendors

Top products

  • u-boot 20
  • nsauditor 1
  • crypto 1

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2019-18809 medium 5.5 6y ago A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka C… susedebian
CVE-2019-18808 medium 5.5 6y ago A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429… susedebian
CVE-2019-20054 medium 5.5 6y ago In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. susedebianalmalinux
CVE-2019-9458 medium 5.5 6y ago In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User inte… susedebianalmalinux
CVE-2019-9455 medium 5.5 6y ago In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User inte… susedebianalmalinux
CVE-2019-19056 medium 5.5 6y ago A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory c… susedebian
CVE-2019-20636 medium 5.5 6y ago In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. susedebianalmalinux
CVE-2019-19770 medium 5.5 6y ago In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created … susedebianalmalinux
CVE-2019-16231 medium 5.5 6y ago drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. susedebian
CVE-2019-16233 medium 5.5 6y ago drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. susedebian
CVE-2019-19332 medium 5.5 6y ago An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get … susedebian
CVE-2019-19767 medium 5.5 6y ago The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext… susedebianalmalinux
CVE-2019-19543 medium 5.5 6y ago In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c. susedebianalmalinux
CVE-2019-19537 medium 5.5 6y ago In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/… susedebianalmalinux
CVE-2019-19447 medium 5.5 6y ago In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orp… susedebian
CVE-2019-19524 medium 5.5 6y ago In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. susedebian
CVE-2019-12614 medium 5.5 6y ago An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attac… susedebian
CVE-2019-19533 medium 5.5 6y ago In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. susedebian
CVE-2019-19602 medium 5.5 6y ago fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or … susedebianalmalinux
CVE-2019-19063 medium 5.5 6y ago Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), ak… susedebian
CVE-2019-19062 medium 5.5 6y ago A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_r… susedebian
CVE-2019-19072 medium 5.5 6y ago A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96… susedebian
CVE-2019-15917 medium 5.5 6y ago An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. susedebian
CVE-2019-19068 medium 5.5 6y ago A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memo… susedebian
CVE-2019-19319 medium 5.5 6y ago In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/x… susedebian
CVE-2019-11041 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-11048 medium 5.5 6y ago Moderate: php:7.3 security, bug fix, and enhancement update rockylinuxdebian
CVE-2019-11040 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-11042 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-11050 medium 5.5 6y ago Moderate: php:7.3 security, bug fix, and enhancement update suserockylinux
CVE-2019-11045 medium 5.5 6y ago Moderate: php:7.3 security, bug fix, and enhancement update suserockylinux
CVE-2019-11039 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-19246 medium 5.5 6y ago Moderate: php:7.3 security, bug fix, and enhancement update susedebianrockylinux
CVE-2019-11047 medium 5.5 6y ago Moderate: php:7.3 security, bug fix, and enhancement update suserockylinux
CVE-2019-14857 medium 5.5 6y ago Moderate: mod_auth_openidc:2.3 security and bug fix update susedebianrockylinux
CVE-2019-20479 medium 5.5 6y ago Moderate: mod_auth_openidc:2.3 security and bug fix update susedebianrockylinux
CVE-2019-14822 medium 5.5 6y ago Moderate: ibus and glib2 security and bug fix update susedebian
CVE-2019-13636 medium 5.5 6y ago Moderate: patch security and bug fix update suserockylinuxdebian
CVE-2019-12447 medium 5.5 6y ago Moderate: GNOME security, bug fix, and enhancement update archdebianrockylinux
CVE-2019-12448 medium 5.5 6y ago Moderate: GNOME security, bug fix, and enhancement update archdebianrockylinux
CVE-2019-12449 medium 5.5 6y ago Moderate: GNOME security, bug fix, and enhancement update archdebianrockylinux
CVE-2019-3825 medium 5.5 6y ago Moderate: GNOME security, bug fix, and enhancement update archsusedebianrockylinux
CVE-2019-9639 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-9640 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-9023 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-9638 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-11034 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-9637 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-11035 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-11036 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-9024 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-9021 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-9020 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-9022 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2019-16935 medium 5.5 6y ago Moderate: python27:2.7 security, bug fix, and enhancement update susedebianrockylinux
CVE-2019-16056 medium 5.5 6y ago Moderate: python27:2.7 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-13112 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2019-20421 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2019-9143 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2019-13113 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2019-13111 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2019-13109 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2019-18874 medium 5.5 6y ago Moderate: python-psutil security update suserockylinuxdebianpython
CVE-2019-20330 medium 5.5 6y ago Deserialization of Untrusted Data in jackson-databind susedebianrockylinuxjava
CVE-2019-11135 medium 5.5 6y ago TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. archsusedebianrockylinux
CVE-2019-17531 medium 5.5 7y ago jackson-databind polymorphic typing issue debianrockylinuxjava
CVE-2019-16943 medium 5.5 7y ago jackson-databind polymorphic typing issue susedebianrockylinuxjava
CVE-2019-6706 medium 5.5 7y ago Moderate: lua security and bug fix update suserockylinuxdebian
CVE-2019-13345 medium 5.5 7y ago Moderate: squid:4 security and bug fix update suserockylinuxdebian
CVE-2019-9948 medium 5.5 7y ago Moderate: python27:2.7 security and bug fix update suserockylinuxdebian
CVE-2019-9947 medium 5.5 7y ago Moderate: python27:2.7 security and bug fix update suserockylinuxdebian
CVE-2019-9740 medium 5.5 7y ago Moderate: python27:2.7 security and bug fix update suserockylinuxdebian
CVE-2019-16942 medium 5.5 7y ago Polymorphic Typing in FasterXML jackson-databind debianrockylinuxjava
CVE-2019-16335 medium 5.5 7y ago Polymorphic Typing issue in FasterXML jackson-databind debianrockylinuxjava
CVE-2019-14540 medium 5.5 7y ago Polymorphic Typing issue in FasterXML jackson-databind susedebianrockylinuxjava
CVE-2019-6978 medium 5.5 7y ago Moderate: gd security update archsusedebianrockylinux
CVE-2019-10747 medium 5.5 7y ago Moderate: nodejs:12 security update rockylinuxdebiannpm
CVE-2019-10746 medium 5.5 7y ago Moderate: nodejs:12 security update rockylinuxdebiannpm
CVE-2019-14234 medium 5.5 7y ago An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.… archsusedebianpython
CVE-2019-2737 medium 5.5 7y ago Moderate: mariadb:10.3 security and bug fix update rockylinuxalmalinux
CVE-2019-2805 medium 5.5 7y ago Moderate: mariadb:10.3 security and bug fix update suserockylinuxalmalinux
CVE-2019-2614 medium 5.5 7y ago Moderate: mariadb:10.3 security and bug fix update suserockylinuxalmalinux
CVE-2019-2628 medium 5.5 7y ago Moderate: mariadb:10.3 security and bug fix update suserockylinuxalmalinux
CVE-2019-2758 medium 5.5 7y ago Moderate: mariadb:10.3 security and bug fix update suserockylinuxalmalinux
CVE-2019-2537 medium 5.5 7y ago Moderate: mariadb:10.3 security and bug fix update suserockylinuxalmalinux
CVE-2019-2739 medium 5.5 7y ago Moderate: mariadb:10.3 security and bug fix update rockylinuxalmalinux
CVE-2019-2740 medium 5.5 7y ago Moderate: mariadb:10.3 security and bug fix update rockylinuxalmalinux
CVE-2019-2627 medium 5.5 7y ago Moderate: mariadb:10.3 security and bug fix update suserockylinuxalmalinux
CVE-2019-14233 medium 5.5 7y ago An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremel… archsusedebianpython
CVE-2019-14235 medium 5.5 7y ago An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage… archsusedebianpython
CVE-2019-14232 medium 5.5 7y ago An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, … archsusedebianpython
CVE-2019-13114 medium 5.5 7y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux+1
CVE-2019-12308 medium 5.5 7y ago An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without… archsusedebianpython
CVE-2019-11324 medium 5.5 7y ago Moderate: python27:2.7 security, bug fix, and enhancement update suserockylinuxdebianpython
CVE-2019-11358 medium 5.5 7y ago XSS in jQuery as used in Drupal, Backdrop CMS, and other products archrockylinuxdebianruby+5
CVE-2019-7164 medium 5.5 7y ago Moderate: python36:3.6 security update suserockylinuxdebianpython
CVE-2019-7548 medium 5.5 7y ago Moderate: python36:3.6 security update almalinuxsuserockylinuxdebian+1
CVE-2019-8331 medium 5.5 7y ago Bootstrap Vulnerable to Cross-Site Scripting rockylinuxdebianrubynuget+3
CVE-2019-6975 medium 5.5 7y ago Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() func… archsusedebianpython
CVE-2019-3498 medium 5.5 8y ago In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defa… archsusedebianpython