CVEs from 2019
Total
3,413
critical
critical 232
high
high 332
medium
medium 301
low
low 72
% Critical
6.8%
% with KEV
3.5%
% with exploit
3.5%
Top products
- u-boot 20
- nsauditor 1
- crypto 1
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2019-3881 | medium | — | 5.5 | 8y ago | Moderate: ruby:2.6 security, bug fix, and enhancement update | |
| CVE-2019-8506 | low | — | 4.0 | 4y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-16167 | low | — | 2.5 | — | sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. | |
| CVE-2019-5882 | low | — | 2.5 | — | Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer. | |
| CVE-2019-7310 | low | — | 2.5 | — | In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash… | |
| CVE-2019-7653 | low | — | 2.5 | — | The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in th… | |
| CVE-2019-7317 | low | — | 2.5 | — | png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | |
| CVE-2019-1543 | low | — | 2.5 | — | ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a vari… | |
| CVE-2019-20838 | low | — | 2.5 | 5y ago | Low: pcre security update | |
| CVE-2019-2215 | unknown | — | 2.5 | 5y ago | A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require… | |
| CVE-2019-17402 | low | — | 2.5 | 5y ago | Low: exiv2 security, bug fix, and enhancement update | |
| CVE-2019-2708 | low | — | 2.5 | 5y ago | Low: libdb security update | |
| CVE-2019-14494 | low | — | 2.5 | 6y ago | Low: poppler security update | |
| CVE-2019-15165 | low | — | 2.5 | 6y ago | Low: libpcap security, bug fix, and enhancement update | |
| CVE-2019-1010305 | low | — | 2.5 | 6y ago | Low: libmspack security and bug fix update | |
| CVE-2019-13045 | low | — | 2.5 | 6y ago | Low: irssi security update | |
| CVE-2019-1010315 | low | — | 2.5 | 6y ago | Low: wavpack security update | |
| CVE-2019-1010319 | low | — | 2.5 | 6y ago | Low: wavpack security update | |
| CVE-2019-11498 | low | — | 2.5 | 6y ago | Low: wavpack security update | |
| CVE-2019-1010317 | low | — | 2.5 | 6y ago | Low: wavpack security update | |
| CVE-2019-19118 | low | — | 2.5 | 7y ago | Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but ed… | |
| CVE-2019-12795 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-3820 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-11070 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8524 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8536 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8735 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8563 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8523 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8535 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8597 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8671 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8686 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8558 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8619 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8622 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8679 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8608 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8611 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8623 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8587 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8559 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8690 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8768 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8607 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8584 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8615 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8610 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8544 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8673 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8596 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8677 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8672 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8594 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8666 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8676 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8601 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8609 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8586 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8583 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8681 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8518 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8726 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8689 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8687 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-11459 | low | — | 2.5 | 7y ago | The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to u… | |
| CVE-2019-8595 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-6251 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-6237 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8571 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-8551 | low | — | 2.5 | 7y ago | Low: GNOME security, bug fix, and enhancement update | |
| CVE-2019-9824 | low | — | 2.5 | 7y ago | Low: virt:rhel security, bug fix, and enhancement update | |
| CVE-2019-12155 | low | — | 2.5 | 7y ago | Low: virt:rhel security, bug fix, and enhancement update | |
| CVE-2019-9755 | low | — | 2.5 | 7y ago | Low: virt:rhel security, bug fix, and enhancement update | |
| CVE-2019-1003030 | unknown | — | 1.5 | 4y ago | Sandbox bypass in Jenkins Pipeline: Groovy Plugin | |
| CVE-2019-1003029 | unknown | — | 1.5 | 4y ago | Sandbox bypass in Script Security Plugin | |
| CVE-2019-13272 | unknown | — | 1.5 | 5y ago | In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obta… | |
| CVE-2019-17558 | unknown | — | 1.5 | 6y ago | Improper Input Validation in Apache Solr | |
| CVE-2019-0193 | unknown | — | 1.5 | 7y ago | XML External Entity (XXE) Injection in Apache Solr | |
| CVE-2019-2025 | unknown | — | 1.0 | — | In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges n… | |
| CVE-2019-1999 | unknown | — | 1.0 | — | In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privi… | |
| CVE-2019-0148 | unknown | — | — | — | Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. | |
| CVE-2019-20812 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a cer… | |
| CVE-2019-20811 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c. | |
| CVE-2019-20810 | unknown | — | — | — | go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586. | |
| CVE-2019-20806 | unknown | — | — | — | An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka… | |
| CVE-2019-20794 | unknown | — | — | — | An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction… | |
| CVE-2019-2054 | unknown | — | — | — | In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead to local escalation of privilege wi… | |
| CVE-2019-20422 | unknown | — | — | — | In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified… | |
| CVE-2019-20908 | unknown | — | — | — | An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or s… | |
| CVE-2019-2024 | unknown | — | — | — | In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible use after free issue. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction i… | |
| CVE-2019-20096 | unknown | — | — | — | In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. | |
| CVE-2019-20095 | unknown | — | — | — | mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This… | |
| CVE-2019-19966 | unknown | — | — | — | In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655. | |
| CVE-2019-19947 | unknown | — | — | — | In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. | |
| CVE-2019-19927 | unknown | — | — | — | In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read ac… | |
| CVE-2019-19965 | unknown | — | — | — | In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race … | |
| CVE-2019-19922 | unknown | — | — | — | kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by genera… | |
| CVE-2019-19816 | unknown | — | — | — | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a va… | |
| CVE-2019-14898 | unknown | — | — | — | The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have ot… |