VIR Vulnerability Intelligence Relay

CVEs from 2019

3,419 normalized CVEs published or assigned in this year.

Total
3,419
critical
critical 232
high
high 336
medium
medium 309
low
low 71
% Critical
6.8%
% with KEV
3.5%
% with exploit
3.5%

Top vendors

Top products

  • u-boot 20
  • active_iq_unified_manager 7
  • jdk 5
  • weblogic_server 5
  • oncommand_workflow_automation 5
  • codeready_linux_builder_eus 4
  • oncommand_insight 4
  • libxslt 4

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2019-8331 medium 5.5 7y ago Bootstrap Vulnerable to Cross-Site Scripting rockylinuxdebianrubynuget+3
CVE-2019-6975 medium 5.5 7y ago Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() func… archsusedebianpython
CVE-2019-3498 medium 5.5 8y ago In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defa… archsusedebianpython
CVE-2019-3881 medium 5.5 8y ago Moderate: ruby:2.6 security, bug fix, and enhancement update suserockylinuxruby
CVE-2019-13118 medium 5.3 5.3 4y ago In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, … susedebianfedoraubuntu+3
CVE-2019-13117 medium 5.3 5.3 7y ago In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte o… susedebianubuntufedora+2
CVE-2019-7317 medium 5.3 5.3 7y ago png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. archsusedebianubuntu+4
CVE-2019-16230 medium 4.7 4.7 7y ago drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer stat… susedebianlinux
CVE-2019-15213 medium 4.6 4.6 7y ago An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver. susedebianlinux
CVE-2019-8506 low 4.0 4y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebian
CVE-2019-7653 low 2.5 The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in th… archdebian
CVE-2019-16167 low 2.5 sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. suserockylinuxdebian
CVE-2019-7310 low 2.5 In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash… archsusedebian
CVE-2019-1543 low 2.5 ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a vari… archsusedebian
CVE-2019-5882 low 2.5 Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer. archdebian
CVE-2019-20838 low 2.5 5y ago Low: pcre security update suserockylinuxdebian
CVE-2019-2215 unknown 2.5 5y ago A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require… debian
CVE-2019-17402 low 2.5 5y ago Low: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2019-2708 low 2.5 5y ago Low: libdb security update suserockylinux
CVE-2019-14494 low 2.5 6y ago Low: poppler security update susedebian
CVE-2019-15165 low 2.5 6y ago Low: libpcap security, bug fix, and enhancement update susedebian
CVE-2019-1010305 low 2.5 6y ago Low: libmspack security and bug fix update susedebianrockylinux
CVE-2019-13045 low 2.5 6y ago Low: irssi security update archdebianrockylinux
CVE-2019-11498 low 2.5 6y ago Low: wavpack security update suserockylinuxdebian
CVE-2019-1010319 low 2.5 6y ago Low: wavpack security update suserockylinuxdebian
CVE-2019-1010317 low 2.5 6y ago Low: wavpack security update rockylinuxdebian
CVE-2019-1010315 low 2.5 6y ago Low: wavpack security update suserockylinuxdebian
CVE-2019-19118 low 2.5 7y ago Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but ed… archdebianpython
CVE-2019-8601 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8676 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8735 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8523 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8609 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8611 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8584 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8563 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8551 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8673 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8690 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8679 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8595 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8687 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8689 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8768 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-12795 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update archsusedebianrockylinux
CVE-2019-8677 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8672 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8571 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebian
CVE-2019-11070 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8586 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8666 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8681 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8623 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8608 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8610 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8615 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8619 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8622 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8583 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8597 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8686 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8594 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8518 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8544 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8524 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebian
CVE-2019-8559 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-11459 low 2.5 7y ago The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to u… debiansuserockylinux
CVE-2019-6251 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update archrockylinuxdebian
CVE-2019-8596 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-3820 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update archsusedebianrockylinux
CVE-2019-8558 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebian
CVE-2019-8587 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebianalmalinux
CVE-2019-8671 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8536 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-8607 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-8726 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebianalmalinux
CVE-2019-6237 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update rockylinuxdebian
CVE-2019-8535 low 2.5 7y ago Low: GNOME security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-9824 low 2.5 7y ago Low: virt:rhel security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-12155 low 2.5 7y ago Low: virt:rhel security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-9755 low 2.5 7y ago Low: virt:rhel security, bug fix, and enhancement update suserockylinuxdebian
CVE-2019-1003030 unknown 1.5 4y ago Sandbox bypass in Jenkins Pipeline: Groovy Plugin java
CVE-2019-1003029 unknown 1.5 4y ago Sandbox bypass in Script Security Plugin java
CVE-2019-13272 unknown 1.5 5y ago In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obta… susedebian
CVE-2019-17558 unknown 1.5 6y ago Improper Input Validation in Apache Solr debianjava
CVE-2019-0193 unknown 1.5 7y ago XML External Entity (XXE) Injection in Apache Solr debianjava
CVE-2019-1999 unknown 1.0 In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privi… debian
CVE-2019-2025 unknown 1.0 In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges n… debian
CVE-2019-15090 unknown An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read. susedebian
CVE-2019-15215 unknown An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. susedebian
CVE-2019-15214 unknown An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is … susedebian
CVE-2019-15216 unknown An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. susedebian
CVE-2019-18282 unknown The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet rel… susedebian
CVE-2019-18675 unknown The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local… susedebian
CVE-2019-18660 unknown The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/… susedebian
CVE-2019-18680 unknown An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0. susedebian
CVE-2019-18683 unknown An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 ac… susedebian
CVE-2019-18786 unknown In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem. susedebian
CVE-2019-18806 unknown A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) b… debian
CVE-2019-18807 unknown Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory consumpt… susedebian