CVEs from 2019
Total
4,212
critical
critical 232
high
high 331
medium
medium 302
low
low 72
% Critical
5.5%
% with KEV
2.8%
% with exploit
2.8%
Top products
- u-boot 20
- nsauditor 1
- crypto 1
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2019-11707 | critical | — | 10.0 | 4y ago | Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash. | |
| CVE-2019-13720 | critical | — | 10.0 | 4y ago | Google Chrome WebAudio contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-11043 | critical | — | 10.0 | 4y ago | Critical: php:7.2 security update | |
| CVE-2019-16928 | critical | — | 10.0 | 4y ago | Exim contains an out-of-bounds write vulnerability which can allow for remote code execution. | |
| CVE-2019-10149 | critical | — | 10.0 | 4y ago | Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. | |
| CVE-2019-17026 | critical | — | 10.0 | 5y ago | Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements. | |
| CVE-2019-0211 | critical | — | 10.0 | 5y ago | Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute c… | |
| CVE-2019-14204 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply. | |
| CVE-2019-14203 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply. | |
| CVE-2019-14202 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply. | |
| CVE-2019-14201 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply. | |
| CVE-2019-14200 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply. | |
| CVE-2019-14199 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call. | |
| CVE-2019-14198 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case. | |
| CVE-2019-14196 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply. | |
| CVE-2019-14195 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length. | |
| CVE-2019-14194 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case. | |
| CVE-2019-14193 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length. | |
| CVE-2019-14192 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call. | |
| CVE-2019-6974 | critical | — | 9.5 | — | In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. | |
| CVE-2019-17000 | critical | — | 9.5 | — | An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URI… | |
| CVE-2019-0215 | critical | — | 9.5 | — | multiple issues in apache | |
| CVE-2019-5813 | critical | — | 9.5 | — | Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-9799 | critical | — | 9.5 | — | Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. This vuln… | |
| CVE-2019-13725 | critical | — | 9.5 | — | Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | |
| CVE-2019-11728 | critical | — | 9.5 | — | The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects F… | |
| CVE-2019-3860 | critical | — | 9.5 | — | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial … | |
| CVE-2019-11712 | critical | — | 9.5 | — | POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) a… | |
| CVE-2019-13748 | critical | — | 9.5 | — | Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML p… | |
| CVE-2019-13764 | critical | — | 9.5 | — | Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-5761 | critical | — | 9.5 | — | Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-11713 | critical | — | 9.5 | — | A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.… | |
| CVE-2019-9805 | critical | — | 9.5 | — | A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. This vulnerability affects Firefox < 66. | |
| CVE-2019-13734 | critical | — | 9.5 | — | Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-9795 | critical | — | 9.5 | — | A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affe… | |
| CVE-2019-9791 | critical | — | 9.5 | — | The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the con… | |
| CVE-2019-9820 | critical | — | 9.5 | — | A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.… | |
| CVE-2019-11762 | critical | — | 9.5 | — | If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulner… | |
| CVE-2019-19926 | critical | — | 9.5 | — | multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplet… | |
| CVE-2019-11760 | critical | — | 9.5 | — | A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderb… | |
| CVE-2019-15846 | critical | — | 9.5 | — | Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. | |
| CVE-2019-17012 | critical | — | 9.5 | — | Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |
| CVE-2019-13767 | critical | — | 9.5 | — | Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-17017 | critical | — | 9.5 | — | Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. Thi… | |
| CVE-2019-3813 | critical | — | 9.5 | — | Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-executi… | |
| CVE-2019-9792 | critical | — | 9.5 | — | The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory c… | |
| CVE-2019-13729 | critical | — | 9.5 | — | Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-11500 | critical | — | 9.5 | — | In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead … | |
| CVE-2019-17022 | critical | — | 9.5 | — | When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text … | |
| CVE-2019-9793 | critical | — | 9.5 | — | A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create… | |
| CVE-2019-9800 | critical | — | 9.5 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we pres… | |
| CVE-2019-9810 | critical | — | 9.5 | — | Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR… | |
| CVE-2019-9817 | critical | — | 9.5 | — | Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerabi… | |
| CVE-2019-13727 | critical | — | 9.5 | — | Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | |
| CVE-2019-13739 | critical | — | 9.5 | — | Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |
| CVE-2019-13728 | critical | — | 9.5 | — | Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-13735 | critical | — | 9.5 | — | Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |
| CVE-2019-11691 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially explo… | |
| CVE-2019-13741 | critical | — | 9.5 | — | Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content. | |
| CVE-2019-3855 | critical | — | 9.5 | — | An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server … | |
| CVE-2019-3856 | critical | — | 9.5 | — | An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH se… | |
| CVE-2019-3857 | critical | — | 9.5 | — | An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker… | |
| CVE-2019-17016 | critical | — | 9.5 | — | When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites re… | |
| CVE-2019-19880 | critical | — | 9.5 | — | exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. | |
| CVE-2019-18511 | critical | — | 9.5 | — | multiple issues in thunderbird | |
| CVE-2019-11719 | critical | — | 9.5 | — | When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to inf… | |
| CVE-2019-5806 | critical | — | 9.5 | — | Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-11727 | critical | — | 9.5 | — | A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in Certificat… | |
| CVE-2019-17008 | critical | — | 9.5 | — | When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3,… | |
| CVE-2019-5777 | critical | — | 9.5 | — | Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | |
| CVE-2019-8942 | critical | — | 9.5 | — | WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php su… | |
| CVE-2019-5773 | critical | — | 9.5 | — | Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML p… | |
| CVE-2019-13759 | critical | — | 9.5 | — | Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |
| CVE-2019-19923 | critical | — | 9.5 | — | flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or inc… | |
| CVE-2019-19925 | critical | — | 9.5 | — | zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. | |
| CVE-2019-9796 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is lat… | |
| CVE-2019-5818 | critical | — | 9.5 | — | Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. | |
| CVE-2019-13757 | critical | — | 9.5 | — | Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |
| CVE-2019-5809 | critical | — | 9.5 | — | Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. | |
| CVE-2019-13761 | critical | — | 9.5 | — | Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |
| CVE-2019-5837 | critical | — | 9.5 | — | Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2019-11759 | critical | — | 9.5 | — | An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a c… | |
| CVE-2019-5839 | critical | — | 9.5 | — | Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL. | |
| CVE-2019-13763 | critical | — | 9.5 | — | Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. | |
| CVE-2019-5840 | critical | — | 9.5 | — | Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |
| CVE-2019-17009 | critical | — | 9.5 | — | When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the up… | |
| CVE-2019-13917 | critical | — | 9.5 | — | Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $lo… | |
| CVE-2019-11692 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunde… | |
| CVE-2019-3829 | critical | — | 9.5 | — | A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifi… | |
| CVE-2019-17024 | critical | — | 9.5 | — | Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |
| CVE-2019-3836 | critical | — | 9.5 | — | It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. | |
| CVE-2019-13742 | critical | — | 9.5 | — | Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | |
| CVE-2019-11761 | critical | — | 9.5 | — | By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it … | |
| CVE-2019-7221 | critical | — | 9.5 | — | The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. | |
| CVE-2019-17666 | critical | — | 9.5 | — | rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. | |
| CVE-2019-17010 | critical | — | 9.5 | — | Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash.… | |
| CVE-2019-17011 | critical | — | 9.5 | — | Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulner… | |
| CVE-2019-11715 | critical | — | 9.5 | — | Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability aff… | |
| CVE-2019-11729 | critical | — | 9.5 | — | Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8… | |
| CVE-2019-11717 | critical | — | 9.5 | — | A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vuln… |